// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * GKE Hub API Client for Deno * =========================== * * * * Docs: https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster * Source: https://googleapis.deno.dev/v1/gkehub:v2.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; export class GKEHub { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://gkehub.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Gets information about a location. * * @param name Resource name for the location. */ async projectsLocationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Location; } /** * Lists information about the supported locations for this service. * * @param name The resource that owns the locations collection, if applicable. */ async projectsLocationsList(name: string, opts: ProjectsLocationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }/locations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListLocationsResponse; } /** * Creates membershipFeature under a given parent. * * @param parent Required. The name of parent where the MembershipFeature will be created. Specified in the format `projects/*/locations/*/memberships/*`. */ async projectsLocationsMembershipsFeaturesCreate(parent: string, req: MembershipFeature, opts: ProjectsLocationsMembershipsFeaturesCreateOptions = {}): Promise { req = serializeMembershipFeature(req); const url = new URL(`${this.#baseUrl}v2/${ parent }/features`); if (opts.featureId !== undefined) { url.searchParams.append("featureId", String(opts.featureId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Removes a membershipFeature. * * @param name Required. The name of the membershipFeature to be deleted. Specified in the format `projects/*/locations/*/memberships/*/features/*`. */ async projectsLocationsMembershipsFeaturesDelete(name: string, opts: ProjectsLocationsMembershipsFeaturesDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * ========= MembershipFeature Services ========= Gets details of a * membershipFeature. * * @param name Required. The MembershipFeature resource name in the format `projects/*/locations/*/memberships/*/features/*`. */ async projectsLocationsMembershipsFeaturesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeMembershipFeature(data); } /** * Lists MembershipFeatures in a given project and location. * * @param parent Required. The parent where the MembershipFeature will be listed. In the format: `projects/*/locations/*/memberships/*`. */ async projectsLocationsMembershipsFeaturesList(parent: string, opts: ProjectsLocationsMembershipsFeaturesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v2/${ parent }/features`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListMembershipFeaturesResponse(data); } /** * Updates an existing MembershipFeature. * * @param name Output only. The resource name of the membershipFeature, in the format: `projects/{project}/locations/{location}/memberships/{membership}/features/{feature}`. Note that `membershipFeatures` is shortened to `features` in the resource name. (see http://go/aip/122#collection-identifiers) */ async projectsLocationsMembershipsFeaturesPatch(name: string, req: MembershipFeature, opts: ProjectsLocationsMembershipsFeaturesPatchOptions = {}): Promise { req = serializeMembershipFeature(req); opts = serializeProjectsLocationsMembershipsFeaturesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v2/${ name }`); if (opts.allowMissing !== undefined) { url.searchParams.append("allowMissing", String(opts.allowMissing)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async projectsLocationsOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Empty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async projectsLocationsOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async projectsLocationsOperationsList(name: string, opts: ProjectsLocationsOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v2/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } } /** * State for App Dev Exp Feature. */ export interface AppDevExperienceState { /** * Status of subcomponent that detects configured Service Mesh resources. */ networkingInstallSucceeded?: AppDevExperienceStatus; } /** * Status specifies state for the subcomponent. */ export interface AppDevExperienceStatus { /** * Code specifies AppDevExperienceFeature's subcomponent ready state. */ code?: | "CODE_UNSPECIFIED" | "OK" | "FAILED" | "UNKNOWN"; /** * Description is populated if Code is Failed, explaining why it has failed. */ description?: string; } /** * The request message for Operations.CancelOperation. */ export interface CancelOperationRequest { } /** * **Cloud Build**: Configurations for each Cloud Build enabled cluster. */ export interface CloudBuildSpec { /** * Whether it is allowed to run the privileged builds on the cluster or not. */ securityPolicy?: | "SECURITY_POLICY_UNSPECIFIED" | "NON_PRIVILEGED" | "PRIVILEGED"; /** * Version of the cloud build software on the cluster. */ version?: string; } /** * GKEUpgrade represents a GKE provided upgrade, e.g., control plane upgrade. */ export interface ClusterUpgradeGKEUpgrade { /** * Name of the upgrade, e.g., "k8s_control_plane". */ name?: string; /** * Version of the upgrade, e.g., "1.22.1-gke.100". */ version?: string; } /** * IgnoredMembership represents a membership ignored by the feature. A * membership can be ignored because it was manually upgraded to a newer version * than RC default. */ export interface ClusterUpgradeIgnoredMembership { /** * Time when the membership was first set to ignored. */ ignoredTime?: Date; /** * Reason why the membership is ignored. */ reason?: string; } function serializeClusterUpgradeIgnoredMembership(data: any): ClusterUpgradeIgnoredMembership { return { ...data, ignoredTime: data["ignoredTime"] !== undefined ? data["ignoredTime"].toISOString() : undefined, }; } function deserializeClusterUpgradeIgnoredMembership(data: any): ClusterUpgradeIgnoredMembership { return { ...data, ignoredTime: data["ignoredTime"] !== undefined ? new Date(data["ignoredTime"]) : undefined, }; } /** * MembershipGKEUpgradeState is a GKEUpgrade and its state per-membership. */ export interface ClusterUpgradeMembershipGKEUpgradeState { /** * Status of the upgrade. */ status?: ClusterUpgradeUpgradeStatus; /** * Which upgrade to track the state. */ upgrade?: ClusterUpgradeGKEUpgrade; } function serializeClusterUpgradeMembershipGKEUpgradeState(data: any): ClusterUpgradeMembershipGKEUpgradeState { return { ...data, status: data["status"] !== undefined ? serializeClusterUpgradeUpgradeStatus(data["status"]) : undefined, }; } function deserializeClusterUpgradeMembershipGKEUpgradeState(data: any): ClusterUpgradeMembershipGKEUpgradeState { return { ...data, status: data["status"] !== undefined ? deserializeClusterUpgradeUpgradeStatus(data["status"]) : undefined, }; } /** * Per-membership state for this feature. */ export interface ClusterUpgradeState { /** * Whether this membership is ignored by the feature. For example, manually * upgraded clusters can be ignored if they are newer than the default * versions of its release channel. */ ignored?: ClusterUpgradeIgnoredMembership; /** * Actual upgrade state against desired. */ upgrades?: ClusterUpgradeMembershipGKEUpgradeState[]; } function serializeClusterUpgradeState(data: any): ClusterUpgradeState { return { ...data, ignored: data["ignored"] !== undefined ? serializeClusterUpgradeIgnoredMembership(data["ignored"]) : undefined, upgrades: data["upgrades"] !== undefined ? data["upgrades"].map((item: any) => (serializeClusterUpgradeMembershipGKEUpgradeState(item))) : undefined, }; } function deserializeClusterUpgradeState(data: any): ClusterUpgradeState { return { ...data, ignored: data["ignored"] !== undefined ? deserializeClusterUpgradeIgnoredMembership(data["ignored"]) : undefined, upgrades: data["upgrades"] !== undefined ? data["upgrades"].map((item: any) => (deserializeClusterUpgradeMembershipGKEUpgradeState(item))) : undefined, }; } /** * UpgradeStatus provides status information for each upgrade. */ export interface ClusterUpgradeUpgradeStatus { /** * Status code of the upgrade. */ code?: | "CODE_UNSPECIFIED" | "INELIGIBLE" | "PENDING" | "IN_PROGRESS" | "SOAKING" | "FORCED_SOAKING" | "COMPLETE"; /** * Reason for this status. */ reason?: string; /** * Last timestamp the status was updated. */ updateTime?: Date; } function serializeClusterUpgradeUpgradeStatus(data: any): ClusterUpgradeUpgradeStatus { return { ...data, updateTime: data["updateTime"] !== undefined ? data["updateTime"].toISOString() : undefined, }; } function deserializeClusterUpgradeUpgradeStatus(data: any): ClusterUpgradeUpgradeStatus { return { ...data, updateTime: data["updateTime"] !== undefined ? new Date(data["updateTime"]) : undefined, }; } /** * Configuration for Binauthz. */ export interface ConfigManagementBinauthzConfig { /** * Whether binauthz is enabled in this cluster. */ enabled?: boolean; } /** * State for Binauthz. */ export interface ConfigManagementBinauthzState { /** * The version of binauthz that is installed. */ version?: ConfigManagementBinauthzVersion; /** * The state of the binauthz webhook. */ webhook?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; } /** * The version of binauthz. */ export interface ConfigManagementBinauthzVersion { /** * The version of the binauthz webhook. */ webhookVersion?: string; } /** * Configuration for Config Sync */ export interface ConfigManagementConfigSync { /** * Set to true to allow the vertical scaling. Defaults to false which * disallows vertical scaling. This field is deprecated. */ allowVerticalScale?: boolean; /** * Enables the installation of ConfigSync. If set to true, ConfigSync * resources will be created and the other ConfigSync fields will be applied * if exist. If set to false, all other ConfigSync fields will be ignored, * ConfigSync resources will be deleted. If omitted, ConfigSync resources will * be managed depends on the presence of the git or oci field. */ enabled?: boolean; /** * Git repo configuration for the cluster. */ git?: ConfigManagementGitConfig; /** * The Email of the Google Cloud Service Account (GSA) used for exporting * Config Sync metrics to Cloud Monitoring and Cloud Monarch when Workload * Identity is enabled. The GSA should have the Monitoring Metric Writer * (roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount * `default` in the namespace `config-management-monitoring` should be bound * to the GSA. Deprecated: If Workload Identity Federation for GKE is enabled, * Google Cloud Service Account is no longer needed for exporting Config Sync * metrics: * https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring. */ metricsGcpServiceAccountEmail?: string; /** * OCI repo configuration for the cluster. */ oci?: ConfigManagementOciConfig; /** * Set to true to enable the Config Sync admission webhook to prevent drifts. * If set to `false`, disables the Config Sync admission webhook and does not * prevent drifts. */ preventDrift?: boolean; /** * Specifies whether the Config Sync Repo is in "hierarchical" or * "unstructured" mode. */ sourceFormat?: string; /** * Set to true to stop syncing configs for a single cluster. Default to * false. */ stopSyncing?: boolean; } function serializeConfigManagementConfigSync(data: any): ConfigManagementConfigSync { return { ...data, git: data["git"] !== undefined ? serializeConfigManagementGitConfig(data["git"]) : undefined, oci: data["oci"] !== undefined ? serializeConfigManagementOciConfig(data["oci"]) : undefined, }; } function deserializeConfigManagementConfigSync(data: any): ConfigManagementConfigSync { return { ...data, git: data["git"] !== undefined ? deserializeConfigManagementGitConfig(data["git"]) : undefined, oci: data["oci"] !== undefined ? deserializeConfigManagementOciConfig(data["oci"]) : undefined, }; } /** * The state of ConfigSync's deployment on a cluster. */ export interface ConfigManagementConfigSyncDeploymentState { /** * Deployment state of admission-webhook. */ admissionWebhook?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of the git-sync pod. */ gitSync?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of the importer pod. */ importer?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of the monitor pod. */ monitor?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of otel-collector */ otelCollector?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of reconciler-manager pod. */ reconcilerManager?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of resource-group-controller-manager */ resourceGroupControllerManager?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of root-reconciler. */ rootReconciler?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Deployment state of the syncer pod. */ syncer?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; } /** * Errors pertaining to the installation of Config Sync */ export interface ConfigManagementConfigSyncError { /** * A string representing the user facing error message */ errorMessage?: string; } /** * State information for ConfigSync. */ export interface ConfigManagementConfigSyncState { /** * Whether syncing resources to the cluster is stopped at the cluster level. */ clusterLevelStopSyncingState?: | "STOP_SYNCING_STATE_UNSPECIFIED" | "NOT_STOPPED" | "PENDING" | "STOPPED"; /** * Output only. The number of RootSync and RepoSync CRs in the cluster. */ readonly crCount?: number; /** * Information about the deployment of ConfigSync, including the version. of * the various Pods deployed */ deploymentState?: ConfigManagementConfigSyncDeploymentState; /** * Errors pertaining to the installation of Config Sync. */ errors?: ConfigManagementConfigSyncError[]; /** * The state of the Reposync CRD */ reposyncCrd?: | "CRD_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "TERMINATING" | "INSTALLING"; /** * The state of the RootSync CRD */ rootsyncCrd?: | "CRD_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "TERMINATING" | "INSTALLING"; /** * The state of CS This field summarizes the other fields in this message. */ state?: | "STATE_UNSPECIFIED" | "CONFIG_SYNC_NOT_INSTALLED" | "CONFIG_SYNC_INSTALLED" | "CONFIG_SYNC_ERROR" | "CONFIG_SYNC_PENDING"; /** * The state of ConfigSync's process to sync configs to a cluster. */ syncState?: ConfigManagementSyncState; /** * The version of ConfigSync deployed. */ version?: ConfigManagementConfigSyncVersion; } function serializeConfigManagementConfigSyncState(data: any): ConfigManagementConfigSyncState { return { ...data, syncState: data["syncState"] !== undefined ? serializeConfigManagementSyncState(data["syncState"]) : undefined, }; } function deserializeConfigManagementConfigSyncState(data: any): ConfigManagementConfigSyncState { return { ...data, syncState: data["syncState"] !== undefined ? deserializeConfigManagementSyncState(data["syncState"]) : undefined, }; } /** * Specific versioning information pertaining to ConfigSync's Pods. */ export interface ConfigManagementConfigSyncVersion { /** * Version of the deployed admission-webhook pod. */ admissionWebhook?: string; /** * Version of the deployed git-sync pod. */ gitSync?: string; /** * Version of the deployed importer pod. */ importer?: string; /** * Version of the deployed monitor pod. */ monitor?: string; /** * Version of the deployed otel-collector pod */ otelCollector?: string; /** * Version of the deployed reconciler-manager pod. */ reconcilerManager?: string; /** * Version of the deployed resource-group-controller-manager pod */ resourceGroupControllerManager?: string; /** * Version of the deployed reconciler container in root-reconciler pod. */ rootReconciler?: string; /** * Version of the deployed syncer pod. */ syncer?: string; } /** * Model for a config file in the git repo with an associated Sync error. */ export interface ConfigManagementErrorResource { /** * Group/version/kind of the resource that is causing an error */ resourceGvk?: ConfigManagementGroupVersionKind; /** * Metadata name of the resource that is causing an error */ resourceName?: string; /** * Namespace of the resource that is causing an error */ resourceNamespace?: string; /** * Path in the git repo of the erroneous config */ sourcePath?: string; } /** * State of Policy Controller installation. */ export interface ConfigManagementGatekeeperDeploymentState { /** * Status of gatekeeper-audit deployment. */ gatekeeperAudit?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Status of gatekeeper-controller-manager pod. */ gatekeeperControllerManagerState?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Status of the pod serving the mutation webhook. */ gatekeeperMutation?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; } /** * Git repo configuration for a single cluster. */ export interface ConfigManagementGitConfig { /** * The Google Cloud Service Account Email used for auth when secret_type is * gcpServiceAccount. */ gcpServiceAccountEmail?: string; /** * URL for the HTTPS proxy to be used when communicating with the Git repo. */ httpsProxy?: string; /** * The path within the Git repository that represents the top level of the * repo to sync. Default: the root directory of the repository. */ policyDir?: string; /** * Type of secret configured for access to the Git repo. Must be one of ssh, * cookiefile, gcenode, token, gcpserviceaccount or none. The validation of * this is case-sensitive. Required. */ secretType?: string; /** * The branch of the repository to sync from. Default: master. */ syncBranch?: string; /** * The URL of the Git repository to use as the source of truth. */ syncRepo?: string; /** * Git revision (tag or hash) to check out. Default HEAD. */ syncRev?: string; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: bigint; } function serializeConfigManagementGitConfig(data: any): ConfigManagementGitConfig { return { ...data, syncWaitSecs: data["syncWaitSecs"] !== undefined ? String(data["syncWaitSecs"]) : undefined, }; } function deserializeConfigManagementGitConfig(data: any): ConfigManagementGitConfig { return { ...data, syncWaitSecs: data["syncWaitSecs"] !== undefined ? BigInt(data["syncWaitSecs"]) : undefined, }; } /** * A Kubernetes object's GVK. */ export interface ConfigManagementGroupVersionKind { /** * Kubernetes Group */ group?: string; /** * Kubernetes Kind */ kind?: string; /** * Kubernetes Version */ version?: string; } /** * Configuration for Hierarchy Controller. */ export interface ConfigManagementHierarchyControllerConfig { /** * Whether Hierarchy Controller is enabled in this cluster. */ enabled?: boolean; /** * Whether hierarchical resource quota is enabled in this cluster. */ enableHierarchicalResourceQuota?: boolean; /** * Whether pod tree labels are enabled in this cluster. */ enablePodTreeLabels?: boolean; } /** * Deployment state for Hierarchy Controller */ export interface ConfigManagementHierarchyControllerDeploymentState { /** * The deployment state for Hierarchy Controller extension (e.g. * v0.7.0-hc.1). */ extension?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * The deployment state for open source HNC (e.g. v0.7.0-hc.0). */ hnc?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; } /** * State for Hierarchy Controller. */ export interface ConfigManagementHierarchyControllerState { /** * The deployment state for Hierarchy Controller. */ state?: ConfigManagementHierarchyControllerDeploymentState; /** * The version for Hierarchy Controller. */ version?: ConfigManagementHierarchyControllerVersion; } /** * Version for Hierarchy Controller. */ export interface ConfigManagementHierarchyControllerVersion { /** * Version for Hierarchy Controller extension. */ extension?: string; /** * Version for open source HNC. */ hnc?: string; } /** * Errors pertaining to the installation of ACM. */ export interface ConfigManagementInstallError { /** * A string representing the user facing error message. */ errorMessage?: string; } /** * OCI repo configuration for a single cluster. */ export interface ConfigManagementOciConfig { /** * The Google Cloud Service Account Email used for auth when secret_type is * gcpServiceAccount. */ gcpServiceAccountEmail?: string; /** * The absolute path of the directory that contains the local resources. * Default: the root directory of the image. */ policyDir?: string; /** * Type of secret configured for access to the Git repo. */ secretType?: string; /** * The OCI image repository URL for the package to sync from. e.g. * `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`. */ syncRepo?: string; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: bigint; } function serializeConfigManagementOciConfig(data: any): ConfigManagementOciConfig { return { ...data, syncWaitSecs: data["syncWaitSecs"] !== undefined ? String(data["syncWaitSecs"]) : undefined, }; } function deserializeConfigManagementOciConfig(data: any): ConfigManagementOciConfig { return { ...data, syncWaitSecs: data["syncWaitSecs"] !== undefined ? BigInt(data["syncWaitSecs"]) : undefined, }; } /** * State information for an ACM's Operator. */ export interface ConfigManagementOperatorState { /** * The state of the Operator's deployment. */ deploymentState?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLED" | "ERROR" | "PENDING"; /** * Install errors. */ errors?: ConfigManagementInstallError[]; /** * The semenatic version number of the operator. */ version?: string; } /** * Configuration for Policy Controller */ export interface ConfigManagementPolicyController { /** * Sets the interval for Policy Controller Audit Scans (in seconds). When set * to 0, this disables audit functionality altogether. */ auditIntervalSeconds?: bigint; /** * Enables the installation of Policy Controller. If false, the rest of * PolicyController fields take no effect. */ enabled?: boolean; /** * The set of namespaces that are excluded from Policy Controller checks. * Namespaces do not need to currently exist on the cluster. */ exemptableNamespaces?: string[]; /** * Logs all denies and dry run failures. */ logDeniesEnabled?: boolean; /** * Monitoring specifies the configuration of monitoring. */ monitoring?: ConfigManagementPolicyControllerMonitoring; /** * Enable or disable mutation in policy controller. If true, mutation CRDs, * webhook and controller deployment will be deployed to the cluster. */ mutationEnabled?: boolean; /** * Enables the ability to use Constraint Templates that reference to objects * other than the object currently being evaluated. */ referentialRulesEnabled?: boolean; /** * Installs the default template library along with Policy Controller. */ templateLibraryInstalled?: boolean; /** * Output only. Last time this membership spec was updated. */ readonly updateTime?: Date; } function serializeConfigManagementPolicyController(data: any): ConfigManagementPolicyController { return { ...data, auditIntervalSeconds: data["auditIntervalSeconds"] !== undefined ? String(data["auditIntervalSeconds"]) : undefined, }; } function deserializeConfigManagementPolicyController(data: any): ConfigManagementPolicyController { return { ...data, auditIntervalSeconds: data["auditIntervalSeconds"] !== undefined ? BigInt(data["auditIntervalSeconds"]) : undefined, updateTime: data["updateTime"] !== undefined ? new Date(data["updateTime"]) : undefined, }; } /** * State for the migration of PolicyController from ACM -> PoCo Hub. */ export interface ConfigManagementPolicyControllerMigration { /** * Last time this membership spec was copied to PoCo feature. */ copyTime?: Date; /** * Stage of the migration. */ stage?: | "STAGE_UNSPECIFIED" | "ACM_MANAGED" | "POCO_MANAGED"; } function serializeConfigManagementPolicyControllerMigration(data: any): ConfigManagementPolicyControllerMigration { return { ...data, copyTime: data["copyTime"] !== undefined ? data["copyTime"].toISOString() : undefined, }; } function deserializeConfigManagementPolicyControllerMigration(data: any): ConfigManagementPolicyControllerMigration { return { ...data, copyTime: data["copyTime"] !== undefined ? new Date(data["copyTime"]) : undefined, }; } /** * PolicyControllerMonitoring specifies the backends Policy Controller should * export metrics to. For example, to specify metrics should be exported to * Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", * "prometheus"] */ export interface ConfigManagementPolicyControllerMonitoring { /** * Specifies the list of backends Policy Controller will export to. An empty * list would effectively disable metrics export. */ backends?: | "MONITORING_BACKEND_UNSPECIFIED" | "PROMETHEUS" | "CLOUD_MONITORING"[]; } /** * State for PolicyControllerState. */ export interface ConfigManagementPolicyControllerState { /** * The state about the policy controller installation. */ deploymentState?: ConfigManagementGatekeeperDeploymentState; /** * Record state of ACM -> PoCo Hub migration for this feature. */ migration?: ConfigManagementPolicyControllerMigration; /** * The version of Gatekeeper Policy Controller deployed. */ version?: ConfigManagementPolicyControllerVersion; } function serializeConfigManagementPolicyControllerState(data: any): ConfigManagementPolicyControllerState { return { ...data, migration: data["migration"] !== undefined ? serializeConfigManagementPolicyControllerMigration(data["migration"]) : undefined, }; } function deserializeConfigManagementPolicyControllerState(data: any): ConfigManagementPolicyControllerState { return { ...data, migration: data["migration"] !== undefined ? deserializeConfigManagementPolicyControllerMigration(data["migration"]) : undefined, }; } /** * The build version of Gatekeeper Policy Controller is using. */ export interface ConfigManagementPolicyControllerVersion { /** * The gatekeeper image tag that is composed of ACM version, git tag, build * number. */ version?: string; } /** * **Anthos Config Management**: Configuration for a single cluster. Intended * to parallel the ConfigManagement CR. */ export interface ConfigManagementSpec { /** * Binauthz conifguration for the cluster. Deprecated: This field will be * ignored and should not be set. */ binauthz?: ConfigManagementBinauthzConfig; /** * The user-specified cluster name used by Config Sync cluster-name-selector * annotation or ClusterSelector, for applying configs to only a subset of * clusters. Omit this field if the cluster's fleet membership name is used by * Config Sync cluster-name-selector annotation or ClusterSelector. Set this * field if a name different from the cluster's fleet membership name is used * by Config Sync cluster-name-selector annotation or ClusterSelector. */ cluster?: string; /** * Config Sync configuration for the cluster. */ configSync?: ConfigManagementConfigSync; /** * Hierarchy Controller configuration for the cluster. Deprecated: * Configuring Hierarchy Controller through the configmanagement feature is no * longer recommended. Use * https://github.com/kubernetes-sigs/hierarchical-namespaces instead. */ hierarchyController?: ConfigManagementHierarchyControllerConfig; /** * Enables automatic Feature management. */ management?: | "MANAGEMENT_UNSPECIFIED" | "MANAGEMENT_AUTOMATIC" | "MANAGEMENT_MANUAL"; /** * Policy Controller configuration for the cluster. Deprecated: Configuring * Policy Controller through the configmanagement feature is no longer * recommended. Use the policycontroller feature instead. */ policyController?: ConfigManagementPolicyController; /** * Version of ACM installed. */ version?: string; } function serializeConfigManagementSpec(data: any): ConfigManagementSpec { return { ...data, configSync: data["configSync"] !== undefined ? serializeConfigManagementConfigSync(data["configSync"]) : undefined, policyController: data["policyController"] !== undefined ? serializeConfigManagementPolicyController(data["policyController"]) : undefined, }; } function deserializeConfigManagementSpec(data: any): ConfigManagementSpec { return { ...data, configSync: data["configSync"] !== undefined ? deserializeConfigManagementConfigSync(data["configSync"]) : undefined, policyController: data["policyController"] !== undefined ? deserializeConfigManagementPolicyController(data["policyController"]) : undefined, }; } /** * **Anthos Config Management**: State for a single cluster. */ export interface ConfigManagementState { /** * Binauthz status. */ binauthzState?: ConfigManagementBinauthzState; /** * This field is set to the `cluster_name` field of the Membership Spec if it * is not empty. Otherwise, it is set to the cluster's fleet membership name. */ clusterName?: string; /** * Current sync status. */ configSyncState?: ConfigManagementConfigSyncState; /** * Hierarchy Controller status. */ hierarchyControllerState?: ConfigManagementHierarchyControllerState; /** * Membership configuration in the cluster. This represents the actual state * in the cluster, while the MembershipSpec in the FeatureSpec represents the * intended state. */ membershipSpec?: ConfigManagementSpec; /** * Current install status of ACM's Operator. */ operatorState?: ConfigManagementOperatorState; /** * PolicyController status. */ policyControllerState?: ConfigManagementPolicyControllerState; } function serializeConfigManagementState(data: any): ConfigManagementState { return { ...data, configSyncState: data["configSyncState"] !== undefined ? serializeConfigManagementConfigSyncState(data["configSyncState"]) : undefined, membershipSpec: data["membershipSpec"] !== undefined ? serializeConfigManagementSpec(data["membershipSpec"]) : undefined, policyControllerState: data["policyControllerState"] !== undefined ? serializeConfigManagementPolicyControllerState(data["policyControllerState"]) : undefined, }; } function deserializeConfigManagementState(data: any): ConfigManagementState { return { ...data, configSyncState: data["configSyncState"] !== undefined ? deserializeConfigManagementConfigSyncState(data["configSyncState"]) : undefined, membershipSpec: data["membershipSpec"] !== undefined ? deserializeConfigManagementSpec(data["membershipSpec"]) : undefined, policyControllerState: data["policyControllerState"] !== undefined ? deserializeConfigManagementPolicyControllerState(data["policyControllerState"]) : undefined, }; } /** * An ACM created error representing a problem syncing configurations. */ export interface ConfigManagementSyncError { /** * An ACM defined error code */ code?: string; /** * A description of the error */ errorMessage?: string; /** * A list of config(s) associated with the error, if any */ errorResources?: ConfigManagementErrorResource[]; } /** * State indicating an ACM's progress syncing configurations to a cluster. */ export interface ConfigManagementSyncState { /** * Sync status code. */ code?: | "SYNC_CODE_UNSPECIFIED" | "SYNCED" | "PENDING" | "ERROR" | "NOT_CONFIGURED" | "NOT_INSTALLED" | "UNAUTHORIZED" | "UNREACHABLE"; /** * A list of errors resulting from problematic configs. This list will be * truncated after 100 errors, although it is unlikely for that many errors to * simultaneously exist. */ errors?: ConfigManagementSyncError[]; /** * Token indicating the state of the importer. */ importToken?: string; /** * Deprecated: use last_sync_time instead. Timestamp of when ACM last * successfully synced the repo. The time format is specified in * https://golang.org/pkg/time/#Time.String */ lastSync?: string; /** * Timestamp type of when ACM last successfully synced the repo. */ lastSyncTime?: Date; /** * Token indicating the state of the repo. */ sourceToken?: string; /** * Token indicating the state of the syncer. */ syncToken?: string; } function serializeConfigManagementSyncState(data: any): ConfigManagementSyncState { return { ...data, lastSyncTime: data["lastSyncTime"] !== undefined ? data["lastSyncTime"].toISOString() : undefined, }; } function deserializeConfigManagementSyncState(data: any): ConfigManagementSyncState { return { ...data, lastSyncTime: data["lastSyncTime"] !== undefined ? new Date(data["lastSyncTime"]) : undefined, }; } /** * A generic empty message that you can re-use to avoid defining duplicated * empty messages in your APIs. A typical example is to use it as the request or * the response type of an API method. For instance: service Foo { rpc * Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } */ export interface Empty { } /** * Information of the FeatureConfig applied on the MembershipFeature. */ export interface FeatureConfigRef { /** * Input only. Resource name of FeatureConfig, in the format: * `projects/{project}/locations/global/featureConfigs/{feature_config}`. */ config?: string; /** * Output only. When the FeatureConfig was last applied and copied to * FeatureSpec. */ readonly configUpdateTime?: Date; /** * Output only. An id that uniquely identify a FeatureConfig object. */ readonly uuid?: string; } /** * FeatureSpec contains user input per-feature spec information. */ export interface FeatureSpec { /** * Cloudbuild-specific FeatureSpec. */ cloudbuild?: CloudBuildSpec; /** * Config Management FeatureSpec. */ configmanagement?: ConfigManagementSpec; /** * IdentityService FeatureSpec. */ identityservice?: IdentityServiceSpec; /** * Whether this per-Feature spec was inherited from a fleet-level default. * This field can be updated by users by either overriding a Feature config * (updated to USER implicitly) or setting to FLEET explicitly. */ origin?: Origin; /** * Policycontroller-specific FeatureSpec. */ policycontroller?: PolicyControllerSpec; /** * ServiceMesh Feature Spec. */ servicemesh?: ServiceMeshSpec; /** * Workloadcertificate-specific FeatureSpec. */ workloadcertificate?: WorkloadCertificateSpec; } function serializeFeatureSpec(data: any): FeatureSpec { return { ...data, configmanagement: data["configmanagement"] !== undefined ? serializeConfigManagementSpec(data["configmanagement"]) : undefined, identityservice: data["identityservice"] !== undefined ? serializeIdentityServiceSpec(data["identityservice"]) : undefined, policycontroller: data["policycontroller"] !== undefined ? serializePolicyControllerSpec(data["policycontroller"]) : undefined, }; } function deserializeFeatureSpec(data: any): FeatureSpec { return { ...data, configmanagement: data["configmanagement"] !== undefined ? deserializeConfigManagementSpec(data["configmanagement"]) : undefined, identityservice: data["identityservice"] !== undefined ? deserializeIdentityServiceSpec(data["identityservice"]) : undefined, policycontroller: data["policycontroller"] !== undefined ? deserializePolicyControllerSpec(data["policycontroller"]) : undefined, }; } /** * FeatureState contains high-level state information and per-feature state * information for this MembershipFeature. */ export interface FeatureState { /** * Appdevexperience specific state. */ appdevexperience?: AppDevExperienceState; /** * Cluster upgrade state. */ clusterupgrade?: ClusterUpgradeState; /** * Config Management state */ configmanagement?: ConfigManagementState; /** * Identity service state */ identityservice?: IdentityServiceState; /** * Metering state */ metering?: MeteringState; /** * Policy Controller state */ policycontroller?: PolicyControllerState; /** * Service mesh state */ servicemesh?: ServiceMeshState; /** * The high-level state of this MembershipFeature. */ state?: State; } function serializeFeatureState(data: any): FeatureState { return { ...data, clusterupgrade: data["clusterupgrade"] !== undefined ? serializeClusterUpgradeState(data["clusterupgrade"]) : undefined, configmanagement: data["configmanagement"] !== undefined ? serializeConfigManagementState(data["configmanagement"]) : undefined, identityservice: data["identityservice"] !== undefined ? serializeIdentityServiceState(data["identityservice"]) : undefined, metering: data["metering"] !== undefined ? serializeMeteringState(data["metering"]) : undefined, state: data["state"] !== undefined ? serializeState(data["state"]) : undefined, }; } function deserializeFeatureState(data: any): FeatureState { return { ...data, clusterupgrade: data["clusterupgrade"] !== undefined ? deserializeClusterUpgradeState(data["clusterupgrade"]) : undefined, configmanagement: data["configmanagement"] !== undefined ? deserializeConfigManagementState(data["configmanagement"]) : undefined, identityservice: data["identityservice"] !== undefined ? deserializeIdentityServiceState(data["identityservice"]) : undefined, metering: data["metering"] !== undefined ? deserializeMeteringState(data["metering"]) : undefined, state: data["state"] !== undefined ? deserializeState(data["state"]) : undefined, }; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface GoogleRpcStatus { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * Configuration of an auth method for a member/cluster. Only one * authentication method (e.g., OIDC and LDAP) can be set per AuthMethod. */ export interface IdentityServiceAuthMethod { /** * AzureAD specific Configuration. */ azureadConfig?: IdentityServiceAzureADConfig; /** * GoogleConfig specific configuration */ googleConfig?: IdentityServiceGoogleConfig; /** * LDAP specific configuration. */ ldapConfig?: IdentityServiceLdapConfig; /** * Identifier for auth config. */ name?: string; /** * OIDC specific configuration. */ oidcConfig?: IdentityServiceOidcConfig; /** * Proxy server address to use for auth method. */ proxy?: string; /** * SAML specific configuration. */ samlConfig?: IdentityServiceSamlConfig; } function serializeIdentityServiceAuthMethod(data: any): IdentityServiceAuthMethod { return { ...data, ldapConfig: data["ldapConfig"] !== undefined ? serializeIdentityServiceLdapConfig(data["ldapConfig"]) : undefined, }; } function deserializeIdentityServiceAuthMethod(data: any): IdentityServiceAuthMethod { return { ...data, ldapConfig: data["ldapConfig"] !== undefined ? deserializeIdentityServiceLdapConfig(data["ldapConfig"]) : undefined, }; } /** * Configuration for the AzureAD Auth flow. */ export interface IdentityServiceAzureADConfig { /** * ID for the registered client application that makes authentication * requests to the Azure AD identity provider. */ clientId?: string; /** * Input only. Unencrypted AzureAD client secret will be passed to the GKE * Hub CLH. */ clientSecret?: string; /** * Output only. Encrypted AzureAD client secret. */ readonly encryptedClientSecret?: Uint8Array; /** * Optional. Format of the AzureAD groups that the client wants for auth. */ groupFormat?: string; /** * The redirect URL that kubectl uses for authorization. */ kubectlRedirectUri?: string; /** * Kind of Azure AD account to be authenticated. Supported values are or for * accounts belonging to a specific tenant. */ tenant?: string; /** * Optional. Claim in the AzureAD ID Token that holds the user details. */ userClaim?: string; } /** * Configuration options for the AIS diagnostic interface. */ export interface IdentityServiceDiagnosticInterface { /** * Determines whether to enable the diagnostic interface. */ enabled?: boolean; /** * Determines the expiration time of the diagnostic interface enablement. * When reached, requests to the interface would be automatically rejected. */ expirationTime?: Date; } function serializeIdentityServiceDiagnosticInterface(data: any): IdentityServiceDiagnosticInterface { return { ...data, expirationTime: data["expirationTime"] !== undefined ? data["expirationTime"].toISOString() : undefined, }; } function deserializeIdentityServiceDiagnosticInterface(data: any): IdentityServiceDiagnosticInterface { return { ...data, expirationTime: data["expirationTime"] !== undefined ? new Date(data["expirationTime"]) : undefined, }; } /** * Configuration for the Google Plugin Auth flow. */ export interface IdentityServiceGoogleConfig { /** * Disable automatic configuration of Google Plugin on supported platforms. */ disable?: boolean; } /** * Contains the properties for locating and authenticating groups in the * directory. */ export interface IdentityServiceGroupConfig { /** * Required. The location of the subtree in the LDAP directory to search for * group entries. */ baseDn?: string; /** * Optional. Optional filter to be used when searching for groups a user * belongs to. This can be used to explicitly match only certain groups in * order to reduce the amount of groups returned for each user. This defaults * to "(objectClass=Group)". */ filter?: string; /** * Optional. The identifying name of each group a user belongs to. For * example, if this is set to "distinguishedName" then RBACs and other group * expectations should be written as full DNs. This defaults to * "distinguishedName". */ idAttribute?: string; } /** * Holds non-protocol-related configuration options. */ export interface IdentityServiceIdentityServiceOptions { /** * Configuration options for the AIS diagnostic interface. */ diagnosticInterface?: IdentityServiceDiagnosticInterface; /** * Determines the lifespan of STS tokens issued by Anthos Identity Service. */ sessionDuration?: number /* Duration */; } function serializeIdentityServiceIdentityServiceOptions(data: any): IdentityServiceIdentityServiceOptions { return { ...data, diagnosticInterface: data["diagnosticInterface"] !== undefined ? serializeIdentityServiceDiagnosticInterface(data["diagnosticInterface"]) : undefined, sessionDuration: data["sessionDuration"] !== undefined ? data["sessionDuration"] : undefined, }; } function deserializeIdentityServiceIdentityServiceOptions(data: any): IdentityServiceIdentityServiceOptions { return { ...data, diagnosticInterface: data["diagnosticInterface"] !== undefined ? deserializeIdentityServiceDiagnosticInterface(data["diagnosticInterface"]) : undefined, sessionDuration: data["sessionDuration"] !== undefined ? data["sessionDuration"] : undefined, }; } /** * Configuration for the LDAP Auth flow. */ export interface IdentityServiceLdapConfig { /** * Optional. Contains the properties for locating and authenticating groups * in the directory. */ group?: IdentityServiceGroupConfig; /** * Required. Server settings for the external LDAP server. */ server?: IdentityServiceServerConfig; /** * Required. Contains the credentials of the service account which is * authorized to perform the LDAP search in the directory. The credentials can * be supplied by the combination of the DN and password or the client * certificate. */ serviceAccount?: IdentityServiceServiceAccountConfig; /** * Required. Defines where users exist in the LDAP directory. */ user?: IdentityServiceUserConfig; } function serializeIdentityServiceLdapConfig(data: any): IdentityServiceLdapConfig { return { ...data, server: data["server"] !== undefined ? serializeIdentityServiceServerConfig(data["server"]) : undefined, }; } function deserializeIdentityServiceLdapConfig(data: any): IdentityServiceLdapConfig { return { ...data, server: data["server"] !== undefined ? deserializeIdentityServiceServerConfig(data["server"]) : undefined, }; } /** * Configuration for OIDC Auth flow. */ export interface IdentityServiceOidcConfig { /** * PEM-encoded CA for OIDC provider. */ certificateAuthorityData?: string; /** * ID for OIDC client application. */ clientId?: string; /** * Input only. Unencrypted OIDC client secret will be passed to the GKE Hub * CLH. */ clientSecret?: string; /** * Flag to denote if reverse proxy is used to connect to auth provider. This * flag should be set to true when provider is not reachable by Google Cloud * Console. */ deployCloudConsoleProxy?: boolean; /** * Enable access token. */ enableAccessToken?: boolean; /** * Output only. Encrypted OIDC Client secret */ readonly encryptedClientSecret?: Uint8Array; /** * Comma-separated list of key-value pairs. */ extraParams?: string; /** * Prefix to prepend to group name. */ groupPrefix?: string; /** * Claim in OIDC ID token that holds group information. */ groupsClaim?: string; /** * URI for the OIDC provider. This should point to the level below * .well-known/openid-configuration. */ issuerUri?: string; /** * Registered redirect uri to redirect users going through OAuth flow using * kubectl plugin. */ kubectlRedirectUri?: string; /** * Comma-separated list of identifiers. */ scopes?: string; /** * Claim in OIDC ID token that holds username. */ userClaim?: string; /** * Prefix to prepend to user name. */ userPrefix?: string; } /** * Configuration for the SAML Auth flow. */ export interface IdentityServiceSamlConfig { /** * Optional. The mapping of additional user attributes like nickname, * birthday and address etc.. `key` is the name of this additional attribute. * `value` is a string presenting as CEL(common expression language, go/cel) * used for getting the value from the resources. Take nickname as an example, * in this case, `key` is "attribute.nickname" and `value` is * "assertion.nickname". */ attributeMapping?: { [key: string]: string }; /** * Optional. Prefix to prepend to group name. */ groupPrefix?: string; /** * Optional. The SAML attribute to read groups from. This value is expected * to be a string and will be passed along as-is (with the option of being * prefixed by the `group_prefix`). */ groupsAttribute?: string; /** * Required. The list of IdP certificates to validate the SAML response * against. */ identityProviderCertificates?: string[]; /** * Required. The entity ID of the SAML IdP. */ identityProviderId?: string; /** * Required. The URI where the SAML IdP exposes the SSO service. */ identityProviderSsoUri?: string; /** * Optional. The SAML attribute to read username from. If unspecified, the * username will be read from the NameID element of the assertion in SAML * response. This value is expected to be a string and will be passed along * as-is (with the option of being prefixed by the `user_prefix`). */ userAttribute?: string; /** * Optional. Prefix to prepend to user name. */ userPrefix?: string; } /** * Server settings for the external LDAP server. */ export interface IdentityServiceServerConfig { /** * Optional. Contains a Base64 encoded, PEM formatted certificate authority * certificate for the LDAP server. This must be provided for the "ldaps" and * "startTLS" connections. */ certificateAuthorityData?: Uint8Array; /** * Optional. Defines the connection type to communicate with the LDAP server. * If `starttls` or `ldaps` is specified, the certificate_authority_data * should not be empty. */ connectionType?: string; /** * Required. Defines the hostname or IP of the LDAP server. Port is optional * and will default to 389, if unspecified. For example, "ldap.server.example" * or "10.10.10.10:389". */ host?: string; } function serializeIdentityServiceServerConfig(data: any): IdentityServiceServerConfig { return { ...data, certificateAuthorityData: data["certificateAuthorityData"] !== undefined ? encodeBase64(data["certificateAuthorityData"]) : undefined, }; } function deserializeIdentityServiceServerConfig(data: any): IdentityServiceServerConfig { return { ...data, certificateAuthorityData: data["certificateAuthorityData"] !== undefined ? decodeBase64(data["certificateAuthorityData"] as string) : undefined, }; } /** * Contains the credentials of the service account which is authorized to * perform the LDAP search in the directory. The credentials can be supplied by * the combination of the DN and password or the client certificate. */ export interface IdentityServiceServiceAccountConfig { /** * Credentials for basic auth. */ simpleBindCredentials?: IdentityServiceSimpleBindCredentials; } /** * The structure holds the LDAP simple binding credential. */ export interface IdentityServiceSimpleBindCredentials { /** * Required. The distinguished name(DN) of the service account object/user. */ dn?: string; /** * Output only. The encrypted password of the service account object/user. */ readonly encryptedPassword?: Uint8Array; /** * Required. Input only. The password of the service account object/user. */ password?: string; } /** * **IdentityService**: Configuration for a single membership. */ export interface IdentityServiceSpec { /** * A member may support multiple auth methods. */ authMethods?: IdentityServiceAuthMethod[]; /** * Optional. non-protocol-related configuration options. */ identityServiceOptions?: IdentityServiceIdentityServiceOptions; } function serializeIdentityServiceSpec(data: any): IdentityServiceSpec { return { ...data, authMethods: data["authMethods"] !== undefined ? data["authMethods"].map((item: any) => (serializeIdentityServiceAuthMethod(item))) : undefined, identityServiceOptions: data["identityServiceOptions"] !== undefined ? serializeIdentityServiceIdentityServiceOptions(data["identityServiceOptions"]) : undefined, }; } function deserializeIdentityServiceSpec(data: any): IdentityServiceSpec { return { ...data, authMethods: data["authMethods"] !== undefined ? data["authMethods"].map((item: any) => (deserializeIdentityServiceAuthMethod(item))) : undefined, identityServiceOptions: data["identityServiceOptions"] !== undefined ? deserializeIdentityServiceIdentityServiceOptions(data["identityServiceOptions"]) : undefined, }; } /** * **IdentityService**: State for a single membership, analyzed and reported by * feature controller. */ export interface IdentityServiceState { /** * The reason of the failure. */ failureReason?: string; /** * Installed AIS version. This is the AIS version installed on this member. * The values makes sense iff state is OK. */ installedVersion?: string; /** * Last reconciled membership configuration */ memberConfig?: IdentityServiceSpec; /** * Deployment state on this member */ state?: | "DEPLOYMENT_STATE_UNSPECIFIED" | "OK" | "ERROR"; } function serializeIdentityServiceState(data: any): IdentityServiceState { return { ...data, memberConfig: data["memberConfig"] !== undefined ? serializeIdentityServiceSpec(data["memberConfig"]) : undefined, }; } function deserializeIdentityServiceState(data: any): IdentityServiceState { return { ...data, memberConfig: data["memberConfig"] !== undefined ? deserializeIdentityServiceSpec(data["memberConfig"]) : undefined, }; } /** * Defines where users exist in the LDAP directory. */ export interface IdentityServiceUserConfig { /** * Required. The location of the subtree in the LDAP directory to search for * user entries. */ baseDn?: string; /** * Optional. Filter to apply when searching for the user. This can be used to * further restrict the user accounts which are allowed to login. This * defaults to "(objectClass=User)". */ filter?: string; /** * Optional. Determines which attribute to use as the user's identity after * they are authenticated. This is distinct from the loginAttribute field to * allow users to login with a username, but then have their actual identifier * be an email address or full Distinguished Name (DN). For example, setting * loginAttribute to "sAMAccountName" and identifierAttribute to * "userPrincipalName" would allow a user to login as "bsmith", but actual * RBAC policies for the user would be written as "bsmith@example.com". Using * "userPrincipalName" is recommended since this will be unique for each user. * This defaults to "userPrincipalName". */ idAttribute?: string; /** * Optional. The name of the attribute which matches against the input * username. This is used to find the user in the LDAP database e.g. "(=)" and * is combined with the optional filter field. This defaults to * "userPrincipalName". */ loginAttribute?: string; } /** * LifecycleState describes the state of a MembershipFeature *resource* in the * GkeHub API. See `FeatureState` for the "running state" of the * MembershipFeature. */ export interface LifecycleState { /** * Output only. The current state of the Feature resource in the Hub API. */ readonly state?: | "STATE_UNSPECIFIED" | "ENABLING" | "ACTIVE" | "DISABLING" | "UPDATING" | "SERVICE_UPDATING"; } /** * The response message for Locations.ListLocations. */ export interface ListLocationsResponse { /** * A list of locations that matches the specified filter in the request. */ locations?: Location[]; /** * The standard List next-page token. */ nextPageToken?: string; } /** * Response message for the `GkeHubFeature.ListMembershipFeatures` method. */ export interface ListMembershipFeaturesResponse { /** * The list of matching MembershipFeatures. */ membershipFeatures?: MembershipFeature[]; /** * A token to request the next page of resources from the * `ListMembershipFeatures` method. The value of an empty string means that * there are no more resources to return. */ nextPageToken?: string; /** * List of locations that could not be reached while fetching this list. */ unreachable?: string[]; } function serializeListMembershipFeaturesResponse(data: any): ListMembershipFeaturesResponse { return { ...data, membershipFeatures: data["membershipFeatures"] !== undefined ? data["membershipFeatures"].map((item: any) => (serializeMembershipFeature(item))) : undefined, }; } function deserializeListMembershipFeaturesResponse(data: any): ListMembershipFeaturesResponse { return { ...data, membershipFeatures: data["membershipFeatures"] !== undefined ? data["membershipFeatures"].map((item: any) => (deserializeMembershipFeature(item))) : undefined, }; } /** * The response message for Operations.ListOperations. */ export interface ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string; /** * A list of operations that matches the specified filter in the request. */ operations?: Operation[]; } /** * A resource that represents a Google Cloud location. */ export interface Location { /** * The friendly name for this location, typically a nearby city name. For * example, "Tokyo". */ displayName?: string; /** * Cross-service attributes for the location. For example * {"cloud.googleapis.com/region": "us-east1"} */ labels?: { [key: string]: string }; /** * The canonical id for this location. For example: `"us-east1"`. */ locationId?: string; /** * Service-specific metadata. For example the available capacity at the given * location. */ metadata?: { [key: string]: any }; /** * Resource name for the location, which may vary between implementations. * For example: `"projects/example-project/locations/us-east1"` */ name?: string; } /** * MembershipFeature represents the settings and status of a Fleet Feature * enabled on a single Fleet Membership. */ export interface MembershipFeature { /** * Output only. When the MembershipFeature resource was created. */ readonly createTime?: Date; /** * Output only. When the MembershipFeature resource was deleted. */ readonly deleteTime?: Date; /** * Reference information for a FeatureConfig applied on the * MembershipFeature. */ featureConfigRef?: FeatureConfigRef; /** * GCP labels for this MembershipFeature. */ labels?: { [key: string]: string }; /** * Output only. Lifecycle information of the resource itself. */ readonly lifecycleState?: LifecycleState; /** * Output only. The resource name of the membershipFeature, in the format: * `projects/{project}/locations/{location}/memberships/{membership}/features/{feature}`. * Note that `membershipFeatures` is shortened to `features` in the resource * name. (see http://go/aip/122#collection-identifiers) */ readonly name?: string; /** * Spec of this membershipFeature. */ spec?: FeatureSpec; /** * Output only. State of the this membershipFeature. */ readonly state?: FeatureState; /** * Output only. When the MembershipFeature resource was last updated. */ readonly updateTime?: Date; } function serializeMembershipFeature(data: any): MembershipFeature { return { ...data, spec: data["spec"] !== undefined ? serializeFeatureSpec(data["spec"]) : undefined, }; } function deserializeMembershipFeature(data: any): MembershipFeature { return { ...data, createTime: data["createTime"] !== undefined ? new Date(data["createTime"]) : undefined, deleteTime: data["deleteTime"] !== undefined ? new Date(data["deleteTime"]) : undefined, spec: data["spec"] !== undefined ? deserializeFeatureSpec(data["spec"]) : undefined, state: data["state"] !== undefined ? deserializeFeatureState(data["state"]) : undefined, updateTime: data["updateTime"] !== undefined ? new Date(data["updateTime"]) : undefined, }; } /** * **Metering**: State for a single membership, analyzed and reported by * feature controller. */ export interface MeteringState { /** * The time stamp of the most recent measurement of the number of vCPUs in * the cluster. */ lastMeasurementTime?: Date; /** * The vCPUs capacity in the cluster according to the most recent measurement * (1/1000 precision). */ preciseLastMeasuredClusterVcpuCapacity?: number; } function serializeMeteringState(data: any): MeteringState { return { ...data, lastMeasurementTime: data["lastMeasurementTime"] !== undefined ? data["lastMeasurementTime"].toISOString() : undefined, }; } function deserializeMeteringState(data: any): MeteringState { return { ...data, lastMeasurementTime: data["lastMeasurementTime"] !== undefined ? new Date(data["lastMeasurementTime"]) : undefined, }; } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: GoogleRpcStatus; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal, successful response of the operation. If the original method * returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Metadata of the long-running operation. */ export interface OperationMetadata { /** * Output only. API version used to start the operation. */ readonly apiVersion?: string; /** * Output only. Identifies whether the user has requested cancellation of the * operation. Operations that have successfully been cancelled have * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. */ readonly cancelRequested?: boolean; /** * Output only. The time the operation was created. */ readonly createTime?: Date; /** * Output only. The time the operation finished running. */ readonly endTime?: Date; /** * Output only. Human-readable status of the operation, if any. */ readonly statusDetail?: string; /** * Output only. Server-defined resource path for the target of the operation. */ readonly target?: string; /** * Output only. Name of the verb executed by the operation. */ readonly verb?: string; } /** * Origin defines where this FeatureSpec originated from. */ export interface Origin { /** * Type specifies which type of origin is set. */ type?: | "TYPE_UNSPECIFIED" | "FLEET" | "FLEET_OUT_OF_SYNC" | "USER"; } /** * BundleInstallSpec is the specification configuration for a single managed * bundle. */ export interface PolicyControllerBundleInstallSpec { /** * the set of namespaces to be exempted from the bundle */ exemptedNamespaces?: string[]; } /** * Configuration for Policy Controller */ export interface PolicyControllerHubConfig { /** * Sets the interval for Policy Controller Audit Scans (in seconds). When set * to 0, this disables audit functionality altogether. */ auditIntervalSeconds?: bigint; /** * The maximum number of audit violations to be stored in a constraint. If * not set, the internal default (currently 20) will be used. */ constraintViolationLimit?: bigint; /** * Map of deployment configs to deployments (“admission”, “audit”, * “mutation”). */ deploymentConfigs?: { [key: string]: PolicyControllerPolicyControllerDeploymentConfig }; /** * The set of namespaces that are excluded from Policy Controller checks. * Namespaces do not need to currently exist on the cluster. */ exemptableNamespaces?: string[]; /** * The install_spec represents the intended state specified by the latest * request that mutated install_spec in the feature spec, not the lifecycle * state of the feature observed by the Hub feature controller that is * reported in the feature state. */ installSpec?: | "INSTALL_SPEC_UNSPECIFIED" | "INSTALL_SPEC_NOT_INSTALLED" | "INSTALL_SPEC_ENABLED" | "INSTALL_SPEC_SUSPENDED" | "INSTALL_SPEC_DETACHED"; /** * Logs all denies and dry run failures. */ logDeniesEnabled?: boolean; /** * Monitoring specifies the configuration of monitoring. */ monitoring?: PolicyControllerMonitoringConfig; /** * Enables the ability to mutate resources using Policy Controller. */ mutationEnabled?: boolean; /** * Specifies the desired policy content on the cluster */ policyContent?: PolicyControllerPolicyContentSpec; /** * Enables the ability to use Constraint Templates that reference to objects * other than the object currently being evaluated. */ referentialRulesEnabled?: boolean; } function serializePolicyControllerHubConfig(data: any): PolicyControllerHubConfig { return { ...data, auditIntervalSeconds: data["auditIntervalSeconds"] !== undefined ? String(data["auditIntervalSeconds"]) : undefined, constraintViolationLimit: data["constraintViolationLimit"] !== undefined ? String(data["constraintViolationLimit"]) : undefined, deploymentConfigs: data["deploymentConfigs"] !== undefined ? Object.fromEntries(Object.entries(data["deploymentConfigs"]).map(([k, v]: [string, any]) => ([k, serializePolicyControllerPolicyControllerDeploymentConfig(v)]))) : undefined, }; } function deserializePolicyControllerHubConfig(data: any): PolicyControllerHubConfig { return { ...data, auditIntervalSeconds: data["auditIntervalSeconds"] !== undefined ? BigInt(data["auditIntervalSeconds"]) : undefined, constraintViolationLimit: data["constraintViolationLimit"] !== undefined ? BigInt(data["constraintViolationLimit"]) : undefined, deploymentConfigs: data["deploymentConfigs"] !== undefined ? Object.fromEntries(Object.entries(data["deploymentConfigs"]).map(([k, v]: [string, any]) => ([k, deserializePolicyControllerPolicyControllerDeploymentConfig(v)]))) : undefined, }; } /** * MonitoringConfig specifies the backends Policy Controller should export * metrics to. For example, to specify metrics should be exported to Cloud * Monitoring and Prometheus, specify backends: ["cloudmonitoring", * "prometheus"] */ export interface PolicyControllerMonitoringConfig { /** * Specifies the list of backends Policy Controller will export to. An empty * list would effectively disable metrics export. */ backends?: | "MONITORING_BACKEND_UNSPECIFIED" | "PROMETHEUS" | "CLOUD_MONITORING"[]; } /** * OnClusterState represents the state of a sub-component of Policy Controller. */ export interface PolicyControllerOnClusterState { /** * Surface potential errors or information logs. */ details?: string; /** * The lifecycle state of this component. */ state?: | "LIFECYCLE_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLING" | "ACTIVE" | "UPDATING" | "DECOMMISSIONING" | "CLUSTER_ERROR" | "HUB_ERROR" | "SUSPENDED" | "DETACHED"; } /** * PolicyContentSpec defines the user's desired content configuration on the * cluster. */ export interface PolicyControllerPolicyContentSpec { /** * map of bundle name to BundleInstallSpec. The bundle name maps to the * `bundleName` key in the `policycontroller.gke.io/constraintData` annotation * on a constraint. */ bundles?: { [key: string]: PolicyControllerBundleInstallSpec }; /** * Configures the installation of the Template Library. */ templateLibrary?: PolicyControllerTemplateLibraryConfig; } /** * The state of the policy controller policy content */ export interface PolicyControllerPolicyContentState { /** * The state of the any bundles included in the chosen version of the * manifest */ bundleStates?: { [key: string]: PolicyControllerOnClusterState }; /** * The state of the referential data sync configuration. This could represent * the state of either the syncSet object(s) or the config object, depending * on the version of PoCo configured by the user. */ referentialSyncConfigState?: PolicyControllerOnClusterState; /** * The state of the template library */ templateLibraryState?: PolicyControllerOnClusterState; } /** * Deployment-specific configuration. */ export interface PolicyControllerPolicyControllerDeploymentConfig { /** * Container resource requirements. */ containerResources?: PolicyControllerResourceRequirements; /** * Pod affinity configuration. */ podAffinity?: | "AFFINITY_UNSPECIFIED" | "NO_AFFINITY" | "ANTI_AFFINITY"; /** * Pod anti-affinity enablement. Deprecated: use `pod_affinity` instead. */ podAntiAffinity?: boolean; /** * Pod tolerations of node taints. */ podTolerations?: PolicyControllerToleration[]; /** * Pod replica count. */ replicaCount?: bigint; } function serializePolicyControllerPolicyControllerDeploymentConfig(data: any): PolicyControllerPolicyControllerDeploymentConfig { return { ...data, replicaCount: data["replicaCount"] !== undefined ? String(data["replicaCount"]) : undefined, }; } function deserializePolicyControllerPolicyControllerDeploymentConfig(data: any): PolicyControllerPolicyControllerDeploymentConfig { return { ...data, replicaCount: data["replicaCount"] !== undefined ? BigInt(data["replicaCount"]) : undefined, }; } /** * ResourceList contains container resource requirements. */ export interface PolicyControllerResourceList { /** * CPU requirement expressed in Kubernetes resource units. */ cpu?: string; /** * Memory requirement expressed in Kubernetes resource units. */ memory?: string; } /** * ResourceRequirements describes the compute resource requirements. */ export interface PolicyControllerResourceRequirements { /** * Limits describes the maximum amount of compute resources allowed for use * by the running container. */ limits?: PolicyControllerResourceList; /** * Requests describes the amount of compute resources reserved for the * container by the kube-scheduler. */ requests?: PolicyControllerResourceList; } /** * **Policy Controller**: Configuration for a single cluster. Intended to * parallel the PolicyController CR. */ export interface PolicyControllerSpec { /** * Policy Controller configuration for the cluster. */ policyControllerHubConfig?: PolicyControllerHubConfig; /** * Version of Policy Controller installed. */ version?: string; } function serializePolicyControllerSpec(data: any): PolicyControllerSpec { return { ...data, policyControllerHubConfig: data["policyControllerHubConfig"] !== undefined ? serializePolicyControllerHubConfig(data["policyControllerHubConfig"]) : undefined, }; } function deserializePolicyControllerSpec(data: any): PolicyControllerSpec { return { ...data, policyControllerHubConfig: data["policyControllerHubConfig"] !== undefined ? deserializePolicyControllerHubConfig(data["policyControllerHubConfig"]) : undefined, }; } /** * **Policy Controller**: State for a single cluster. */ export interface PolicyControllerState { /** * Currently these include (also serving as map keys): 1. "admission" 2. * "audit" 3. "mutation" */ componentStates?: { [key: string]: PolicyControllerOnClusterState }; /** * The overall content state observed by the Hub Feature controller. */ policyContentState?: PolicyControllerPolicyContentState; /** * The overall Policy Controller lifecycle state observed by the Hub Feature * controller. */ state?: | "LIFECYCLE_STATE_UNSPECIFIED" | "NOT_INSTALLED" | "INSTALLING" | "ACTIVE" | "UPDATING" | "DECOMMISSIONING" | "CLUSTER_ERROR" | "HUB_ERROR" | "SUSPENDED" | "DETACHED"; } /** * The config specifying which default library templates to install. */ export interface PolicyControllerTemplateLibraryConfig { /** * Configures the manner in which the template library is installed on the * cluster. */ installation?: | "INSTALLATION_UNSPECIFIED" | "NOT_INSTALLED" | "ALL"; } /** * Toleration of a node taint. */ export interface PolicyControllerToleration { /** * Matches a taint effect. */ effect?: string; /** * Matches a taint key (not necessarily unique). */ key?: string; /** * Matches a taint operator. */ operator?: string; /** * Matches a taint value. */ value?: string; } /** * Additional options for GKEHub#projectsLocationsList. */ export interface ProjectsLocationsListOptions { /** * A filter to narrow down results to a preferred subset. The filtering * language accepts strings like `"displayName=tokyo"`, and is documented in * more detail in [AIP-160](https://google.aip.dev/160). */ filter?: string; /** * The maximum number of results to return. If not set, the service selects a * default. */ pageSize?: number; /** * A page token received from the `next_page_token` field in the response. * Send that page token to receive the subsequent page. */ pageToken?: string; } /** * Additional options for GKEHub#projectsLocationsMembershipsFeaturesCreate. */ export interface ProjectsLocationsMembershipsFeaturesCreateOptions { /** * Required. The ID of the membership_feature to create. */ featureId?: string; /** * Idempotent request UUID. */ requestId?: string; } /** * Additional options for GKEHub#projectsLocationsMembershipsFeaturesDelete. */ export interface ProjectsLocationsMembershipsFeaturesDeleteOptions { /** * Idempotent request UUID. */ requestId?: string; } /** * Additional options for GKEHub#projectsLocationsMembershipsFeaturesList. */ export interface ProjectsLocationsMembershipsFeaturesListOptions { /** * Lists MembershipFeatures that match the filter expression, following the * syntax outlined in https://google.aip.dev/160. Examples: - Feature with the * name "helloworld" in project "foo-proj" and membership "member-bar": name = * "projects/foo-proj/locations/global/memberships/member-bar/features/helloworld" * - Features that have a label called `foo`: labels.foo:* - Features that * have a label called `foo` whose value is `bar`: labels.foo = bar */ filter?: string; /** * One or more fields to compare and use to sort the output. See * https://google.aip.dev/132#ordering. */ orderBy?: string; /** * When requesting a 'page' of resources, `page_size` specifies number of * resources to return. If unspecified or set to 0, all resources will be * returned. */ pageSize?: number; /** * Token returned by previous call to `ListFeatures` which specifies the * position in the list from where to continue listing the resources. */ pageToken?: string; } /** * Additional options for GKEHub#projectsLocationsMembershipsFeaturesPatch. */ export interface ProjectsLocationsMembershipsFeaturesPatchOptions { /** * Optional. If set to true, and the MembershipFeature is not found, a new * MembershipFeature will be created. In this situation, `update_mask` is * ignored. */ allowMissing?: boolean; /** * Idempotent request UUID. */ requestId?: string; /** * Required. Mask of fields to update. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsMembershipsFeaturesPatchOptions(data: any): ProjectsLocationsMembershipsFeaturesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsMembershipsFeaturesPatchOptions(data: any): ProjectsLocationsMembershipsFeaturesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for GKEHub#projectsLocationsOperationsList. */ export interface ProjectsLocationsOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * AnalysisMessage is a single message produced by an analyzer, and it used to * communicate to the end user about the state of their Service Mesh * configuration. */ export interface ServiceMeshAnalysisMessage { /** * A UI can combine these args with a template (based on message_base.type) * to produce an internationalized message. */ args?: { [key: string]: any }; /** * A human readable description of what the error means. It is suitable for * non-internationalize display purposes. */ description?: string; /** * Details common to all types of Istio and ServiceMesh analysis messages. */ messageBase?: ServiceMeshAnalysisMessageBase; /** * A list of strings specifying the resource identifiers that were the cause * of message generation. A "path" here may be: * MEMBERSHIP_ID if the cause * is a specific member cluster * * MEMBERSHIP_ID/(NAMESPACE\/)?RESOURCETYPE/NAME if the cause is a resource in * a cluster */ resourcePaths?: string[]; } /** * AnalysisMessageBase describes some common information that is needed for all * messages. */ export interface ServiceMeshAnalysisMessageBase { /** * A url pointing to the Service Mesh or Istio documentation for this * specific error type. */ documentationUrl?: string; /** * Represents how severe a message is. */ level?: | "LEVEL_UNSPECIFIED" | "ERROR" | "WARNING" | "INFO"; /** * Represents the specific type of a message. */ type?: ServiceMeshType; } /** * Condition being reported. */ export interface ServiceMeshCondition { /** * Unique identifier of the condition which describes the condition * recognizable to the user. */ code?: | "CODE_UNSPECIFIED" | "MESH_IAM_PERMISSION_DENIED" | "MESH_IAM_CROSS_PROJECT_PERMISSION_DENIED" | "CNI_CONFIG_UNSUPPORTED" | "GKE_SANDBOX_UNSUPPORTED" | "NODEPOOL_WORKLOAD_IDENTITY_FEDERATION_REQUIRED" | "CNI_INSTALLATION_FAILED" | "CNI_POD_UNSCHEDULABLE" | "CLUSTER_HAS_ZERO_NODES" | "UNSUPPORTED_MULTIPLE_CONTROL_PLANES" | "VPCSC_GA_SUPPORTED" | "DEPRECATED_SPEC_CONTROL_PLANE_MANAGEMENT" | "DEPRECATED_SPEC_CONTROL_PLANE_MANAGEMENT_SAFE" | "CONFIG_APPLY_INTERNAL_ERROR" | "CONFIG_VALIDATION_ERROR" | "CONFIG_VALIDATION_WARNING" | "QUOTA_EXCEEDED_BACKEND_SERVICES" | "QUOTA_EXCEEDED_HEALTH_CHECKS" | "QUOTA_EXCEEDED_HTTP_ROUTES" | "QUOTA_EXCEEDED_TCP_ROUTES" | "QUOTA_EXCEEDED_TLS_ROUTES" | "QUOTA_EXCEEDED_TRAFFIC_POLICIES" | "QUOTA_EXCEEDED_ENDPOINT_POLICIES" | "QUOTA_EXCEEDED_GATEWAYS" | "QUOTA_EXCEEDED_MESHES" | "QUOTA_EXCEEDED_SERVER_TLS_POLICIES" | "QUOTA_EXCEEDED_CLIENT_TLS_POLICIES" | "QUOTA_EXCEEDED_SERVICE_LB_POLICIES" | "QUOTA_EXCEEDED_HTTP_FILTERS" | "QUOTA_EXCEEDED_TCP_FILTERS" | "QUOTA_EXCEEDED_NETWORK_ENDPOINT_GROUPS" | "MODERNIZATION_SCHEDULED" | "MODERNIZATION_IN_PROGRESS" | "MODERNIZATION_COMPLETED" | "MODERNIZATION_ABORTED"; /** * A short summary about the issue. */ details?: string; /** * Links contains actionable information. */ documentationLink?: string; /** * Severity level of the condition. */ severity?: | "SEVERITY_UNSPECIFIED" | "ERROR" | "WARNING" | "INFO"; } /** * Status of control plane management. */ export interface ServiceMeshControlPlaneManagement { /** * Explanation of state. */ details?: ServiceMeshStatusDetails[]; /** * Output only. Implementation of managed control plane. */ readonly implementation?: | "IMPLEMENTATION_UNSPECIFIED" | "ISTIOD" | "TRAFFIC_DIRECTOR" | "UPDATING"; /** * LifecycleState of control plane management. */ state?: | "LIFECYCLE_STATE_UNSPECIFIED" | "DISABLED" | "FAILED_PRECONDITION" | "PROVISIONING" | "ACTIVE" | "STALLED" | "NEEDS_ATTENTION" | "DEGRADED"; } /** * Status of data plane management. Only reported per-member. */ export interface ServiceMeshDataPlaneManagement { /** * Explanation of the status. */ details?: ServiceMeshStatusDetails[]; /** * Lifecycle status of data plane management. */ state?: | "LIFECYCLE_STATE_UNSPECIFIED" | "DISABLED" | "FAILED_PRECONDITION" | "PROVISIONING" | "ACTIVE" | "STALLED" | "NEEDS_ATTENTION" | "DEGRADED"; } /** * **Service Mesh**: Spec for a single Membership for the servicemesh feature */ export interface ServiceMeshSpec { /** * Optional. Specifies the API that will be used for configuring the mesh * workloads. */ configApi?: | "CONFIG_API_UNSPECIFIED" | "CONFIG_API_ISTIO" | "CONFIG_API_GATEWAY"; /** * Deprecated: use `management` instead Enables automatic control plane * management. */ controlPlane?: | "CONTROL_PLANE_MANAGEMENT_UNSPECIFIED" | "AUTOMATIC" | "MANUAL"; /** * Determines which release channel to use for default injection and service * mesh APIs. */ defaultChannel?: | "CHANNEL_UNSPECIFIED" | "RAPID" | "REGULAR" | "STABLE"; /** * Optional. Enables automatic Service Mesh management. */ management?: | "MANAGEMENT_UNSPECIFIED" | "MANAGEMENT_AUTOMATIC" | "MANAGEMENT_MANUAL"; } /** * **Service Mesh**: State for a single Membership, as analyzed by the Service * Mesh Hub Controller. */ export interface ServiceMeshState { /** * Output only. Results of running Service Mesh analyzers. */ readonly analysisMessages?: ServiceMeshAnalysisMessage[]; /** * Output only. List of conditions reported for this membership. */ readonly conditions?: ServiceMeshCondition[]; /** * The API version (i.e. Istio CRD version) for configuring service mesh in * this cluster. This version is influenced by the `default_channel` field. */ configApiVersion?: string; /** * Output only. Status of control plane management */ readonly controlPlaneManagement?: ServiceMeshControlPlaneManagement; /** * Output only. Status of data plane management. */ readonly dataPlaneManagement?: ServiceMeshDataPlaneManagement; } /** * Structured and human-readable details for a status. */ export interface ServiceMeshStatusDetails { /** * A machine-readable code that further describes a broad status. */ code?: string; /** * Human-readable explanation of code. */ details?: string; } /** * A unique identifier for the type of message. Display_name is intended to be * human-readable, code is intended to be machine readable. There should be a * one-to-one mapping between display_name and code. (i.e. do not re-use * display_names or codes between message types.) See * istio.analysis.v1alpha1.AnalysisMessageBase.Type */ export interface ServiceMeshType { /** * A 7 character code matching `^IST[0-9]{4}$` or `^ASM[0-9]{4}$`, intended * to uniquely identify the message type. (e.g. "IST0001" is mapped to the * "InternalError" message type.) */ code?: string; /** * A human-readable name for the message type. e.g. "InternalError", * "PodMissingProxy". This should be the same for all messages of the same * type. (This corresponds to the `name` field in open-source Istio.) */ displayName?: string; } /** * High-level state of a MembershipFeature. */ export interface State { /** * The high-level, machine-readable status of this MembershipFeature. */ code?: | "CODE_UNSPECIFIED" | "OK" | "WARNING" | "ERROR"; /** * A human-readable description of the current status. */ description?: string; /** * The time this status and any related Feature-specific details were * updated. */ updateTime?: Date; } function serializeState(data: any): State { return { ...data, updateTime: data["updateTime"] !== undefined ? data["updateTime"].toISOString() : undefined, }; } function deserializeState(data: any): State { return { ...data, updateTime: data["updateTime"] !== undefined ? new Date(data["updateTime"]) : undefined, }; } /** * **WorkloadCertificate**: The membership-specific input for * WorkloadCertificate feature. */ export interface WorkloadCertificateSpec { /** * CertificateManagement specifies workload certificate management. */ certificateManagement?: | "CERTIFICATE_MANAGEMENT_UNSPECIFIED" | "DISABLED" | "ENABLED"; } function decodeBase64(b64: string): Uint8Array { const binString = atob(b64); const size = binString.length; const bytes = new Uint8Array(size); for (let i = 0; i < size; i++) { bytes[i] = binString.charCodeAt(i); } return bytes; } const base64abc = ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","0","1","2","3","4","5","6","7","8","9","+","/"]; /** * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727 * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation * @param data */ function encodeBase64(uint8: Uint8Array): string { let result = "", i; const l = uint8.length; for (i = 2; i < l; i += 3) { result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)]; result += base64abc[uint8[i] & 0x3f]; } if (i === l + 1) { // 1 octet yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[(uint8[i - 2] & 0x03) << 4]; result += "=="; } if (i === l) { // 2 octets yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[(uint8[i - 1] & 0x0f) << 2]; result += "="; } return result; }