google-api-ruby-client/generated/google-apis-gkehub_v1beta/lib/google/apis/gkehub_v1beta/classes.rb

2456 lines
102 KiB
Ruby
Raw Normal View History

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'date'
require 'google/apis/core/base_service'
require 'google/apis/core/json_representation'
require 'google/apis/core/hashable'
require 'google/apis/errors'
module Google
module Apis
module GkehubV1beta
# **Anthos Observability**: Spec
class AnthosObservabilityFeatureSpec
include Google::Apis::Core::Hashable
# **Anthosobservability**: Per-Membership Feature spec.
# Corresponds to the JSON property `defaultMembershipSpec`
# @return [Google::Apis::GkehubV1beta::AnthosObservabilityMembershipSpec]
attr_accessor :default_membership_spec
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@default_membership_spec = args[:default_membership_spec] if args.key?(:default_membership_spec)
end
end
# **Anthosobservability**: Per-Membership Feature spec.
class AnthosObservabilityMembershipSpec
include Google::Apis::Core::Hashable
# use full of metrics rather than optimized metrics. See https://cloud.google.
# com/anthos/clusters/docs/on-prem/1.8/concepts/logging-and-monitoring#
# optimized_metrics_default_metrics
# Corresponds to the JSON property `doNotOptimizeMetrics`
# @return [Boolean]
attr_accessor :do_not_optimize_metrics
alias_method :do_not_optimize_metrics?, :do_not_optimize_metrics
# enable collecting and reporting metrics and logs from user apps See go/onyx-
# application-metrics-logs-user-guide
# Corresponds to the JSON property `enableStackdriverOnApplications`
# @return [Boolean]
attr_accessor :enable_stackdriver_on_applications
alias_method :enable_stackdriver_on_applications?, :enable_stackdriver_on_applications
# the version of stackdriver operator used by this feature
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@do_not_optimize_metrics = args[:do_not_optimize_metrics] if args.key?(:do_not_optimize_metrics)
@enable_stackdriver_on_applications = args[:enable_stackdriver_on_applications] if args.key?(:enable_stackdriver_on_applications)
@version = args[:version] if args.key?(:version)
end
end
# Spec for App Dev Experience Feature.
class AppDevExperienceFeatureSpec
include Google::Apis::Core::Hashable
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
end
end
# State for App Dev Exp Feature.
class AppDevExperienceFeatureState
include Google::Apis::Core::Hashable
# Status specifies state for the subcomponent.
# Corresponds to the JSON property `networkingInstallSucceeded`
# @return [Google::Apis::GkehubV1beta::Status]
attr_accessor :networking_install_succeeded
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@networking_install_succeeded = args[:networking_install_succeeded] if args.key?(:networking_install_succeeded)
end
end
# Specifies the audit configuration for a service. The configuration determines
# which permission types are logged, and what identities, if any, are exempted
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
# are AuditConfigs for both `allServices` and a specific service, the union of
# the two AuditConfigs is used for that service: the log_types specified in each
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
# exempts jose@example.com from DATA_READ logging, and aliya@example.com from
# DATA_WRITE logging.
class AuditConfig
include Google::Apis::Core::Hashable
# The configuration for logging of each type of permission.
# Corresponds to the JSON property `auditLogConfigs`
# @return [Array<Google::Apis::GkehubV1beta::AuditLogConfig>]
attr_accessor :audit_log_configs
# Specifies a service that will be enabled for audit logging. For example, `
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
# value that covers all services.
# Corresponds to the JSON property `service`
# @return [String]
attr_accessor :service
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
@service = args[:service] if args.key?(:service)
end
end
# Provides the configuration for logging a type of permissions. Example: ` "
# audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
# jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
# DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
# DATA_READ logging.
class AuditLogConfig
include Google::Apis::Core::Hashable
# Specifies the identities that do not cause logging for this type of permission.
# Follows the same format of Binding.members.
# Corresponds to the JSON property `exemptedMembers`
# @return [Array<String>]
attr_accessor :exempted_members
# The log type that this config enables.
# Corresponds to the JSON property `logType`
# @return [String]
attr_accessor :log_type
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
@log_type = args[:log_type] if args.key?(:log_type)
end
end
# Associates `members`, or principals, with a `role`.
class Binding
include Google::Apis::Core::Hashable
# Represents a textual expression in the Common Expression Language (CEL) syntax.
# CEL is a C-like expression language. The syntax and semantics of CEL are
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
# "Summary size limit" description: "Determines if a summary is less than 100
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
# Requestor is owner" description: "Determines if requestor is the document
# owner" expression: "document.owner == request.auth.claims.email" Example (
# Logic): title: "Public documents" description: "Determine whether the document
# should be publicly visible" expression: "document.type != 'private' &&
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
# string" description: "Create a notification string with a timestamp."
# expression: "'New message received at ' + string(document.create_time)" The
# exact variables and functions that may be referenced within an expression are
# determined by the service that evaluates it. See the service documentation for
# additional information.
# Corresponds to the JSON property `condition`
# @return [Google::Apis::GkehubV1beta::Expr]
attr_accessor :condition
# Specifies the principals requesting access for a Cloud Platform resource. `
# members` can have the following values: * `allUsers`: A special identifier
# that represents anyone who is on the internet; with or without a Google
# account. * `allAuthenticatedUsers`: A special identifier that represents
# anyone who is authenticated with a Google account or a service account. * `
# user:`emailid``: An email address that represents a specific Google account.
# For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
# address that represents a service account. For example, `my-other-app@appspot.
# gserviceaccount.com`. * `group:`emailid``: An email address that represents a
# Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
# `uniqueid``: An email address (plus unique identifier) representing a user
# that has been recently deleted. For example, `alice@example.com?uid=
# 123456789012345678901`. If the user is recovered, this value reverts to `user:`
# emailid`` and the recovered user retains the role in the binding. * `deleted:
# serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
# identifier) representing a service account that has been recently deleted. For
# example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
# If the service account is undeleted, this value reverts to `serviceAccount:`
# emailid`` and the undeleted service account retains the role in the binding. *
# `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
# identifier) representing a Google group that has been recently deleted. For
# example, `admins@example.com?uid=123456789012345678901`. If the group is
# recovered, this value reverts to `group:`emailid`` and the recovered group
# retains the role in the binding. * `domain:`domain``: The G Suite domain (
# primary) that represents all the users of that domain. For example, `google.
# com` or `example.com`.
# Corresponds to the JSON property `members`
# @return [Array<String>]
attr_accessor :members
# Role that is assigned to the list of `members`, or principals. For example, `
# roles/viewer`, `roles/editor`, or `roles/owner`.
# Corresponds to the JSON property `role`
# @return [String]
attr_accessor :role
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@condition = args[:condition] if args.key?(:condition)
@members = args[:members] if args.key?(:members)
@role = args[:role] if args.key?(:role)
end
end
# The request message for Operations.CancelOperation.
class CancelOperationRequest
include Google::Apis::Core::Hashable
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
end
end
# CommonFeatureSpec contains Hub-wide configuration information
class CommonFeatureSpec
include Google::Apis::Core::Hashable
# **Anthos Observability**: Spec
# Corresponds to the JSON property `anthosobservability`
# @return [Google::Apis::GkehubV1beta::AnthosObservabilityFeatureSpec]
attr_accessor :anthosobservability
# Spec for App Dev Experience Feature.
# Corresponds to the JSON property `appdevexperience`
# @return [Google::Apis::GkehubV1beta::AppDevExperienceFeatureSpec]
attr_accessor :appdevexperience
# **Multi-cluster Ingress**: The configuration for the MultiClusterIngress
# feature.
# Corresponds to the JSON property `multiclusteringress`
# @return [Google::Apis::GkehubV1beta::MultiClusterIngressFeatureSpec]
attr_accessor :multiclusteringress
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@anthosobservability = args[:anthosobservability] if args.key?(:anthosobservability)
@appdevexperience = args[:appdevexperience] if args.key?(:appdevexperience)
@multiclusteringress = args[:multiclusteringress] if args.key?(:multiclusteringress)
end
end
# CommonFeatureState contains Hub-wide Feature status information.
class CommonFeatureState
include Google::Apis::Core::Hashable
# State for App Dev Exp Feature.
# Corresponds to the JSON property `appdevexperience`
# @return [Google::Apis::GkehubV1beta::AppDevExperienceFeatureState]
attr_accessor :appdevexperience
# FeatureState describes the high-level state of a Feature. It may be used to
# describe a Feature's state at the environ-level, or per-membershop, depending
# on the context.
# Corresponds to the JSON property `state`
# @return [Google::Apis::GkehubV1beta::FeatureState]
attr_accessor :state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@appdevexperience = args[:appdevexperience] if args.key?(:appdevexperience)
@state = args[:state] if args.key?(:state)
end
end
# Configuration for Binauthz
class ConfigManagementBinauthzConfig
include Google::Apis::Core::Hashable
# Whether binauthz is enabled in this cluster.
# Corresponds to the JSON property `enabled`
# @return [Boolean]
attr_accessor :enabled
alias_method :enabled?, :enabled
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@enabled = args[:enabled] if args.key?(:enabled)
end
end
# State for Binauthz
class ConfigManagementBinauthzState
include Google::Apis::Core::Hashable
# The version of binauthz.
# Corresponds to the JSON property `version`
# @return [Google::Apis::GkehubV1beta::ConfigManagementBinauthzVersion]
attr_accessor :version
# The state of the binauthz webhook.
# Corresponds to the JSON property `webhook`
# @return [String]
attr_accessor :webhook
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@version = args[:version] if args.key?(:version)
@webhook = args[:webhook] if args.key?(:webhook)
end
end
# The version of binauthz.
class ConfigManagementBinauthzVersion
include Google::Apis::Core::Hashable
# The version of the binauthz webhook.
# Corresponds to the JSON property `webhookVersion`
# @return [String]
attr_accessor :webhook_version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@webhook_version = args[:webhook_version] if args.key?(:webhook_version)
end
end
# Configuration for Config Sync
class ConfigManagementConfigSync
include Google::Apis::Core::Hashable
# Enables the installation of ConfigSync. If set to true, ConfigSync resources
# will be created and the other ConfigSync fields will be applied if exist. If
# set to false, all other ConfigSync fields will be ignored, ConfigSync
# resources will be deleted. If omitted, ConfigSync resources will be managed
# depends on the presence of git field.
# Corresponds to the JSON property `enabled`
# @return [Boolean]
attr_accessor :enabled
alias_method :enabled?, :enabled
# Git repo configuration for a single cluster.
# Corresponds to the JSON property `git`
# @return [Google::Apis::GkehubV1beta::ConfigManagementGitConfig]
attr_accessor :git
# Set to true to enable the Config Sync admission webhook to prevent drifts. If
# set to `false`, disables the Config Sync admission webhook and does not
# prevent drifts.
# Corresponds to the JSON property `preventDrift`
# @return [Boolean]
attr_accessor :prevent_drift
alias_method :prevent_drift?, :prevent_drift
# Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured”
# mode.
# Corresponds to the JSON property `sourceFormat`
# @return [String]
attr_accessor :source_format
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@enabled = args[:enabled] if args.key?(:enabled)
@git = args[:git] if args.key?(:git)
@prevent_drift = args[:prevent_drift] if args.key?(:prevent_drift)
@source_format = args[:source_format] if args.key?(:source_format)
end
end
# The state of ConfigSync's deployment on a cluster
class ConfigManagementConfigSyncDeploymentState
include Google::Apis::Core::Hashable
# Deployment state of admission-webhook
# Corresponds to the JSON property `admissionWebhook`
# @return [String]
attr_accessor :admission_webhook
# Deployment state of the git-sync pod
# Corresponds to the JSON property `gitSync`
# @return [String]
attr_accessor :git_sync
# Deployment state of the importer pod
# Corresponds to the JSON property `importer`
# @return [String]
attr_accessor :importer
# Deployment state of the monitor pod
# Corresponds to the JSON property `monitor`
# @return [String]
attr_accessor :monitor
# Deployment state of reconciler-manager pod
# Corresponds to the JSON property `reconcilerManager`
# @return [String]
attr_accessor :reconciler_manager
# Deployment state of root-reconciler
# Corresponds to the JSON property `rootReconciler`
# @return [String]
attr_accessor :root_reconciler
# Deployment state of the syncer pod
# Corresponds to the JSON property `syncer`
# @return [String]
attr_accessor :syncer
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@admission_webhook = args[:admission_webhook] if args.key?(:admission_webhook)
@git_sync = args[:git_sync] if args.key?(:git_sync)
@importer = args[:importer] if args.key?(:importer)
@monitor = args[:monitor] if args.key?(:monitor)
@reconciler_manager = args[:reconciler_manager] if args.key?(:reconciler_manager)
@root_reconciler = args[:root_reconciler] if args.key?(:root_reconciler)
@syncer = args[:syncer] if args.key?(:syncer)
end
end
# State information for ConfigSync
class ConfigManagementConfigSyncState
include Google::Apis::Core::Hashable
# The state of ConfigSync's deployment on a cluster
# Corresponds to the JSON property `deploymentState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementConfigSyncDeploymentState]
attr_accessor :deployment_state
# State indicating an ACM's progress syncing configurations to a cluster
# Corresponds to the JSON property `syncState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementSyncState]
attr_accessor :sync_state
# Specific versioning information pertaining to ConfigSync's Pods
# Corresponds to the JSON property `version`
# @return [Google::Apis::GkehubV1beta::ConfigManagementConfigSyncVersion]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@deployment_state = args[:deployment_state] if args.key?(:deployment_state)
@sync_state = args[:sync_state] if args.key?(:sync_state)
@version = args[:version] if args.key?(:version)
end
end
# Specific versioning information pertaining to ConfigSync's Pods
class ConfigManagementConfigSyncVersion
include Google::Apis::Core::Hashable
# Version of the deployed admission_webhook pod
# Corresponds to the JSON property `admissionWebhook`
# @return [String]
attr_accessor :admission_webhook
# Version of the deployed git-sync pod
# Corresponds to the JSON property `gitSync`
# @return [String]
attr_accessor :git_sync
# Version of the deployed importer pod
# Corresponds to the JSON property `importer`
# @return [String]
attr_accessor :importer
# Version of the deployed monitor pod
# Corresponds to the JSON property `monitor`
# @return [String]
attr_accessor :monitor
# Version of the deployed reconciler-manager pod
# Corresponds to the JSON property `reconcilerManager`
# @return [String]
attr_accessor :reconciler_manager
# Version of the deployed reconciler container in root-reconciler pod
# Corresponds to the JSON property `rootReconciler`
# @return [String]
attr_accessor :root_reconciler
# Version of the deployed syncer pod
# Corresponds to the JSON property `syncer`
# @return [String]
attr_accessor :syncer
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@admission_webhook = args[:admission_webhook] if args.key?(:admission_webhook)
@git_sync = args[:git_sync] if args.key?(:git_sync)
@importer = args[:importer] if args.key?(:importer)
@monitor = args[:monitor] if args.key?(:monitor)
@reconciler_manager = args[:reconciler_manager] if args.key?(:reconciler_manager)
@root_reconciler = args[:root_reconciler] if args.key?(:root_reconciler)
@syncer = args[:syncer] if args.key?(:syncer)
end
end
# Model for a config file in the git repo with an associated Sync error
class ConfigManagementErrorResource
include Google::Apis::Core::Hashable
# A Kubernetes object's GVK
# Corresponds to the JSON property `resourceGvk`
# @return [Google::Apis::GkehubV1beta::ConfigManagementGroupVersionKind]
attr_accessor :resource_gvk
# Metadata name of the resource that is causing an error
# Corresponds to the JSON property `resourceName`
# @return [String]
attr_accessor :resource_name
# Namespace of the resource that is causing an error
# Corresponds to the JSON property `resourceNamespace`
# @return [String]
attr_accessor :resource_namespace
# Path in the git repo of the erroneous config
# Corresponds to the JSON property `sourcePath`
# @return [String]
attr_accessor :source_path
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@resource_gvk = args[:resource_gvk] if args.key?(:resource_gvk)
@resource_name = args[:resource_name] if args.key?(:resource_name)
@resource_namespace = args[:resource_namespace] if args.key?(:resource_namespace)
@source_path = args[:source_path] if args.key?(:source_path)
end
end
# State of Policy Controller installation.
class ConfigManagementGatekeeperDeploymentState
include Google::Apis::Core::Hashable
# Status of gatekeeper-audit deployment.
# Corresponds to the JSON property `gatekeeperAudit`
# @return [String]
attr_accessor :gatekeeper_audit
# Status of gatekeeper-controller-manager pod.
# Corresponds to the JSON property `gatekeeperControllerManagerState`
# @return [String]
attr_accessor :gatekeeper_controller_manager_state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@gatekeeper_audit = args[:gatekeeper_audit] if args.key?(:gatekeeper_audit)
@gatekeeper_controller_manager_state = args[:gatekeeper_controller_manager_state] if args.key?(:gatekeeper_controller_manager_state)
end
end
# Git repo configuration for a single cluster.
class ConfigManagementGitConfig
include Google::Apis::Core::Hashable
# The GCP Service Account Email used for auth when secret_type is
# gcpServiceAccount.
# Corresponds to the JSON property `gcpServiceAccountEmail`
# @return [String]
attr_accessor :gcp_service_account_email
# URL for the HTTPS proxy to be used when communicating with the Git repo.
# Corresponds to the JSON property `httpsProxy`
# @return [String]
attr_accessor :https_proxy
# The path within the Git repository that represents the top level of the repo
# to sync. Default: the root directory of the repository.
# Corresponds to the JSON property `policyDir`
# @return [String]
attr_accessor :policy_dir
# Type of secret configured for access to the Git repo. Must be one of ssh,
# cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this
# is case-sensitive. Required.
# Corresponds to the JSON property `secretType`
# @return [String]
attr_accessor :secret_type
# The branch of the repository to sync from. Default: master.
# Corresponds to the JSON property `syncBranch`
# @return [String]
attr_accessor :sync_branch
# The URL of the Git repository to use as the source of truth.
# Corresponds to the JSON property `syncRepo`
# @return [String]
attr_accessor :sync_repo
# Git revision (tag or hash) to check out. Default HEAD.
# Corresponds to the JSON property `syncRev`
# @return [String]
attr_accessor :sync_rev
# Period in seconds between consecutive syncs. Default: 15.
# Corresponds to the JSON property `syncWaitSecs`
# @return [Fixnum]
attr_accessor :sync_wait_secs
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@gcp_service_account_email = args[:gcp_service_account_email] if args.key?(:gcp_service_account_email)
@https_proxy = args[:https_proxy] if args.key?(:https_proxy)
@policy_dir = args[:policy_dir] if args.key?(:policy_dir)
@secret_type = args[:secret_type] if args.key?(:secret_type)
@sync_branch = args[:sync_branch] if args.key?(:sync_branch)
@sync_repo = args[:sync_repo] if args.key?(:sync_repo)
@sync_rev = args[:sync_rev] if args.key?(:sync_rev)
@sync_wait_secs = args[:sync_wait_secs] if args.key?(:sync_wait_secs)
end
end
# A Kubernetes object's GVK
class ConfigManagementGroupVersionKind
include Google::Apis::Core::Hashable
# Kubernetes Group
# Corresponds to the JSON property `group`
# @return [String]
attr_accessor :group
# Kubernetes Kind
# Corresponds to the JSON property `kind`
# @return [String]
attr_accessor :kind
# Kubernetes Version
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@group = args[:group] if args.key?(:group)
@kind = args[:kind] if args.key?(:kind)
@version = args[:version] if args.key?(:version)
end
end
# Configuration for Hierarchy Controller
class ConfigManagementHierarchyControllerConfig
include Google::Apis::Core::Hashable
# Whether hierarchical resource quota is enabled in this cluster.
# Corresponds to the JSON property `enableHierarchicalResourceQuota`
# @return [Boolean]
attr_accessor :enable_hierarchical_resource_quota
alias_method :enable_hierarchical_resource_quota?, :enable_hierarchical_resource_quota
# Whether pod tree labels are enabled in this cluster.
# Corresponds to the JSON property `enablePodTreeLabels`
# @return [Boolean]
attr_accessor :enable_pod_tree_labels
alias_method :enable_pod_tree_labels?, :enable_pod_tree_labels
# Whether Hierarchy Controller is enabled in this cluster.
# Corresponds to the JSON property `enabled`
# @return [Boolean]
attr_accessor :enabled
alias_method :enabled?, :enabled
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@enable_hierarchical_resource_quota = args[:enable_hierarchical_resource_quota] if args.key?(:enable_hierarchical_resource_quota)
@enable_pod_tree_labels = args[:enable_pod_tree_labels] if args.key?(:enable_pod_tree_labels)
@enabled = args[:enabled] if args.key?(:enabled)
end
end
# Deployment state for Hierarchy Controller
class ConfigManagementHierarchyControllerDeploymentState
include Google::Apis::Core::Hashable
# The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1)
# Corresponds to the JSON property `extension`
# @return [String]
attr_accessor :extension
# The deployment state for open source HNC (e.g. v0.7.0-hc.0)
# Corresponds to the JSON property `hnc`
# @return [String]
attr_accessor :hnc
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@extension = args[:extension] if args.key?(:extension)
@hnc = args[:hnc] if args.key?(:hnc)
end
end
# State for Hierarchy Controller
class ConfigManagementHierarchyControllerState
include Google::Apis::Core::Hashable
# Deployment state for Hierarchy Controller
# Corresponds to the JSON property `state`
# @return [Google::Apis::GkehubV1beta::ConfigManagementHierarchyControllerDeploymentState]
attr_accessor :state
# Version for Hierarchy Controller
# Corresponds to the JSON property `version`
# @return [Google::Apis::GkehubV1beta::ConfigManagementHierarchyControllerVersion]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@state = args[:state] if args.key?(:state)
@version = args[:version] if args.key?(:version)
end
end
# Version for Hierarchy Controller
class ConfigManagementHierarchyControllerVersion
include Google::Apis::Core::Hashable
# Version for Hierarchy Controller extension
# Corresponds to the JSON property `extension`
# @return [String]
attr_accessor :extension
# Version for open source HNC
# Corresponds to the JSON property `hnc`
# @return [String]
attr_accessor :hnc
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@extension = args[:extension] if args.key?(:extension)
@hnc = args[:hnc] if args.key?(:hnc)
end
end
# Errors pertaining to the installation of ACM
class ConfigManagementInstallError
include Google::Apis::Core::Hashable
# A string representing the user facing error message
# Corresponds to the JSON property `errorMessage`
# @return [String]
attr_accessor :error_message
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@error_message = args[:error_message] if args.key?(:error_message)
end
end
# **Anthos Config Management**: Configuration for a single cluster. Intended to
# parallel the ConfigManagement CR.
class ConfigManagementMembershipSpec
include Google::Apis::Core::Hashable
# Configuration for Binauthz
# Corresponds to the JSON property `binauthz`
# @return [Google::Apis::GkehubV1beta::ConfigManagementBinauthzConfig]
attr_accessor :binauthz
# Configuration for Config Sync
# Corresponds to the JSON property `configSync`
# @return [Google::Apis::GkehubV1beta::ConfigManagementConfigSync]
attr_accessor :config_sync
# Configuration for Hierarchy Controller
# Corresponds to the JSON property `hierarchyController`
# @return [Google::Apis::GkehubV1beta::ConfigManagementHierarchyControllerConfig]
attr_accessor :hierarchy_controller
# Configuration for Policy Controller
# Corresponds to the JSON property `policyController`
# @return [Google::Apis::GkehubV1beta::ConfigManagementPolicyController]
attr_accessor :policy_controller
# Version of ACM installed.
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@binauthz = args[:binauthz] if args.key?(:binauthz)
@config_sync = args[:config_sync] if args.key?(:config_sync)
@hierarchy_controller = args[:hierarchy_controller] if args.key?(:hierarchy_controller)
@policy_controller = args[:policy_controller] if args.key?(:policy_controller)
@version = args[:version] if args.key?(:version)
end
end
# **Anthos Config Management**: State for a single cluster.
class ConfigManagementMembershipState
include Google::Apis::Core::Hashable
# State for Binauthz
# Corresponds to the JSON property `binauthzState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementBinauthzState]
attr_accessor :binauthz_state
# The user-defined name for the cluster used by ClusterSelectors to group
# clusters together. This should match Membership's membership_name, unless the
# user installed ACM on the cluster manually prior to enabling the ACM hub
# feature. Unique within a Anthos Config Management installation.
# Corresponds to the JSON property `clusterName`
# @return [String]
attr_accessor :cluster_name
# State information for ConfigSync
# Corresponds to the JSON property `configSyncState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementConfigSyncState]
attr_accessor :config_sync_state
# State for Hierarchy Controller
# Corresponds to the JSON property `hierarchyControllerState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementHierarchyControllerState]
attr_accessor :hierarchy_controller_state
# **Anthos Config Management**: Configuration for a single cluster. Intended to
# parallel the ConfigManagement CR.
# Corresponds to the JSON property `membershipSpec`
# @return [Google::Apis::GkehubV1beta::ConfigManagementMembershipSpec]
attr_accessor :membership_spec
# State information for an ACM's Operator
# Corresponds to the JSON property `operatorState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementOperatorState]
attr_accessor :operator_state
# State for PolicyControllerState.
# Corresponds to the JSON property `policyControllerState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementPolicyControllerState]
attr_accessor :policy_controller_state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@binauthz_state = args[:binauthz_state] if args.key?(:binauthz_state)
@cluster_name = args[:cluster_name] if args.key?(:cluster_name)
@config_sync_state = args[:config_sync_state] if args.key?(:config_sync_state)
@hierarchy_controller_state = args[:hierarchy_controller_state] if args.key?(:hierarchy_controller_state)
@membership_spec = args[:membership_spec] if args.key?(:membership_spec)
@operator_state = args[:operator_state] if args.key?(:operator_state)
@policy_controller_state = args[:policy_controller_state] if args.key?(:policy_controller_state)
end
end
# State information for an ACM's Operator
class ConfigManagementOperatorState
include Google::Apis::Core::Hashable
# The state of the Operator's deployment
# Corresponds to the JSON property `deploymentState`
# @return [String]
attr_accessor :deployment_state
# Install errors.
# Corresponds to the JSON property `errors`
# @return [Array<Google::Apis::GkehubV1beta::ConfigManagementInstallError>]
attr_accessor :errors
# The semenatic version number of the operator
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@deployment_state = args[:deployment_state] if args.key?(:deployment_state)
@errors = args[:errors] if args.key?(:errors)
@version = args[:version] if args.key?(:version)
end
end
# Configuration for Policy Controller
class ConfigManagementPolicyController
include Google::Apis::Core::Hashable
# Sets the interval for Policy Controller Audit Scans (in seconds). When set to
# 0, this disables audit functionality altogether.
# Corresponds to the JSON property `auditIntervalSeconds`
# @return [Fixnum]
attr_accessor :audit_interval_seconds
# Enables the installation of Policy Controller. If false, the rest of
# PolicyController fields take no effect.
# Corresponds to the JSON property `enabled`
# @return [Boolean]
attr_accessor :enabled
alias_method :enabled?, :enabled
# The set of namespaces that are excluded from Policy Controller checks.
# Namespaces do not need to currently exist on the cluster.
# Corresponds to the JSON property `exemptableNamespaces`
# @return [Array<String>]
attr_accessor :exemptable_namespaces
# Logs all denies and dry run failures.
# Corresponds to the JSON property `logDeniesEnabled`
# @return [Boolean]
attr_accessor :log_denies_enabled
alias_method :log_denies_enabled?, :log_denies_enabled
# Enables the ability to use Constraint Templates that reference to objects
# other than the object currently being evaluated.
# Corresponds to the JSON property `referentialRulesEnabled`
# @return [Boolean]
attr_accessor :referential_rules_enabled
alias_method :referential_rules_enabled?, :referential_rules_enabled
# Installs the default template library along with Policy Controller.
# Corresponds to the JSON property `templateLibraryInstalled`
# @return [Boolean]
attr_accessor :template_library_installed
alias_method :template_library_installed?, :template_library_installed
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audit_interval_seconds = args[:audit_interval_seconds] if args.key?(:audit_interval_seconds)
@enabled = args[:enabled] if args.key?(:enabled)
@exemptable_namespaces = args[:exemptable_namespaces] if args.key?(:exemptable_namespaces)
@log_denies_enabled = args[:log_denies_enabled] if args.key?(:log_denies_enabled)
@referential_rules_enabled = args[:referential_rules_enabled] if args.key?(:referential_rules_enabled)
@template_library_installed = args[:template_library_installed] if args.key?(:template_library_installed)
end
end
# State for PolicyControllerState.
class ConfigManagementPolicyControllerState
include Google::Apis::Core::Hashable
# State of Policy Controller installation.
# Corresponds to the JSON property `deploymentState`
# @return [Google::Apis::GkehubV1beta::ConfigManagementGatekeeperDeploymentState]
attr_accessor :deployment_state
# The build version of Gatekeeper Policy Controller is using.
# Corresponds to the JSON property `version`
# @return [Google::Apis::GkehubV1beta::ConfigManagementPolicyControllerVersion]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@deployment_state = args[:deployment_state] if args.key?(:deployment_state)
@version = args[:version] if args.key?(:version)
end
end
# The build version of Gatekeeper Policy Controller is using.
class ConfigManagementPolicyControllerVersion
include Google::Apis::Core::Hashable
# The gatekeeper image tag that is composed of ACM version, git tag, build
# number.
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@version = args[:version] if args.key?(:version)
end
end
# An ACM created error representing a problem syncing configurations
class ConfigManagementSyncError
include Google::Apis::Core::Hashable
# An ACM defined error code
# Corresponds to the JSON property `code`
# @return [String]
attr_accessor :code
# A description of the error
# Corresponds to the JSON property `errorMessage`
# @return [String]
attr_accessor :error_message
# A list of config(s) associated with the error, if any
# Corresponds to the JSON property `errorResources`
# @return [Array<Google::Apis::GkehubV1beta::ConfigManagementErrorResource>]
attr_accessor :error_resources
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@code = args[:code] if args.key?(:code)
@error_message = args[:error_message] if args.key?(:error_message)
@error_resources = args[:error_resources] if args.key?(:error_resources)
end
end
# State indicating an ACM's progress syncing configurations to a cluster
class ConfigManagementSyncState
include Google::Apis::Core::Hashable
# Sync status code
# Corresponds to the JSON property `code`
# @return [String]
attr_accessor :code
# A list of errors resulting from problematic configs. This list will be
# truncated after 100 errors, although it is unlikely for that many errors to
# simultaneously exist.
# Corresponds to the JSON property `errors`
# @return [Array<Google::Apis::GkehubV1beta::ConfigManagementSyncError>]
attr_accessor :errors
# Token indicating the state of the importer.
# Corresponds to the JSON property `importToken`
# @return [String]
attr_accessor :import_token
# Deprecated: use last_sync_time instead. Timestamp of when ACM last
# successfully synced the repo The time format is specified in https://golang.
# org/pkg/time/#Time.String
# Corresponds to the JSON property `lastSync`
# @return [String]
attr_accessor :last_sync
# Timestamp type of when ACM last successfully synced the repo
# Corresponds to the JSON property `lastSyncTime`
# @return [String]
attr_accessor :last_sync_time
# Token indicating the state of the repo.
# Corresponds to the JSON property `sourceToken`
# @return [String]
attr_accessor :source_token
# Token indicating the state of the syncer.
# Corresponds to the JSON property `syncToken`
# @return [String]
attr_accessor :sync_token
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@code = args[:code] if args.key?(:code)
@errors = args[:errors] if args.key?(:errors)
@import_token = args[:import_token] if args.key?(:import_token)
@last_sync = args[:last_sync] if args.key?(:last_sync)
@last_sync_time = args[:last_sync_time] if args.key?(:last_sync_time)
@source_token = args[:source_token] if args.key?(:source_token)
@sync_token = args[:sync_token] if args.key?(:sync_token)
end
end
# A generic empty message that you can re-use to avoid defining duplicated empty
# messages in your APIs. A typical example is to use it as the request or the
# response type of an API method. For instance: service Foo ` rpc Bar(google.
# protobuf.Empty) returns (google.protobuf.Empty); `
class Empty
include Google::Apis::Core::Hashable
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
end
end
# Represents a textual expression in the Common Expression Language (CEL) syntax.
# CEL is a C-like expression language. The syntax and semantics of CEL are
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
# "Summary size limit" description: "Determines if a summary is less than 100
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
# Requestor is owner" description: "Determines if requestor is the document
# owner" expression: "document.owner == request.auth.claims.email" Example (
# Logic): title: "Public documents" description: "Determine whether the document
# should be publicly visible" expression: "document.type != 'private' &&
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
# string" description: "Create a notification string with a timestamp."
# expression: "'New message received at ' + string(document.create_time)" The
# exact variables and functions that may be referenced within an expression are
# determined by the service that evaluates it. See the service documentation for
# additional information.
class Expr
include Google::Apis::Core::Hashable
# Optional. Description of the expression. This is a longer text which describes
# the expression, e.g. when hovered over it in a UI.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
# Textual representation of an expression in Common Expression Language syntax.
# Corresponds to the JSON property `expression`
# @return [String]
attr_accessor :expression
# Optional. String indicating the location of the expression for error reporting,
# e.g. a file name and a position in the file.
# Corresponds to the JSON property `location`
# @return [String]
attr_accessor :location
# Optional. Title for the expression, i.e. a short string describing its purpose.
# This can be used e.g. in UIs which allow to enter the expression.
# Corresponds to the JSON property `title`
# @return [String]
attr_accessor :title
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@description = args[:description] if args.key?(:description)
@expression = args[:expression] if args.key?(:expression)
@location = args[:location] if args.key?(:location)
@title = args[:title] if args.key?(:title)
end
end
# Feature represents the settings and status of any Hub Feature.
class Feature
include Google::Apis::Core::Hashable
# Output only. When the Feature resource was created.
# Corresponds to the JSON property `createTime`
# @return [String]
attr_accessor :create_time
# Output only. When the Feature resource was deleted.
# Corresponds to the JSON property `deleteTime`
# @return [String]
attr_accessor :delete_time
# GCP labels for this Feature.
# Corresponds to the JSON property `labels`
# @return [Hash<String,String>]
attr_accessor :labels
# Optional. Membership-specific configuration for this Feature. If this Feature
# does not support any per-Membership configuration, this field may be unused.
# The keys indicate which Membership the configuration is for, in the form: `
# projects/`p`/locations/`l`/memberships/`m`` Where `p` is the project, `l` is a
# valid location and `m` is a valid Membership in this project at that location.
# `p` WILL match the Feature's project. `p` will always be returned as the
# project number, but the project ID is also accepted during input. If the same
# Membership is specified in the map twice (using the project ID form, and the
# project number form), exactly ONE of the entries will be saved, with no
# guarantees as to which. For this reason, it is recommended the same format be
# used for all entries when mutating a Feature.
# Corresponds to the JSON property `membershipSpecs`
# @return [Hash<String,Google::Apis::GkehubV1beta::MembershipFeatureSpec>]
attr_accessor :membership_specs
# Output only. Membership-specific Feature status. If this Feature does report
# any per-Membership status, this field may be unused. The keys indicate which
# Membership the state is for, in the form: `projects/`p`/locations/`l`/
# memberships/`m`` Where `p` is the project number, `l` is a valid location and `
# m` is a valid Membership in this project at that location. `p` MUST match the
# Feature's project number.
# Corresponds to the JSON property `membershipStates`
# @return [Hash<String,Google::Apis::GkehubV1beta::MembershipFeatureState>]
attr_accessor :membership_states
# Output only. The full, unique name of this Feature resource in the format `
# projects/*/locations/*/features/*`.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
# FeatureResourceState describes the state of a Feature *resource* in the GkeHub
# API. See `FeatureState` for the "running state" of the Feature in the Hub and
# across Memberships.
# Corresponds to the JSON property `resourceState`
# @return [Google::Apis::GkehubV1beta::FeatureResourceState]
attr_accessor :resource_state
# CommonFeatureSpec contains Hub-wide configuration information
# Corresponds to the JSON property `spec`
# @return [Google::Apis::GkehubV1beta::CommonFeatureSpec]
attr_accessor :spec
# CommonFeatureState contains Hub-wide Feature status information.
# Corresponds to the JSON property `state`
# @return [Google::Apis::GkehubV1beta::CommonFeatureState]
attr_accessor :state
# Output only. When the Feature resource was last updated.
# Corresponds to the JSON property `updateTime`
# @return [String]
attr_accessor :update_time
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@create_time = args[:create_time] if args.key?(:create_time)
@delete_time = args[:delete_time] if args.key?(:delete_time)
@labels = args[:labels] if args.key?(:labels)
@membership_specs = args[:membership_specs] if args.key?(:membership_specs)
@membership_states = args[:membership_states] if args.key?(:membership_states)
@name = args[:name] if args.key?(:name)
@resource_state = args[:resource_state] if args.key?(:resource_state)
@spec = args[:spec] if args.key?(:spec)
@state = args[:state] if args.key?(:state)
@update_time = args[:update_time] if args.key?(:update_time)
end
end
# FeatureResourceState describes the state of a Feature *resource* in the GkeHub
# API. See `FeatureState` for the "running state" of the Feature in the Hub and
# across Memberships.
class FeatureResourceState
include Google::Apis::Core::Hashable
# The current state of the Feature resource in the Hub API.
# Corresponds to the JSON property `state`
# @return [String]
attr_accessor :state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@state = args[:state] if args.key?(:state)
end
end
# FeatureState describes the high-level state of a Feature. It may be used to
# describe a Feature's state at the environ-level, or per-membershop, depending
# on the context.
class FeatureState
include Google::Apis::Core::Hashable
# The high-level, machine-readable status of this Feature.
# Corresponds to the JSON property `code`
# @return [String]
attr_accessor :code
# A human-readable description of the current status.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
# The time this status and any related Feature-specific details were updated.
# Corresponds to the JSON property `updateTime`
# @return [String]
attr_accessor :update_time
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@code = args[:code] if args.key?(:code)
@description = args[:description] if args.key?(:description)
@update_time = args[:update_time] if args.key?(:update_time)
end
end
# The `Status` type defines a logical error model that is suitable for different
# programming environments, including REST APIs and RPC APIs. It is used by [
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
# data: error code, error message, and error details. You can find out more
# about this error model and how to work with it in the [API Design Guide](https:
# //cloud.google.com/apis/design/errors).
class GoogleRpcStatus
include Google::Apis::Core::Hashable
# The status code, which should be an enum value of google.rpc.Code.
# Corresponds to the JSON property `code`
# @return [Fixnum]
attr_accessor :code
# A list of messages that carry the error details. There is a common set of
# message types for APIs to use.
# Corresponds to the JSON property `details`
# @return [Array<Hash<String,Object>>]
attr_accessor :details
# A developer-facing error message, which should be in English. Any user-facing
# error message should be localized and sent in the google.rpc.Status.details
# field, or localized by the client.
# Corresponds to the JSON property `message`
# @return [String]
attr_accessor :message
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@code = args[:code] if args.key?(:code)
@details = args[:details] if args.key?(:details)
@message = args[:message] if args.key?(:message)
end
end
# Configuration of an auth method for a member/cluster. Only one authentication
# method (e.g., OIDC and LDAP) can be set per AuthMethod.
class IdentityServiceAuthMethod
include Google::Apis::Core::Hashable
# Identifier for auth config.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
# Configuration for OIDC Auth flow.
# Corresponds to the JSON property `oidcConfig`
# @return [Google::Apis::GkehubV1beta::IdentityServiceOidcConfig]
attr_accessor :oidc_config
# Proxy server address to use for auth method.
# Corresponds to the JSON property `proxy`
# @return [String]
attr_accessor :proxy
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@name = args[:name] if args.key?(:name)
@oidc_config = args[:oidc_config] if args.key?(:oidc_config)
@proxy = args[:proxy] if args.key?(:proxy)
end
end
# **Anthos Identity Service**: Configuration for a single Membership.
class IdentityServiceMembershipSpec
include Google::Apis::Core::Hashable
# A member may support multiple auth methods.
# Corresponds to the JSON property `authMethods`
# @return [Array<Google::Apis::GkehubV1beta::IdentityServiceAuthMethod>]
attr_accessor :auth_methods
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@auth_methods = args[:auth_methods] if args.key?(:auth_methods)
end
end
# **Anthos Identity Service**: State for a single Membership.
class IdentityServiceMembershipState
include Google::Apis::Core::Hashable
# The reason of the failure.
# Corresponds to the JSON property `failureReason`
# @return [String]
attr_accessor :failure_reason
# Installed AIS version. This is the AIS version installed on this member. The
# values makes sense iff state is OK.
# Corresponds to the JSON property `installedVersion`
# @return [String]
attr_accessor :installed_version
# **Anthos Identity Service**: Configuration for a single Membership.
# Corresponds to the JSON property `memberConfig`
# @return [Google::Apis::GkehubV1beta::IdentityServiceMembershipSpec]
attr_accessor :member_config
# Deployment state on this member
# Corresponds to the JSON property `state`
# @return [String]
attr_accessor :state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@failure_reason = args[:failure_reason] if args.key?(:failure_reason)
@installed_version = args[:installed_version] if args.key?(:installed_version)
@member_config = args[:member_config] if args.key?(:member_config)
@state = args[:state] if args.key?(:state)
end
end
# Configuration for OIDC Auth flow.
class IdentityServiceOidcConfig
include Google::Apis::Core::Hashable
# PEM-encoded CA for OIDC provider.
# Corresponds to the JSON property `certificateAuthorityData`
# @return [String]
attr_accessor :certificate_authority_data
# ID for OIDC client application.
# Corresponds to the JSON property `clientId`
# @return [String]
attr_accessor :client_id
# Unencrypted OIDC client secret will be passed to the GKE Hub CLH.
# Corresponds to the JSON property `clientSecret`
# @return [String]
attr_accessor :client_secret
# Flag to denote if reverse proxy is used to connect to auth provider. This flag
# should be set to true when provider is not reachable by Google Cloud Console.
# Corresponds to the JSON property `deployCloudConsoleProxy`
# @return [Boolean]
attr_accessor :deploy_cloud_console_proxy
alias_method :deploy_cloud_console_proxy?, :deploy_cloud_console_proxy
# Output only. Encrypted OIDC Client secret
# Corresponds to the JSON property `encryptedClientSecret`
# NOTE: Values are automatically base64 encoded/decoded in the client library.
# @return [String]
attr_accessor :encrypted_client_secret
# Comma-separated list of key-value pairs.
# Corresponds to the JSON property `extraParams`
# @return [String]
attr_accessor :extra_params
# Prefix to prepend to group name.
# Corresponds to the JSON property `groupPrefix`
# @return [String]
attr_accessor :group_prefix
# Claim in OIDC ID token that holds group information.
# Corresponds to the JSON property `groupsClaim`
# @return [String]
attr_accessor :groups_claim
# URI for the OIDC provider. This should point to the level below .well-known/
# openid-configuration.
# Corresponds to the JSON property `issuerUri`
# @return [String]
attr_accessor :issuer_uri
# Registered redirect uri to redirect users going through OAuth flow using
# kubectl plugin.
# Corresponds to the JSON property `kubectlRedirectUri`
# @return [String]
attr_accessor :kubectl_redirect_uri
# Comma-separated list of identifiers.
# Corresponds to the JSON property `scopes`
# @return [String]
attr_accessor :scopes
# Claim in OIDC ID token that holds username.
# Corresponds to the JSON property `userClaim`
# @return [String]
attr_accessor :user_claim
# Prefix to prepend to user name.
# Corresponds to the JSON property `userPrefix`
# @return [String]
attr_accessor :user_prefix
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@certificate_authority_data = args[:certificate_authority_data] if args.key?(:certificate_authority_data)
@client_id = args[:client_id] if args.key?(:client_id)
@client_secret = args[:client_secret] if args.key?(:client_secret)
@deploy_cloud_console_proxy = args[:deploy_cloud_console_proxy] if args.key?(:deploy_cloud_console_proxy)
@encrypted_client_secret = args[:encrypted_client_secret] if args.key?(:encrypted_client_secret)
@extra_params = args[:extra_params] if args.key?(:extra_params)
@group_prefix = args[:group_prefix] if args.key?(:group_prefix)
@groups_claim = args[:groups_claim] if args.key?(:groups_claim)
@issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri)
@kubectl_redirect_uri = args[:kubectl_redirect_uri] if args.key?(:kubectl_redirect_uri)
@scopes = args[:scopes] if args.key?(:scopes)
@user_claim = args[:user_claim] if args.key?(:user_claim)
@user_prefix = args[:user_prefix] if args.key?(:user_prefix)
end
end
# Response message for the `GkeHub.ListFeatures` method.
class ListFeaturesResponse
include Google::Apis::Core::Hashable
# A token to request the next page of resources from the `ListFeatures` method.
# The value of an empty string means that there are no more resources to return.
# Corresponds to the JSON property `nextPageToken`
# @return [String]
attr_accessor :next_page_token
# The list of matching Features
# Corresponds to the JSON property `resources`
# @return [Array<Google::Apis::GkehubV1beta::Feature>]
attr_accessor :resources
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
@resources = args[:resources] if args.key?(:resources)
end
end
# The response message for Locations.ListLocations.
class ListLocationsResponse
include Google::Apis::Core::Hashable
# A list of locations that matches the specified filter in the request.
# Corresponds to the JSON property `locations`
# @return [Array<Google::Apis::GkehubV1beta::Location>]
attr_accessor :locations
# The standard List next-page token.
# Corresponds to the JSON property `nextPageToken`
# @return [String]
attr_accessor :next_page_token
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@locations = args[:locations] if args.key?(:locations)
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
end
end
# The response message for Operations.ListOperations.
class ListOperationsResponse
include Google::Apis::Core::Hashable
# The standard List next-page token.
# Corresponds to the JSON property `nextPageToken`
# @return [String]
attr_accessor :next_page_token
# A list of operations that matches the specified filter in the request.
# Corresponds to the JSON property `operations`
# @return [Array<Google::Apis::GkehubV1beta::Operation>]
attr_accessor :operations
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
@operations = args[:operations] if args.key?(:operations)
end
end
# A resource that represents Google Cloud Platform location.
class Location
include Google::Apis::Core::Hashable
# The friendly name for this location, typically a nearby city name. For example,
# "Tokyo".
# Corresponds to the JSON property `displayName`
# @return [String]
attr_accessor :display_name
# Cross-service attributes for the location. For example `"cloud.googleapis.com/
# region": "us-east1"`
# Corresponds to the JSON property `labels`
# @return [Hash<String,String>]
attr_accessor :labels
# The canonical id for this location. For example: `"us-east1"`.
# Corresponds to the JSON property `locationId`
# @return [String]
attr_accessor :location_id
# Service-specific metadata. For example the available capacity at the given
# location.
# Corresponds to the JSON property `metadata`
# @return [Hash<String,Object>]
attr_accessor :metadata
# Resource name for the location, which may vary between implementations. For
# example: `"projects/example-project/locations/us-east1"`
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@display_name = args[:display_name] if args.key?(:display_name)
@labels = args[:labels] if args.key?(:labels)
@location_id = args[:location_id] if args.key?(:location_id)
@metadata = args[:metadata] if args.key?(:metadata)
@name = args[:name] if args.key?(:name)
end
end
# MembershipFeatureSpec contains configuration information for a single
# Membership.
class MembershipFeatureSpec
include Google::Apis::Core::Hashable
# **Anthosobservability**: Per-Membership Feature spec.
# Corresponds to the JSON property `anthosobservability`
# @return [Google::Apis::GkehubV1beta::AnthosObservabilityMembershipSpec]
attr_accessor :anthosobservability
# **Cloud Build**: Configurations for each Cloud Build enabled cluster.
# Corresponds to the JSON property `cloudbuild`
# @return [Google::Apis::GkehubV1beta::MembershipSpec]
attr_accessor :cloudbuild
# **Anthos Config Management**: Configuration for a single cluster. Intended to
# parallel the ConfigManagement CR.
# Corresponds to the JSON property `configmanagement`
# @return [Google::Apis::GkehubV1beta::ConfigManagementMembershipSpec]
attr_accessor :configmanagement
# **Anthos Identity Service**: Configuration for a single Membership.
# Corresponds to the JSON property `identityservice`
# @return [Google::Apis::GkehubV1beta::IdentityServiceMembershipSpec]
attr_accessor :identityservice
# **Policy Controller**: Configuration for a single cluster. Intended to
# parallel the PolicyController CR.
# Corresponds to the JSON property `policycontroller`
# @return [Google::Apis::GkehubV1beta::PolicyControllerMembershipSpec]
attr_accessor :policycontroller
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@anthosobservability = args[:anthosobservability] if args.key?(:anthosobservability)
@cloudbuild = args[:cloudbuild] if args.key?(:cloudbuild)
@configmanagement = args[:configmanagement] if args.key?(:configmanagement)
@identityservice = args[:identityservice] if args.key?(:identityservice)
@policycontroller = args[:policycontroller] if args.key?(:policycontroller)
end
end
# MembershipFeatureState contains Feature status information for a single
# Membership.
class MembershipFeatureState
include Google::Apis::Core::Hashable
# State for App Dev Exp Feature.
# Corresponds to the JSON property `appdevexperience`
# @return [Google::Apis::GkehubV1beta::AppDevExperienceFeatureState]
attr_accessor :appdevexperience
# **Anthos Config Management**: State for a single cluster.
# Corresponds to the JSON property `configmanagement`
# @return [Google::Apis::GkehubV1beta::ConfigManagementMembershipState]
attr_accessor :configmanagement
# **Anthos Identity Service**: State for a single Membership.
# Corresponds to the JSON property `identityservice`
# @return [Google::Apis::GkehubV1beta::IdentityServiceMembershipState]
attr_accessor :identityservice
# **Metering**: Per-Membership Feature State.
# Corresponds to the JSON property `metering`
# @return [Google::Apis::GkehubV1beta::MeteringMembershipState]
attr_accessor :metering
# **Policy Controller**: State for a single cluster.
# Corresponds to the JSON property `policycontroller`
# @return [Google::Apis::GkehubV1beta::PolicyControllerMembershipState]
attr_accessor :policycontroller
# FeatureState describes the high-level state of a Feature. It may be used to
# describe a Feature's state at the environ-level, or per-membershop, depending
# on the context.
# Corresponds to the JSON property `state`
# @return [Google::Apis::GkehubV1beta::FeatureState]
attr_accessor :state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@appdevexperience = args[:appdevexperience] if args.key?(:appdevexperience)
@configmanagement = args[:configmanagement] if args.key?(:configmanagement)
@identityservice = args[:identityservice] if args.key?(:identityservice)
@metering = args[:metering] if args.key?(:metering)
@policycontroller = args[:policycontroller] if args.key?(:policycontroller)
@state = args[:state] if args.key?(:state)
end
end
# **Cloud Build**: Configurations for each Cloud Build enabled cluster.
class MembershipSpec
include Google::Apis::Core::Hashable
# Whether it is allowed to run the privileged builds on the cluster or not.
# Corresponds to the JSON property `securityPolicy`
# @return [String]
attr_accessor :security_policy
# Version of the cloud build software on the cluster.
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@security_policy = args[:security_policy] if args.key?(:security_policy)
@version = args[:version] if args.key?(:version)
end
end
# **Metering**: Per-Membership Feature State.
class MeteringMembershipState
include Google::Apis::Core::Hashable
# The time stamp of the most recent measurement of the number of vCPUs in the
# cluster.
# Corresponds to the JSON property `lastMeasurementTime`
# @return [String]
attr_accessor :last_measurement_time
# The vCPUs capacity in the cluster according to the most recent measurement (1/
# 1000 precision).
# Corresponds to the JSON property `preciseLastMeasuredClusterVcpuCapacity`
# @return [Float]
attr_accessor :precise_last_measured_cluster_vcpu_capacity
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@last_measurement_time = args[:last_measurement_time] if args.key?(:last_measurement_time)
@precise_last_measured_cluster_vcpu_capacity = args[:precise_last_measured_cluster_vcpu_capacity] if args.key?(:precise_last_measured_cluster_vcpu_capacity)
end
end
# **Multi-cluster Ingress**: The configuration for the MultiClusterIngress
# feature.
class MultiClusterIngressFeatureSpec
include Google::Apis::Core::Hashable
# Deprecated: This field will be ignored and should not be set. Customer's
# billing structure.
# Corresponds to the JSON property `billing`
# @return [String]
attr_accessor :billing
# Fully-qualified Membership name which hosts the MultiClusterIngress CRD.
# Example: `projects/foo-proj/locations/global/memberships/bar`
# Corresponds to the JSON property `configMembership`
# @return [String]
attr_accessor :config_membership
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@billing = args[:billing] if args.key?(:billing)
@config_membership = args[:config_membership] if args.key?(:config_membership)
end
end
# This resource represents a long-running operation that is the result of a
# network API call.
class Operation
include Google::Apis::Core::Hashable
# If the value is `false`, it means the operation is still in progress. If `true`
# , the operation is completed, and either `error` or `response` is available.
# Corresponds to the JSON property `done`
# @return [Boolean]
attr_accessor :done
alias_method :done?, :done
# The `Status` type defines a logical error model that is suitable for different
# programming environments, including REST APIs and RPC APIs. It is used by [
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
# data: error code, error message, and error details. You can find out more
# about this error model and how to work with it in the [API Design Guide](https:
# //cloud.google.com/apis/design/errors).
# Corresponds to the JSON property `error`
# @return [Google::Apis::GkehubV1beta::GoogleRpcStatus]
attr_accessor :error
# Service-specific metadata associated with the operation. It typically contains
# progress information and common metadata such as create time. Some services
# might not provide such metadata. Any method that returns a long-running
# operation should document the metadata type, if any.
# Corresponds to the JSON property `metadata`
# @return [Hash<String,Object>]
attr_accessor :metadata
# The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the `name` should
# be a resource name ending with `operations/`unique_id``.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
# The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is `google.
# protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`,
# the response should be the resource. For other methods, the response should
# have the type `XxxResponse`, where `Xxx` is the original method name. For
# example, if the original method name is `TakeSnapshot()`, the inferred
# response type is `TakeSnapshotResponse`.
# Corresponds to the JSON property `response`
# @return [Hash<String,Object>]
attr_accessor :response
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@done = args[:done] if args.key?(:done)
@error = args[:error] if args.key?(:error)
@metadata = args[:metadata] if args.key?(:metadata)
@name = args[:name] if args.key?(:name)
@response = args[:response] if args.key?(:response)
end
end
# Represents the metadata of the long-running operation.
class OperationMetadata
include Google::Apis::Core::Hashable
# Output only. API version used to start the operation.
# Corresponds to the JSON property `apiVersion`
# @return [String]
attr_accessor :api_version
# Output only. Identifies whether the user has requested cancellation of the
# operation. Operations that have successfully been cancelled have Operation.
# error value with a google.rpc.Status.code of 1, corresponding to `Code.
# CANCELLED`.
# Corresponds to the JSON property `cancelRequested`
# @return [Boolean]
attr_accessor :cancel_requested
alias_method :cancel_requested?, :cancel_requested
# Output only. The time the operation was created.
# Corresponds to the JSON property `createTime`
# @return [String]
attr_accessor :create_time
# Output only. The time the operation finished running.
# Corresponds to the JSON property `endTime`
# @return [String]
attr_accessor :end_time
# Output only. Human-readable status of the operation, if any.
# Corresponds to the JSON property `statusDetail`
# @return [String]
attr_accessor :status_detail
# Output only. Server-defined resource path for the target of the operation.
# Corresponds to the JSON property `target`
# @return [String]
attr_accessor :target
# Output only. Name of the verb executed by the operation.
# Corresponds to the JSON property `verb`
# @return [String]
attr_accessor :verb
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@api_version = args[:api_version] if args.key?(:api_version)
@cancel_requested = args[:cancel_requested] if args.key?(:cancel_requested)
@create_time = args[:create_time] if args.key?(:create_time)
@end_time = args[:end_time] if args.key?(:end_time)
@status_detail = args[:status_detail] if args.key?(:status_detail)
@target = args[:target] if args.key?(:target)
@verb = args[:verb] if args.key?(:verb)
end
end
# An Identity and Access Management (IAM) policy, which specifies access
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
# A `binding` binds one or more `members`, or principals, to a single `role`.
# Principals can be user accounts, service accounts, Google groups, and domains (
# such as G Suite). A `role` is a named list of permissions; each `role` can be
# an IAM predefined role or a user-created custom role. For some types of Google
# Cloud resources, a `binding` can also specify a `condition`, which is a
# logical expression that allows access to a resource only if the expression
# evaluates to `true`. A condition can add constraints based on attributes of
# the request, the resource, or both. To learn which resources support
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
# ], "condition": ` "title": "expirable access", "description": "Does not grant
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
# bindings: - members: - user:mike@example.com - group:admins@example.com -
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
# access description: Does not grant access after Sep 2020 expression: request.
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
# a description of IAM and its features, see the [IAM documentation](https://
# cloud.google.com/iam/docs/).
class Policy
include Google::Apis::Core::Hashable
# Specifies cloud audit logging configuration for this policy.
# Corresponds to the JSON property `auditConfigs`
# @return [Array<Google::Apis::GkehubV1beta::AuditConfig>]
attr_accessor :audit_configs
# Associates a list of `members`, or principals, with a `role`. Optionally, may
# specify a `condition` that determines how and when the `bindings` are applied.
# Each of the `bindings` must contain at least one principal. The `bindings` in
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
# can be Google groups. Each occurrence of a principal counts towards these
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
# example.com`, and not to any other principal, then you can add another 1,450
# principals to the `bindings` in the `Policy`.
# Corresponds to the JSON property `bindings`
# @return [Array<Google::Apis::GkehubV1beta::Binding>]
attr_accessor :bindings
# `etag` is used for optimistic concurrency control as a way to help prevent
# simultaneous updates of a policy from overwriting each other. It is strongly
# suggested that systems make use of the `etag` in the read-modify-write cycle
# to perform policy updates in order to avoid race conditions: An `etag` is
# returned in the response to `getIamPolicy`, and systems are expected to put
# that etag in the request to `setIamPolicy` to ensure that their change will be
# applied to the same version of the policy. **Important:** If you use IAM
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
# If you omit this field, then IAM allows you to overwrite a version `3` policy
# with a version `1` policy, and all of the conditions in the version `3` policy
# are lost.
# Corresponds to the JSON property `etag`
# NOTE: Values are automatically base64 encoded/decoded in the client library.
# @return [String]
attr_accessor :etag
# Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
# Requests that specify an invalid value are rejected. Any operation that
# affects conditional role bindings must specify version `3`. This requirement
# applies to the following operations: * Getting a policy that includes a
# conditional role binding * Adding a conditional role binding to a policy *
# Changing a conditional role binding in a policy * Removing any role binding,
# with or without a condition, from a policy that includes conditions **
# Important:** If you use IAM Conditions, you must include the `etag` field
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
# to overwrite a version `3` policy with a version `1` policy, and all of the
# conditions in the version `3` policy are lost. If a policy does not include
# any conditions, operations on that policy may specify any valid version or
# leave the field unset. To learn which resources support conditions in their
# IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
# conditions/resource-policies).
# Corresponds to the JSON property `version`
# @return [Fixnum]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
@bindings = args[:bindings] if args.key?(:bindings)
@etag = args[:etag] if args.key?(:etag)
@version = args[:version] if args.key?(:version)
end
end
# Configuration for Policy Controller
class PolicyControllerHubConfig
include Google::Apis::Core::Hashable
# Sets the interval for Policy Controller Audit Scans (in seconds). When set to
# 0, this disables audit functionality altogether.
# Corresponds to the JSON property `auditIntervalSeconds`
# @return [Fixnum]
attr_accessor :audit_interval_seconds
# The set of namespaces that are excluded from Policy Controller checks.
# Namespaces do not need to currently exist on the cluster.
# Corresponds to the JSON property `exemptableNamespaces`
# @return [Array<String>]
attr_accessor :exemptable_namespaces
# The install_spec represents the intended state specified by the latest request
# that mutated install_spec in the feature spec, not the lifecycle state of the
# feature observed by the Hub feature controller that is reported in the feature
# state.
# Corresponds to the JSON property `installSpec`
# @return [String]
attr_accessor :install_spec
# Logs all denies and dry run failures.
# Corresponds to the JSON property `logDeniesEnabled`
# @return [Boolean]
attr_accessor :log_denies_enabled
alias_method :log_denies_enabled?, :log_denies_enabled
# Enables the ability to use Constraint Templates that reference to objects
# other than the object currently being evaluated.
# Corresponds to the JSON property `referentialRulesEnabled`
# @return [Boolean]
attr_accessor :referential_rules_enabled
alias_method :referential_rules_enabled?, :referential_rules_enabled
# The config specifying which default library templates to install.
# Corresponds to the JSON property `templateLibraryConfig`
# @return [Google::Apis::GkehubV1beta::PolicyControllerTemplateLibraryConfig]
attr_accessor :template_library_config
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audit_interval_seconds = args[:audit_interval_seconds] if args.key?(:audit_interval_seconds)
@exemptable_namespaces = args[:exemptable_namespaces] if args.key?(:exemptable_namespaces)
@install_spec = args[:install_spec] if args.key?(:install_spec)
@log_denies_enabled = args[:log_denies_enabled] if args.key?(:log_denies_enabled)
@referential_rules_enabled = args[:referential_rules_enabled] if args.key?(:referential_rules_enabled)
@template_library_config = args[:template_library_config] if args.key?(:template_library_config)
end
end
# State of the Policy Controller.
class PolicyControllerHubState
include Google::Apis::Core::Hashable
# Map from deployment name to deployment state. Example deployments are
# gatekeeper-controller-manager, gatekeeper-audit deployment, and gatekeeper-
# mutation.
# Corresponds to the JSON property `deploymentStates`
# @return [Hash<String,String>]
attr_accessor :deployment_states
# The build version of Gatekeeper that Policy Controller is using.
# Corresponds to the JSON property `version`
# @return [Google::Apis::GkehubV1beta::PolicyControllerHubVersion]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@deployment_states = args[:deployment_states] if args.key?(:deployment_states)
@version = args[:version] if args.key?(:version)
end
end
# The build version of Gatekeeper that Policy Controller is using.
class PolicyControllerHubVersion
include Google::Apis::Core::Hashable
# The gatekeeper image tag that is composed of ACM version, git tag, build
# number.
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@version = args[:version] if args.key?(:version)
end
end
# **Policy Controller**: Configuration for a single cluster. Intended to
# parallel the PolicyController CR.
class PolicyControllerMembershipSpec
include Google::Apis::Core::Hashable
# Configuration for Policy Controller
# Corresponds to the JSON property `policyControllerHubConfig`
# @return [Google::Apis::GkehubV1beta::PolicyControllerHubConfig]
attr_accessor :policy_controller_hub_config
# Version of Policy Controller installed.
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@policy_controller_hub_config = args[:policy_controller_hub_config] if args.key?(:policy_controller_hub_config)
@version = args[:version] if args.key?(:version)
end
end
# **Policy Controller**: State for a single cluster.
class PolicyControllerMembershipState
include Google::Apis::Core::Hashable
# The user-defined name for the cluster used by ClusterSelectors to group
# clusters together. This should match Membership's membership_name, unless the
# user installed PC on the cluster manually prior to enabling the PC hub feature.
# Unique within a Policy Controller installation.
# Corresponds to the JSON property `clusterName`
# @return [String]
attr_accessor :cluster_name
# **Policy Controller**: Configuration for a single cluster. Intended to
# parallel the PolicyController CR.
# Corresponds to the JSON property `membershipSpec`
# @return [Google::Apis::GkehubV1beta::PolicyControllerMembershipSpec]
attr_accessor :membership_spec
# State of the Policy Controller.
# Corresponds to the JSON property `policyControllerHubState`
# @return [Google::Apis::GkehubV1beta::PolicyControllerHubState]
attr_accessor :policy_controller_hub_state
# The lifecycle state Policy Controller is in.
# Corresponds to the JSON property `state`
# @return [String]
attr_accessor :state
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@cluster_name = args[:cluster_name] if args.key?(:cluster_name)
@membership_spec = args[:membership_spec] if args.key?(:membership_spec)
@policy_controller_hub_state = args[:policy_controller_hub_state] if args.key?(:policy_controller_hub_state)
@state = args[:state] if args.key?(:state)
end
end
# The config specifying which default library templates to install.
class PolicyControllerTemplateLibraryConfig
include Google::Apis::Core::Hashable
# Whether the standard template library should be installed or not.
# Corresponds to the JSON property `included`
# @return [Boolean]
attr_accessor :included
alias_method :included?, :included
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@included = args[:included] if args.key?(:included)
end
end
# Request message for `SetIamPolicy` method.
class SetIamPolicyRequest
include Google::Apis::Core::Hashable
# An Identity and Access Management (IAM) policy, which specifies access
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
# A `binding` binds one or more `members`, or principals, to a single `role`.
# Principals can be user accounts, service accounts, Google groups, and domains (
# such as G Suite). A `role` is a named list of permissions; each `role` can be
# an IAM predefined role or a user-created custom role. For some types of Google
# Cloud resources, a `binding` can also specify a `condition`, which is a
# logical expression that allows access to a resource only if the expression
# evaluates to `true`. A condition can add constraints based on attributes of
# the request, the resource, or both. To learn which resources support
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
# ], "condition": ` "title": "expirable access", "description": "Does not grant
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
# bindings: - members: - user:mike@example.com - group:admins@example.com -
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
# access description: Does not grant access after Sep 2020 expression: request.
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
# a description of IAM and its features, see the [IAM documentation](https://
# cloud.google.com/iam/docs/).
# Corresponds to the JSON property `policy`
# @return [Google::Apis::GkehubV1beta::Policy]
attr_accessor :policy
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
# the fields in the mask will be modified. If no mask is provided, the following
# default mask is used: `paths: "bindings, etag"`
# Corresponds to the JSON property `updateMask`
# @return [String]
attr_accessor :update_mask
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@policy = args[:policy] if args.key?(:policy)
@update_mask = args[:update_mask] if args.key?(:update_mask)
end
end
# Status specifies state for the subcomponent.
class Status
include Google::Apis::Core::Hashable
# Code specifies AppDevExperienceFeature's subcomponent ready state.
# Corresponds to the JSON property `code`
# @return [String]
attr_accessor :code
# Description is populated if Code is Failed, explaining why it has failed.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@code = args[:code] if args.key?(:code)
@description = args[:description] if args.key?(:description)
end
end
# Request message for `TestIamPermissions` method.
class TestIamPermissionsRequest
include Google::Apis::Core::Hashable
# The set of permissions to check for the `resource`. Permissions with wildcards
# (such as '*' or 'storage.*') are not allowed. For more information see [IAM
# Overview](https://cloud.google.com/iam/docs/overview#permissions).
# Corresponds to the JSON property `permissions`
# @return [Array<String>]
attr_accessor :permissions
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@permissions = args[:permissions] if args.key?(:permissions)
end
end
# Response message for `TestIamPermissions` method.
class TestIamPermissionsResponse
include Google::Apis::Core::Hashable
# A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
# Corresponds to the JSON property `permissions`
# @return [Array<String>]
attr_accessor :permissions
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@permissions = args[:permissions] if args.key?(:permissions)
end
end
end
end
end