// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Network Management API Client for Deno * ====================================== * * The Network Management API provides a collection of network performance monitoring and diagnostic capabilities. * * Docs: https://cloud.google.com/ * Source: https://googleapis.deno.dev/v1/networkmanagement:v1.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; /** * The Network Management API provides a collection of network performance * monitoring and diagnostic capabilities. */ export class NetworkManagement { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://networkmanagement.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Gets information about a location. * * @param name Resource name for the location. */ async projectsLocationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Location; } /** * Creates a new Connectivity Test. After you create a test, the reachability * analysis is performed as part of the long running operation, which * completes when the analysis completes. If the endpoint specifications in * `ConnectivityTest` are invalid (for example, containing non-existent * resources in the network, or you don't have read permissions to the network * configurations of listed projects), then the reachability result returns a * value of `UNKNOWN`. If the endpoint specifications in `ConnectivityTest` * are incomplete, the reachability result returns a value of AMBIGUOUS. For * more information, see the Connectivity Test documentation. * * @param parent Required. The parent resource of the Connectivity Test to create: `projects/{project_id}/locations/global` */ async projectsLocationsGlobalConnectivityTestsCreate(parent: string, req: ConnectivityTest, opts: ProjectsLocationsGlobalConnectivityTestsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/connectivityTests`); if (opts.testId !== undefined) { url.searchParams.append("testId", String(opts.testId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a specific `ConnectivityTest`. * * @param name Required. Connectivity Test resource name using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}` */ async projectsLocationsGlobalConnectivityTestsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets the details of a specific Connectivity Test. * * @param name Required. `ConnectivityTest` resource name using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}` */ async projectsLocationsGlobalConnectivityTestsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ConnectivityTest; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsGlobalConnectivityTestsGetIamPolicy(resource: string, opts: ProjectsLocationsGlobalConnectivityTestsGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializePolicy(data); } /** * Lists all Connectivity Tests owned by a project. * * @param parent Required. The parent resource of the Connectivity Tests: `projects/{project_id}/locations/global` */ async projectsLocationsGlobalConnectivityTestsList(parent: string, opts: ProjectsLocationsGlobalConnectivityTestsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/connectivityTests`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListConnectivityTestsResponse; } /** * Updates the configuration of an existing `ConnectivityTest`. After you * update a test, the reachability analysis is performed as part of the long * running operation, which completes when the analysis completes. The * Reachability state in the test resource is updated with the new result. If * the endpoint specifications in `ConnectivityTest` are invalid (for example, * they contain non-existent resources in the network, or the user does not * have read permissions to the network configurations of listed projects), * then the reachability result returns a value of UNKNOWN. If the endpoint * specifications in `ConnectivityTest` are incomplete, the reachability * result returns a value of `AMBIGUOUS`. See the documentation in * `ConnectivityTest` for more details. * * @param name Identifier. Unique name of the resource using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}` */ async projectsLocationsGlobalConnectivityTestsPatch(name: string, req: ConnectivityTest, opts: ProjectsLocationsGlobalConnectivityTestsPatchOptions = {}): Promise { opts = serializeProjectsLocationsGlobalConnectivityTestsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Rerun an existing `ConnectivityTest`. After the user triggers the rerun, * the reachability analysis is performed as part of the long running * operation, which completes when the analysis completes. Even though the * test configuration remains the same, the reachability result may change due * to underlying network configuration changes. If the endpoint specifications * in `ConnectivityTest` become invalid (for example, specified resources are * deleted in the network, or you lost read permissions to the network * configurations of listed projects), then the reachability result returns a * value of `UNKNOWN`. * * @param name Required. Connectivity Test resource name using the form: `projects/{project_id}/locations/global/connectivityTests/{test_id}` */ async projectsLocationsGlobalConnectivityTestsRerun(name: string, req: RerunConnectivityTestRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:rerun`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsGlobalConnectivityTestsSetIamPolicy(resource: string, req: SetIamPolicyRequest): Promise { req = serializeSetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializePolicy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsGlobalConnectivityTestsTestIamPermissions(resource: string, req: TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as TestIamPermissionsResponse; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of `1`, corresponding * to `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async projectsLocationsGlobalOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Empty; } /** * Deletes a long-running operation. This method indicates that the client is * no longer interested in the operation result. It does not cancel the * operation. If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. * * @param name The name of the operation resource to be deleted. */ async projectsLocationsGlobalOperationsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Empty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async projectsLocationsGlobalOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async projectsLocationsGlobalOperationsList(name: string, opts: ProjectsLocationsGlobalOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } /** * Lists information about the supported locations for this service. * * @param name The resource that owns the locations collection, if applicable. */ async projectsLocationsList(name: string, opts: ProjectsLocationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/locations`); if (opts.extraLocationTypes !== undefined) { url.searchParams.append("extraLocationTypes", String(opts.extraLocationTypes)); } if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListLocationsResponse; } /** * Creates a new `VpcFlowLogsConfig`. If a configuration with the exact same * settings already exists (even if the ID is different), the creation fails. * Notes: 1. Creating a configuration with state=DISABLED will fail 2. The * following fields are not considered as `settings` for the purpose of the * check mentioned above, therefore - creating another configuration with the * same fields but different values for the following fields will fail as * well: * name * create_time * update_time * labels * description * * @param parent Required. The parent resource of the VPC Flow Logs configuration to create: `projects/{project_id}/locations/global` */ async projectsLocationsVpcFlowLogsConfigsCreate(parent: string, req: VpcFlowLogsConfig, opts: ProjectsLocationsVpcFlowLogsConfigsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/vpcFlowLogsConfigs`); if (opts.vpcFlowLogsConfigId !== undefined) { url.searchParams.append("vpcFlowLogsConfigId", String(opts.vpcFlowLogsConfigId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a specific `VpcFlowLogsConfig`. * * @param name Required. `VpcFlowLogsConfig` resource name using the form: `projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config}` */ async projectsLocationsVpcFlowLogsConfigsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets the details of a specific `VpcFlowLogsConfig`. * * @param name Required. `VpcFlowLogsConfig` resource name using the form: `projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config}` */ async projectsLocationsVpcFlowLogsConfigsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as VpcFlowLogsConfig; } /** * Lists all `VpcFlowLogsConfigs` in a given project. * * @param parent Required. The parent resource of the VpcFlowLogsConfig: `projects/{project_id}/locations/global` */ async projectsLocationsVpcFlowLogsConfigsList(parent: string, opts: ProjectsLocationsVpcFlowLogsConfigsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/vpcFlowLogsConfigs`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.orderBy !== undefined) { url.searchParams.append("orderBy", String(opts.orderBy)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListVpcFlowLogsConfigsResponse; } /** * Updates an existing `VpcFlowLogsConfig`. If a configuration with the exact * same settings already exists (even if the ID is different), the creation * fails. Notes: 1. Updating a configuration with state=DISABLED will fail. 2. * The following fields are not considered as `settings` for the purpose of * the check mentioned above, therefore - updating another configuration with * the same fields but different values for the following fields will fail as * well: * name * create_time * update_time * labels * description * * @param name Identifier. Unique name of the configuration using the form: `projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}` */ async projectsLocationsVpcFlowLogsConfigsPatch(name: string, req: VpcFlowLogsConfig, opts: ProjectsLocationsVpcFlowLogsConfigsPatchOptions = {}): Promise { opts = serializeProjectsLocationsVpcFlowLogsConfigsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } } /** * Details of the final state "abort" and associated resource. */ export interface AbortInfo { /** * Causes that the analysis is aborted. */ cause?: | "CAUSE_UNSPECIFIED" | "UNKNOWN_NETWORK" | "UNKNOWN_PROJECT" | "NO_EXTERNAL_IP" | "UNINTENDED_DESTINATION" | "SOURCE_ENDPOINT_NOT_FOUND" | "MISMATCHED_SOURCE_NETWORK" | "DESTINATION_ENDPOINT_NOT_FOUND" | "MISMATCHED_DESTINATION_NETWORK" | "UNKNOWN_IP" | "GOOGLE_MANAGED_SERVICE_UNKNOWN_IP" | "SOURCE_IP_ADDRESS_NOT_IN_SOURCE_NETWORK" | "PERMISSION_DENIED" | "PERMISSION_DENIED_NO_CLOUD_NAT_CONFIGS" | "PERMISSION_DENIED_NO_NEG_ENDPOINT_CONFIGS" | "PERMISSION_DENIED_NO_CLOUD_ROUTER_CONFIGS" | "NO_SOURCE_LOCATION" | "INVALID_ARGUMENT" | "TRACE_TOO_LONG" | "INTERNAL_ERROR" | "UNSUPPORTED" | "MISMATCHED_IP_VERSION" | "GKE_KONNECTIVITY_PROXY_UNSUPPORTED" | "RESOURCE_CONFIG_NOT_FOUND" | "VM_INSTANCE_CONFIG_NOT_FOUND" | "NETWORK_CONFIG_NOT_FOUND" | "FIREWALL_CONFIG_NOT_FOUND" | "ROUTE_CONFIG_NOT_FOUND" | "GOOGLE_MANAGED_SERVICE_AMBIGUOUS_PSC_ENDPOINT" | "GOOGLE_MANAGED_SERVICE_AMBIGUOUS_ENDPOINT" | "SOURCE_PSC_CLOUD_SQL_UNSUPPORTED" | "SOURCE_REDIS_CLUSTER_UNSUPPORTED" | "SOURCE_REDIS_INSTANCE_UNSUPPORTED" | "SOURCE_FORWARDING_RULE_UNSUPPORTED" | "NON_ROUTABLE_IP_ADDRESS" | "UNKNOWN_ISSUE_IN_GOOGLE_MANAGED_PROJECT" | "UNSUPPORTED_GOOGLE_MANAGED_PROJECT_CONFIG" | "NO_SERVERLESS_IP_RANGES"; /** * IP address that caused the abort. */ ipAddress?: string; /** * List of project IDs the user specified in the request but lacks access to. * In this case, analysis is aborted with the PERMISSION_DENIED cause. */ projectsMissingPermission?: string[]; /** * URI of the resource that caused the abort. */ resourceUri?: string; } /** * Wrapper for the App Engine service version attributes. */ export interface AppEngineVersionEndpoint { /** * An [App Engine](https://cloud.google.com/appengine) [service * version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions) * name. */ uri?: string; } /** * For display only. Metadata associated with an App Engine version. */ export interface AppEngineVersionInfo { /** * Name of an App Engine version. */ displayName?: string; /** * App Engine execution environment for a version. */ environment?: string; /** * Runtime of the App Engine version. */ runtime?: string; /** * URI of an App Engine version. */ uri?: string; } /** * Specifies the audit configuration for a service. The configuration * determines which permission types are logged, and what identities, if any, * are exempted from logging. An AuditConfig must have one or more * AuditLogConfigs. If there are AuditConfigs for both `allServices` and a * specific service, the union of the two AuditConfigs is used for that service: * the log_types specified in each AuditConfig are enabled, and the * exempted_members in each AuditLogConfig are exempted. Example Policy with * multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": * "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", * "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": * "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For * sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ * logging. It also exempts `jose@example.com` from DATA_READ logging, and * `aliya@example.com` from DATA_WRITE logging. */ export interface AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a * special value that covers all services. */ service?: string; } /** * Provides the configuration for logging a type of permissions. Example: { * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables * 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from * DATA_READ logging. */ export interface AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of * permission. Follows the same format of Binding.members. */ exemptedMembers?: string[]; /** * The log type that this config enables. */ logType?: | "LOG_TYPE_UNSPECIFIED" | "ADMIN_READ" | "DATA_WRITE" | "DATA_READ"; } /** * Associates `members`, or principals, with a `role`. */ export interface Binding { /** * The condition that is associated with this binding. If the condition * evaluates to `true`, then this binding applies to the current request. If * the condition evaluates to `false`, then this binding does not apply to the * current request. However, a different role binding might grant the same * role to one or more of the principals in this binding. To learn which * resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Expr; /** * Specifies the principals requesting access for a Google Cloud resource. * `members` can have the following values: * `allUsers`: A special identifier * that represents anyone who is on the internet; with or without a Google * account. * `allAuthenticatedUsers`: A special identifier that represents * anyone who is authenticated with a Google account or a service account. * Does not include identities that come from external identity providers * (IdPs) through identity federation. * `user:{emailid}`: An email address * that represents a specific Google account. For example, `alice@example.com` * . * `serviceAccount:{emailid}`: An email address that represents a Google * service account. For example, `my-other-app@appspot.gserviceaccount.com`. * * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An * identifier for a [Kubernetes service * account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). * For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * * `group:{emailid}`: An email address that represents a Google group. For * example, `admins@example.com`. * `domain:{domain}`: The G Suite domain * (primary) that represents all the users of that domain. For example, * `google.com` or `example.com`. * * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: * A single identity in a workforce identity pool. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: * All workforce identities in a group. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: * All workforce identities with a specific attribute value. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: * All identities in a workforce identity pool. * * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: * A single identity in a workload identity pool. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: * A workload identity pool group. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: * All identities in a workload identity pool with a certain attribute. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: * All identities in a workload identity pool. * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique * identifier) representing a user that has been recently deleted. For * example, `alice@example.com?uid=123456789012345678901`. If the user is * recovered, this value reverts to `user:{emailid}` and the recovered user * retains the role in the binding. * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus * unique identifier) representing a service account that has been recently * deleted. For example, * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If * the service account is undeleted, this value reverts to * `serviceAccount:{emailid}` and the undeleted service account retains the * role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email * address (plus unique identifier) representing a Google group that has been * recently deleted. For example, * `admins@example.com?uid=123456789012345678901`. If the group is recovered, * this value reverts to `group:{emailid}` and the recovered group retains the * role in the binding. * * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: * Deleted single identity in a workforce identity pool. For example, * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[]; /** * Role that is assigned to the list of `members`, or principals. For * example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview * of the IAM roles and permissions, see the [IAM * documentation](https://cloud.google.com/iam/docs/roles-overview). For a * list of the available pre-defined roles, see * [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string; } /** * The request message for Operations.CancelOperation. */ export interface CancelOperationRequest { } /** * Wrapper for Cloud Function attributes. */ export interface CloudFunctionEndpoint { /** * A [Cloud Function](https://cloud.google.com/functions) name. */ uri?: string; } /** * For display only. Metadata associated with a Cloud Function. */ export interface CloudFunctionInfo { /** * Name of a Cloud Function. */ displayName?: string; /** * Location in which the Cloud Function is deployed. */ location?: string; /** * URI of a Cloud Function. */ uri?: string; /** * Latest successfully deployed version id of the Cloud Function. */ versionId?: bigint; } function serializeCloudFunctionInfo(data: any): CloudFunctionInfo { return { ...data, versionId: data["versionId"] !== undefined ? String(data["versionId"]) : undefined, }; } function deserializeCloudFunctionInfo(data: any): CloudFunctionInfo { return { ...data, versionId: data["versionId"] !== undefined ? BigInt(data["versionId"]) : undefined, }; } /** * Wrapper for Cloud Run revision attributes. */ export interface CloudRunRevisionEndpoint { /** * A [Cloud Run](https://cloud.google.com/run) * [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) * URI. The format is: * projects/{project}/locations/{location}/revisions/{revision} */ uri?: string; } /** * For display only. Metadata associated with a Cloud Run revision. */ export interface CloudRunRevisionInfo { /** * Name of a Cloud Run revision. */ displayName?: string; /** * Location in which this revision is deployed. */ location?: string; /** * URI of Cloud Run service this revision belongs to. */ serviceUri?: string; /** * URI of a Cloud Run revision. */ uri?: string; } /** * For display only. Metadata associated with a Cloud SQL instance. */ export interface CloudSQLInstanceInfo { /** * Name of a Cloud SQL instance. */ displayName?: string; /** * External IP address of a Cloud SQL instance. */ externalIp?: string; /** * Internal IP address of a Cloud SQL instance. */ internalIp?: string; /** * URI of a Cloud SQL instance network or empty string if the instance does * not have one. */ networkUri?: string; /** * Region in which the Cloud SQL instance is running. */ region?: string; /** * URI of a Cloud SQL instance. */ uri?: string; } /** * A Connectivity Test for a network reachability analysis. */ export interface ConnectivityTest { /** * Whether the analysis should skip firewall checking. Default value is * false. */ bypassFirewallChecks?: boolean; /** * Output only. The time the test was created. */ readonly createTime?: Date; /** * The user-supplied description of the Connectivity Test. Maximum of 512 * characters. */ description?: string; /** * Required. Destination specification of the Connectivity Test. You can use * a combination of destination IP address, URI of a supported endpoint, * project ID, or VPC network to identify the destination location. * Reachability analysis proceeds even if the destination location is * ambiguous. However, the test result might include endpoints or use a * destination that you don't intend to test. */ destination?: Endpoint; /** * Output only. The display name of a Connectivity Test. */ readonly displayName?: string; /** * Resource labels to represent user-provided metadata. */ labels?: { [key: string]: string }; /** * Identifier. Unique name of the resource using the form: * `projects/{project_id}/locations/global/connectivityTests/{test_id}` */ name?: string; /** * Output only. The probing details of this test from the latest run, present * for applicable tests only. The details are updated when creating a new * test, updating an existing test, or triggering a one-time rerun of an * existing test. */ readonly probingDetails?: ProbingDetails; /** * IP Protocol of the test. When not provided, "TCP" is assumed. */ protocol?: string; /** * Output only. The reachability details of this test from the latest run. * The details are updated when creating a new test, updating an existing * test, or triggering a one-time rerun of an existing test. */ readonly reachabilityDetails?: ReachabilityDetails; /** * Other projects that may be relevant for reachability analysis. This is * applicable to scenarios where a test can cross project boundaries. */ relatedProjects?: string[]; /** * Output only. The reachability details of this test from the latest run for * the return path. The details are updated when creating a new test, updating * an existing test, or triggering a one-time rerun of an existing test. */ readonly returnReachabilityDetails?: ReachabilityDetails; /** * Whether run analysis for the return path from destination to source. * Default value is false. */ roundTrip?: boolean; /** * Required. Source specification of the Connectivity Test. You can use a * combination of source IP address, URI of a supported endpoint, project ID, * or VPC network to identify the source location. Reachability analysis might * proceed even if the source location is ambiguous. However, the test result * might include endpoints or use a source that you don't intend to test. */ source?: Endpoint; /** * Output only. The time the test's configuration was updated. */ readonly updateTime?: Date; } /** * Details of the final state "deliver" and associated resource. */ export interface DeliverInfo { /** * IP address of the target (if applicable). */ ipAddress?: string; /** * PSC Google API target the packet is delivered to (if applicable). */ pscGoogleApiTarget?: string; /** * URI of the resource that the packet is delivered to. */ resourceUri?: string; /** * Name of the Cloud Storage Bucket the packet is delivered to (if * applicable). */ storageBucket?: string; /** * Target type where the packet is delivered to. */ target?: | "TARGET_UNSPECIFIED" | "INSTANCE" | "INTERNET" | "GOOGLE_API" | "GKE_MASTER" | "CLOUD_SQL_INSTANCE" | "PSC_PUBLISHED_SERVICE" | "PSC_GOOGLE_API" | "PSC_VPC_SC" | "SERVERLESS_NEG" | "STORAGE_BUCKET" | "PRIVATE_NETWORK" | "CLOUD_FUNCTION" | "APP_ENGINE_VERSION" | "CLOUD_RUN_REVISION" | "GOOGLE_MANAGED_SERVICE" | "REDIS_INSTANCE" | "REDIS_CLUSTER"; } /** * For display only. Metadata associated with a serverless direct VPC egress * connection. */ export interface DirectVpcEgressConnectionInfo { /** * URI of direct access network. */ networkUri?: string; /** * Region in which the Direct VPC egress is deployed. */ region?: string; /** * Selected starting IP address, from the selected IP range. */ selectedIpAddress?: string; /** * Selected IP range. */ selectedIpRange?: string; /** * URI of direct access subnetwork. */ subnetworkUri?: string; } /** * Details of the final state "drop" and associated resource. */ export interface DropInfo { /** * Cause that the packet is dropped. */ cause?: | "CAUSE_UNSPECIFIED" | "UNKNOWN_EXTERNAL_ADDRESS" | "FOREIGN_IP_DISALLOWED" | "FIREWALL_RULE" | "NO_ROUTE" | "ROUTE_BLACKHOLE" | "ROUTE_WRONG_NETWORK" | "ROUTE_NEXT_HOP_IP_ADDRESS_NOT_RESOLVED" | "ROUTE_NEXT_HOP_RESOURCE_NOT_FOUND" | "ROUTE_NEXT_HOP_INSTANCE_WRONG_NETWORK" | "ROUTE_NEXT_HOP_INSTANCE_NON_PRIMARY_IP" | "ROUTE_NEXT_HOP_FORWARDING_RULE_IP_MISMATCH" | "ROUTE_NEXT_HOP_VPN_TUNNEL_NOT_ESTABLISHED" | "ROUTE_NEXT_HOP_FORWARDING_RULE_TYPE_INVALID" | "NO_ROUTE_FROM_INTERNET_TO_PRIVATE_IPV6_ADDRESS" | "VPN_TUNNEL_LOCAL_SELECTOR_MISMATCH" | "VPN_TUNNEL_REMOTE_SELECTOR_MISMATCH" | "PRIVATE_TRAFFIC_TO_INTERNET" | "PRIVATE_GOOGLE_ACCESS_DISALLOWED" | "PRIVATE_GOOGLE_ACCESS_VIA_VPN_TUNNEL_UNSUPPORTED" | "NO_EXTERNAL_ADDRESS" | "UNKNOWN_INTERNAL_ADDRESS" | "FORWARDING_RULE_MISMATCH" | "FORWARDING_RULE_NO_INSTANCES" | "FIREWALL_BLOCKING_LOAD_BALANCER_BACKEND_HEALTH_CHECK" | "INGRESS_FIREWALL_TAGS_UNSUPPORTED_BY_DIRECT_VPC_EGRESS" | "INSTANCE_NOT_RUNNING" | "GKE_CLUSTER_NOT_RUNNING" | "CLOUD_SQL_INSTANCE_NOT_RUNNING" | "REDIS_INSTANCE_NOT_RUNNING" | "REDIS_CLUSTER_NOT_RUNNING" | "TRAFFIC_TYPE_BLOCKED" | "GKE_MASTER_UNAUTHORIZED_ACCESS" | "CLOUD_SQL_INSTANCE_UNAUTHORIZED_ACCESS" | "DROPPED_INSIDE_GKE_SERVICE" | "DROPPED_INSIDE_CLOUD_SQL_SERVICE" | "GOOGLE_MANAGED_SERVICE_NO_PEERING" | "GOOGLE_MANAGED_SERVICE_NO_PSC_ENDPOINT" | "GKE_PSC_ENDPOINT_MISSING" | "CLOUD_SQL_INSTANCE_NO_IP_ADDRESS" | "GKE_CONTROL_PLANE_REGION_MISMATCH" | "PUBLIC_GKE_CONTROL_PLANE_TO_PRIVATE_DESTINATION" | "GKE_CONTROL_PLANE_NO_ROUTE" | "CLOUD_SQL_INSTANCE_NOT_CONFIGURED_FOR_EXTERNAL_TRAFFIC" | "PUBLIC_CLOUD_SQL_INSTANCE_TO_PRIVATE_DESTINATION" | "CLOUD_SQL_INSTANCE_NO_ROUTE" | "CLOUD_SQL_CONNECTOR_REQUIRED" | "CLOUD_FUNCTION_NOT_ACTIVE" | "VPC_CONNECTOR_NOT_SET" | "VPC_CONNECTOR_NOT_RUNNING" | "VPC_CONNECTOR_SERVERLESS_TRAFFIC_BLOCKED" | "VPC_CONNECTOR_HEALTH_CHECK_TRAFFIC_BLOCKED" | "FORWARDING_RULE_REGION_MISMATCH" | "PSC_CONNECTION_NOT_ACCEPTED" | "PSC_ENDPOINT_ACCESSED_FROM_PEERED_NETWORK" | "PSC_NEG_PRODUCER_ENDPOINT_NO_GLOBAL_ACCESS" | "PSC_NEG_PRODUCER_FORWARDING_RULE_MULTIPLE_PORTS" | "CLOUD_SQL_PSC_NEG_UNSUPPORTED" | "NO_NAT_SUBNETS_FOR_PSC_SERVICE_ATTACHMENT" | "PSC_TRANSITIVITY_NOT_PROPAGATED" | "HYBRID_NEG_NON_DYNAMIC_ROUTE_MATCHED" | "HYBRID_NEG_NON_LOCAL_DYNAMIC_ROUTE_MATCHED" | "CLOUD_RUN_REVISION_NOT_READY" | "DROPPED_INSIDE_PSC_SERVICE_PRODUCER" | "LOAD_BALANCER_HAS_NO_PROXY_SUBNET" | "CLOUD_NAT_NO_ADDRESSES" | "ROUTING_LOOP" | "DROPPED_INSIDE_GOOGLE_MANAGED_SERVICE" | "LOAD_BALANCER_BACKEND_INVALID_NETWORK" | "BACKEND_SERVICE_NAMED_PORT_NOT_DEFINED" | "DESTINATION_IS_PRIVATE_NAT_IP_RANGE" | "DROPPED_INSIDE_REDIS_INSTANCE_SERVICE" | "REDIS_INSTANCE_UNSUPPORTED_PORT" | "REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS" | "REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK" | "REDIS_INSTANCE_NO_EXTERNAL_IP" | "REDIS_INSTANCE_UNSUPPORTED_PROTOCOL" | "DROPPED_INSIDE_REDIS_CLUSTER_SERVICE" | "REDIS_CLUSTER_UNSUPPORTED_PORT" | "REDIS_CLUSTER_NO_EXTERNAL_IP" | "REDIS_CLUSTER_UNSUPPORTED_PROTOCOL" | "NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION" | "NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION" | "NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION" | "PRIVATE_NAT_TO_PSC_ENDPOINT_UNSUPPORTED" | "PSC_PORT_MAPPING_PORT_MISMATCH" | "PSC_PORT_MAPPING_WITHOUT_PSC_CONNECTION_UNSUPPORTED" | "UNSUPPORTED_ROUTE_MATCHED_FOR_NAT64_DESTINATION" | "TRAFFIC_FROM_HYBRID_ENDPOINT_TO_INTERNET_DISALLOWED" | "NO_MATCHING_NAT64_GATEWAY"; /** * Destination IP address of the dropped packet (if relevant). */ destinationIp?: string; /** * Region of the dropped packet (if relevant). */ region?: string; /** * URI of the resource that caused the drop. */ resourceUri?: string; /** * Source IP address of the dropped packet (if relevant). */ sourceIp?: string; } /** * Representation of a network edge location as per * https://cloud.google.com/vpc/docs/edge-locations. */ export interface EdgeLocation { /** * Name of the metropolitan area. */ metropolitanArea?: string; } /** * A generic empty message that you can re-use to avoid defining duplicated * empty messages in your APIs. A typical example is to use it as the request or * the response type of an API method. For instance: service Foo { rpc * Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } */ export interface Empty { } /** * Source or destination of the Connectivity Test. */ export interface Endpoint { /** * An [App Engine](https://cloud.google.com/appengine) [service * version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions). * Applicable only to source endpoint. */ appEngineVersion?: AppEngineVersionEndpoint; /** * A [Cloud Function](https://cloud.google.com/functions). Applicable only to * source endpoint. */ cloudFunction?: CloudFunctionEndpoint; /** * A [Cloud Run](https://cloud.google.com/run) * [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) * Applicable only to source endpoint. */ cloudRunRevision?: CloudRunRevisionEndpoint; /** * A [Cloud SQL](https://cloud.google.com/sql) instance URI. */ cloudSqlInstance?: string; /** * A forwarding rule and its corresponding IP address represent the frontend * configuration of a Google Cloud load balancer. Forwarding rules are also * used for protocol forwarding, Private Service Connect and other network * services to provide forwarding information in the control plane. Applicable * only to destination endpoint. Format: * projects/{project}/global/forwardingRules/{id} or * projects/{project}/regions/{region}/forwardingRules/{id} */ forwardingRule?: string; /** * Output only. Specifies the type of the target of the forwarding rule. */ readonly forwardingRuleTarget?: | "FORWARDING_RULE_TARGET_UNSPECIFIED" | "INSTANCE" | "LOAD_BALANCER" | "VPN_GATEWAY" | "PSC"; /** * DNS endpoint of [Google Kubernetes Engine cluster control * plane](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). * Requires gke_master_cluster to be set, can't be used simultaneoulsly with * ip_address or network. Applicable only to destination endpoint. */ fqdn?: string; /** * A cluster URI for [Google Kubernetes Engine cluster control * plane](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). */ gkeMasterCluster?: string; /** * A Compute Engine instance URI. */ instance?: string; /** * The IP address of the endpoint, which can be an external or internal IP. */ ipAddress?: string; /** * Output only. ID of the load balancer the forwarding rule points to. Empty * for forwarding rules not related to load balancers. */ readonly loadBalancerId?: string; /** * Output only. Type of the load balancer the forwarding rule points to. */ readonly loadBalancerType?: | "LOAD_BALANCER_TYPE_UNSPECIFIED" | "HTTPS_ADVANCED_LOAD_BALANCER" | "HTTPS_LOAD_BALANCER" | "REGIONAL_HTTPS_LOAD_BALANCER" | "INTERNAL_HTTPS_LOAD_BALANCER" | "SSL_PROXY_LOAD_BALANCER" | "TCP_PROXY_LOAD_BALANCER" | "INTERNAL_TCP_PROXY_LOAD_BALANCER" | "NETWORK_LOAD_BALANCER" | "LEGACY_NETWORK_LOAD_BALANCER" | "TCP_UDP_INTERNAL_LOAD_BALANCER"; /** * A VPC network URI. */ network?: string; /** * Type of the network where the endpoint is located. Applicable only to * source endpoint, as destination network type can be inferred from the * source. */ networkType?: | "NETWORK_TYPE_UNSPECIFIED" | "GCP_NETWORK" | "NON_GCP_NETWORK"; /** * The IP protocol port of the endpoint. Only applicable when protocol is TCP * or UDP. */ port?: number; /** * Project ID where the endpoint is located. The project ID can be derived * from the URI if you provide a endpoint or network URI. The following are * two cases where you may need to provide the project ID: 1. Only the IP * address is specified, and the IP address is within a Google Cloud project. * 2. When you are using Shared VPC and the IP address that you provide is * from the service project. In this case, the network that the IP address * resides in is defined in the host project. */ projectId?: string; /** * A [Redis Cluster](https://cloud.google.com/memorystore/docs/cluster) URI. * Applicable only to destination endpoint. */ redisCluster?: string; /** * A [Redis Instance](https://cloud.google.com/memorystore/docs/redis) URI. * Applicable only to destination endpoint. */ redisInstance?: string; } /** * For display only. The specification of the endpoints for the test. * EndpointInfo is derived from source and destination Endpoint and validated by * the backend data plane model. */ export interface EndpointInfo { /** * Destination IP address. */ destinationIp?: string; /** * URI of the network where this packet is sent to. */ destinationNetworkUri?: string; /** * Destination port. Only valid when protocol is TCP or UDP. */ destinationPort?: number; /** * IP protocol in string format, for example: "TCP", "UDP", "ICMP". */ protocol?: string; /** * URI of the source telemetry agent this packet originates from. */ sourceAgentUri?: string; /** * Source IP address. */ sourceIp?: string; /** * URI of the network where this packet originates from. */ sourceNetworkUri?: string; /** * Source port. Only valid when protocol is TCP or UDP. */ sourcePort?: number; } /** * Represents a textual expression in the Common Expression Language (CEL) * syntax. CEL is a C-like expression language. The syntax and semantics of CEL * are documented at https://github.com/google/cel-spec. Example (Comparison): * title: "Summary size limit" description: "Determines if a summary is less * than 100 chars" expression: "document.summary.size() < 100" Example * (Equality): title: "Requestor is owner" description: "Determines if requestor * is the document owner" expression: "document.owner == * request.auth.claims.email" Example (Logic): title: "Public documents" * description: "Determine whether the document should be publicly visible" * expression: "document.type != 'private' && document.type != 'internal'" * Example (Data Manipulation): title: "Notification string" description: * "Create a notification string with a timestamp." expression: "'New message * received at ' + string(document.create_time)" The exact variables and * functions that may be referenced within an expression are determined by the * service that evaluates it. See the service documentation for additional * information. */ export interface Expr { /** * Optional. Description of the expression. This is a longer text which * describes the expression, e.g. when hovered over it in a UI. */ description?: string; /** * Textual representation of an expression in Common Expression Language * syntax. */ expression?: string; /** * Optional. String indicating the location of the expression for error * reporting, e.g. a file name and a position in the file. */ location?: string; /** * Optional. Title for the expression, i.e. a short string describing its * purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string; } /** * For display only. Metadata associated with a VPC firewall rule, an implied * VPC firewall rule, or a firewall policy rule. */ export interface FirewallInfo { /** * Possible values: ALLOW, DENY, APPLY_SECURITY_PROFILE_GROUP */ action?: string; /** * Possible values: INGRESS, EGRESS */ direction?: string; /** * The display name of the firewall rule. This field might be empty for * firewall policy rules. */ displayName?: string; /** * The firewall rule's type. */ firewallRuleType?: | "FIREWALL_RULE_TYPE_UNSPECIFIED" | "HIERARCHICAL_FIREWALL_POLICY_RULE" | "VPC_FIREWALL_RULE" | "IMPLIED_VPC_FIREWALL_RULE" | "SERVERLESS_VPC_ACCESS_MANAGED_FIREWALL_RULE" | "NETWORK_FIREWALL_POLICY_RULE" | "NETWORK_REGIONAL_FIREWALL_POLICY_RULE" | "UNSUPPORTED_FIREWALL_POLICY_RULE" | "TRACKING_STATE" | "ANALYSIS_SKIPPED"; /** * The URI of the VPC network that the firewall rule is associated with. This * field is not applicable to hierarchical firewall policy rules. */ networkUri?: string; /** * The name of the firewall policy that this rule is associated with. This * field is not applicable to VPC firewall rules and implied VPC firewall * rules. */ policy?: string; /** * The URI of the firewall policy that this rule is associated with. This * field is not applicable to VPC firewall rules and implied VPC firewall * rules. */ policyUri?: string; /** * The priority of the firewall rule. */ priority?: number; /** * The target service accounts specified by the firewall rule. */ targetServiceAccounts?: string[]; /** * The target tags defined by the VPC firewall rule. This field is not * applicable to firewall policy rules. */ targetTags?: string[]; /** * The URI of the firewall rule. This field is not applicable to implied VPC * firewall rules. */ uri?: string; } /** * Details of the final state "forward" and associated resource. */ export interface ForwardInfo { /** * IP address of the target (if applicable). */ ipAddress?: string; /** * URI of the resource that the packet is forwarded to. */ resourceUri?: string; /** * Target type where this packet is forwarded to. */ target?: | "TARGET_UNSPECIFIED" | "PEERING_VPC" | "VPN_GATEWAY" | "INTERCONNECT" | "GKE_MASTER" | "IMPORTED_CUSTOM_ROUTE_NEXT_HOP" | "CLOUD_SQL_INSTANCE" | "ANOTHER_PROJECT" | "NCC_HUB" | "ROUTER_APPLIANCE"; } /** * For display only. Metadata associated with a Compute Engine forwarding rule. */ export interface ForwardingRuleInfo { /** * Name of the forwarding rule. */ displayName?: string; /** * Name of the load balancer the forwarding rule belongs to. Empty for * forwarding rules not related to load balancers (like PSC forwarding rules). */ loadBalancerName?: string; /** * Port range defined in the forwarding rule that matches the packet. */ matchedPortRange?: string; /** * Protocol defined in the forwarding rule that matches the packet. */ matchedProtocol?: string; /** * Network URI. */ networkUri?: string; /** * PSC Google API target this forwarding rule targets (if applicable). */ pscGoogleApiTarget?: string; /** * URI of the PSC service attachment this forwarding rule targets (if * applicable). */ pscServiceAttachmentUri?: string; /** * Region of the forwarding rule. Set only for regional forwarding rules. */ region?: string; /** * Target type of the forwarding rule. */ target?: string; /** * URI of the forwarding rule. */ uri?: string; /** * VIP of the forwarding rule. */ vip?: string; } /** * For display only. Metadata associated with a Google Kubernetes Engine (GKE) * cluster master. */ export interface GKEMasterInfo { /** * URI of a GKE cluster network. */ clusterNetworkUri?: string; /** * URI of a GKE cluster. */ clusterUri?: string; /** * DNS endpoint of a GKE cluster control plane. */ dnsEndpoint?: string; /** * External IP address of a GKE cluster control plane. */ externalIp?: string; /** * Internal IP address of a GKE cluster control plane. */ internalIp?: string; } /** * For display only. Details of a Google Service sending packets to a VPC * network. Although the source IP might be a publicly routable address, some * Google Services use special routes within Google production infrastructure to * reach Compute Engine Instances. * https://cloud.google.com/vpc/docs/routes#special_return_paths */ export interface GoogleServiceInfo { /** * Recognized type of a Google Service. */ googleServiceType?: | "GOOGLE_SERVICE_TYPE_UNSPECIFIED" | "IAP" | "GFE_PROXY_OR_HEALTH_CHECK_PROBER" | "CLOUD_DNS" | "GOOGLE_API" | "GOOGLE_API_PSC" | "GOOGLE_API_VPC_SC" | "SERVERLESS_VPC_ACCESS"; /** * Source IP address. */ sourceIp?: string; } /** * For display only. Metadata associated with a Compute Engine instance. */ export interface InstanceInfo { /** * Name of a Compute Engine instance. */ displayName?: string; /** * External IP address of the network interface. */ externalIp?: string; /** * Name of the network interface of a Compute Engine instance. */ interface?: string; /** * Internal IP address of the network interface. */ internalIp?: string; /** * Network tags configured on the instance. */ networkTags?: string[]; /** * URI of a Compute Engine network. */ networkUri?: string; /** * URI of the PSC network attachment the NIC is attached to (if relevant). */ pscNetworkAttachmentUri?: string; /** * Indicates whether the Compute Engine instance is running. */ running?: boolean; /** * Service account authorized for the instance. */ serviceAccount?: string; /** * URI of a Compute Engine instance. */ uri?: string; } /** * Describes measured latency distribution. */ export interface LatencyDistribution { /** * Representative latency percentiles. */ latencyPercentiles?: LatencyPercentile[]; } function serializeLatencyDistribution(data: any): LatencyDistribution { return { ...data, latencyPercentiles: data["latencyPercentiles"] !== undefined ? data["latencyPercentiles"].map((item: any) => (serializeLatencyPercentile(item))) : undefined, }; } function deserializeLatencyDistribution(data: any): LatencyDistribution { return { ...data, latencyPercentiles: data["latencyPercentiles"] !== undefined ? data["latencyPercentiles"].map((item: any) => (deserializeLatencyPercentile(item))) : undefined, }; } /** * Latency percentile rank and value. */ export interface LatencyPercentile { /** * percent-th percentile of latency observed, in microseconds. Fraction of * percent/100 of samples have latency lower or equal to the value of this * field. */ latencyMicros?: bigint; /** * Percentage of samples this data point applies to. */ percent?: number; } function serializeLatencyPercentile(data: any): LatencyPercentile { return { ...data, latencyMicros: data["latencyMicros"] !== undefined ? String(data["latencyMicros"]) : undefined, }; } function deserializeLatencyPercentile(data: any): LatencyPercentile { return { ...data, latencyMicros: data["latencyMicros"] !== undefined ? BigInt(data["latencyMicros"]) : undefined, }; } /** * Response for the `ListConnectivityTests` method. */ export interface ListConnectivityTestsResponse { /** * Page token to fetch the next set of Connectivity Tests. */ nextPageToken?: string; /** * List of Connectivity Tests. */ resources?: ConnectivityTest[]; /** * Locations that could not be reached (when querying all locations with * `-`). */ unreachable?: string[]; } /** * The response message for Locations.ListLocations. */ export interface ListLocationsResponse { /** * A list of locations that matches the specified filter in the request. */ locations?: Location[]; /** * The standard List next-page token. */ nextPageToken?: string; } /** * The response message for Operations.ListOperations. */ export interface ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string; /** * A list of operations that matches the specified filter in the request. */ operations?: Operation[]; } /** * Response for the `ListVpcFlowLogsConfigs` method. */ export interface ListVpcFlowLogsConfigsResponse { /** * Page token to fetch the next set of configurations. */ nextPageToken?: string; /** * Locations that could not be reached (when querying all locations with * `-`). */ unreachable?: string[]; /** * List of VPC Flow Log configurations. */ vpcFlowLogsConfigs?: VpcFlowLogsConfig[]; } /** * For display only. Metadata associated with a specific load balancer backend. */ export interface LoadBalancerBackend { /** * Name of a Compute Engine instance or network endpoint. */ displayName?: string; /** * A list of firewall rule URIs allowing probes from health check IP ranges. */ healthCheckAllowingFirewallRules?: string[]; /** * A list of firewall rule URIs blocking probes from health check IP ranges. */ healthCheckBlockingFirewallRules?: string[]; /** * State of the health check firewall configuration. */ healthCheckFirewallState?: | "HEALTH_CHECK_FIREWALL_STATE_UNSPECIFIED" | "CONFIGURED" | "MISCONFIGURED"; /** * URI of a Compute Engine instance or network endpoint. */ uri?: string; } /** * For display only. Metadata associated with the load balancer backend. */ export interface LoadBalancerBackendInfo { /** * URI of the backend bucket this backend targets (if applicable). */ backendBucketUri?: string; /** * URI of the backend service this backend belongs to (if applicable). */ backendServiceUri?: string; /** * Output only. Health check firewalls configuration state for the backend. * This is a result of the static firewall analysis (verifying that health * check traffic from required IP ranges to the backend is allowed or not). * The backend might still be unhealthy even if these firewalls are * configured. Please refer to the documentation for more information: * https://cloud.google.com/load-balancing/docs/firewall-rules */ readonly healthCheckFirewallsConfigState?: | "HEALTH_CHECK_FIREWALLS_CONFIG_STATE_UNSPECIFIED" | "FIREWALLS_CONFIGURED" | "FIREWALLS_PARTIALLY_CONFIGURED" | "FIREWALLS_NOT_CONFIGURED" | "FIREWALLS_UNSUPPORTED"; /** * URI of the health check attached to this backend (if applicable). */ healthCheckUri?: string; /** * URI of the instance group this backend belongs to (if applicable). */ instanceGroupUri?: string; /** * URI of the backend instance (if applicable). Populated for instance group * backends, and zonal NEG backends. */ instanceUri?: string; /** * Display name of the backend. For example, it might be an instance name for * the instance group backends, or an IP address and port for zonal network * endpoint group backends. */ name?: string; /** * URI of the network endpoint group this backend belongs to (if applicable). */ networkEndpointGroupUri?: string; /** * PSC Google API target this PSC NEG backend targets (if applicable). */ pscGoogleApiTarget?: string; /** * URI of the PSC service attachment this PSC NEG backend targets (if * applicable). */ pscServiceAttachmentUri?: string; } /** * For display only. Metadata associated with a load balancer. */ export interface LoadBalancerInfo { /** * Information for the loadbalancer backends. */ backends?: LoadBalancerBackend[]; /** * Type of load balancer's backend configuration. */ backendType?: | "BACKEND_TYPE_UNSPECIFIED" | "BACKEND_SERVICE" | "TARGET_POOL" | "TARGET_INSTANCE"; /** * Backend configuration URI. */ backendUri?: string; /** * URI of the health check for the load balancer. Deprecated and no longer * populated as different load balancer backends might have different health * checks. */ healthCheckUri?: string; /** * Type of the load balancer. */ loadBalancerType?: | "LOAD_BALANCER_TYPE_UNSPECIFIED" | "INTERNAL_TCP_UDP" | "NETWORK_TCP_UDP" | "HTTP_PROXY" | "TCP_PROXY" | "SSL_PROXY"; } /** * A resource that represents a Google Cloud location. */ export interface Location { /** * The friendly name for this location, typically a nearby city name. For * example, "Tokyo". */ displayName?: string; /** * Cross-service attributes for the location. For example * {"cloud.googleapis.com/region": "us-east1"} */ labels?: { [key: string]: string }; /** * The canonical id for this location. For example: `"us-east1"`. */ locationId?: string; /** * Service-specific metadata. For example the available capacity at the given * location. */ metadata?: { [key: string]: any }; /** * Resource name for the location, which may vary between implementations. * For example: `"projects/example-project/locations/us-east1"` */ name?: string; } /** * For display only. Metadata associated with NAT. */ export interface NatInfo { /** * The name of Cloud NAT Gateway. Only valid when type is CLOUD_NAT. */ natGatewayName?: string; /** * URI of the network where NAT translation takes place. */ networkUri?: string; /** * Destination IP address after NAT translation. */ newDestinationIp?: string; /** * Destination port after NAT translation. Only valid when protocol is TCP or * UDP. */ newDestinationPort?: number; /** * Source IP address after NAT translation. */ newSourceIp?: string; /** * Source port after NAT translation. Only valid when protocol is TCP or UDP. */ newSourcePort?: number; /** * Destination IP address before NAT translation. */ oldDestinationIp?: string; /** * Destination port before NAT translation. Only valid when protocol is TCP * or UDP. */ oldDestinationPort?: number; /** * Source IP address before NAT translation. */ oldSourceIp?: string; /** * Source port before NAT translation. Only valid when protocol is TCP or * UDP. */ oldSourcePort?: number; /** * IP protocol in string format, for example: "TCP", "UDP", "ICMP". */ protocol?: string; /** * Uri of the Cloud Router. Only valid when type is CLOUD_NAT. */ routerUri?: string; /** * Type of NAT. */ type?: | "TYPE_UNSPECIFIED" | "INTERNAL_TO_EXTERNAL" | "EXTERNAL_TO_INTERNAL" | "CLOUD_NAT" | "PRIVATE_SERVICE_CONNECT"; } /** * For display only. Metadata associated with a Compute Engine network. Next * ID: 7 */ export interface NetworkInfo { /** * Name of a Compute Engine network. */ displayName?: string; /** * The IP range of the subnet matching the source IP address of the test. */ matchedIpRange?: string; /** * URI of the subnet matching the source IP address of the test. */ matchedSubnetUri?: string; /** * The region of the subnet matching the source IP address of the test. */ region?: string; /** * URI of a Compute Engine network. */ uri?: string; } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Status; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal, successful response of the operation. If the original method * returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Metadata describing an Operation */ export interface OperationMetadata { /** * API version. */ apiVersion?: string; /** * Specifies if cancellation was requested for the operation. */ cancelRequested?: boolean; /** * The time the operation was created. */ createTime?: Date; /** * The time the operation finished running. */ endTime?: Date; /** * Human-readable status of the operation, if any. */ statusDetail?: string; /** * Target of the operation - for example * projects/project-1/locations/global/connectivityTests/test-1 */ target?: string; /** * Name of the verb executed by the operation. */ verb?: string; } function serializeOperationMetadata(data: any): OperationMetadata { return { ...data, createTime: data["createTime"] !== undefined ? data["createTime"].toISOString() : undefined, endTime: data["endTime"] !== undefined ? data["endTime"].toISOString() : undefined, }; } function deserializeOperationMetadata(data: any): OperationMetadata { return { ...data, createTime: data["createTime"] !== undefined ? new Date(data["createTime"]) : undefined, endTime: data["endTime"] !== undefined ? new Date(data["endTime"]) : undefined, }; } /** * An Identity and Access Management (IAM) policy, which specifies access * controls for Google Cloud resources. A `Policy` is a collection of * `bindings`. A `binding` binds one or more `members`, or principals, to a * single `role`. Principals can be user accounts, service accounts, Google * groups, and domains (such as G Suite). A `role` is a named list of * permissions; each `role` can be an IAM predefined role or a user-created * custom role. For some types of Google Cloud resources, a `binding` can also * specify a `condition`, which is a logical expression that allows access to a * resource only if the expression evaluates to `true`. A condition can add * constraints based on attributes of the request, the resource, or both. To * learn which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). * **JSON example:** ``` { "bindings": [ { "role": * "roles/resourcemanager.organizationAdmin", "members": [ * "user:mike@example.com", "group:admins@example.com", "domain:google.com", * "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": * "roles/resourcemanager.organizationViewer", "members": [ * "user:eve@example.com" ], "condition": { "title": "expirable access", * "description": "Does not grant access after Sep 2020", "expression": * "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": * "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: * - user:mike@example.com - group:admins@example.com - domain:google.com - * serviceAccount:my-project-id@appspot.gserviceaccount.com role: * roles/resourcemanager.organizationAdmin - members: - user:eve@example.com * role: roles/resourcemanager.organizationViewer condition: title: expirable * access description: Does not grant access after Sep 2020 expression: * request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= * version: 3 ``` For a description of IAM and its features, see the [IAM * documentation](https://cloud.google.com/iam/docs/). */ export interface Policy { /** * Specifies cloud audit logging configuration for this policy. */ auditConfigs?: AuditConfig[]; /** * Associates a list of `members`, or principals, with a `role`. Optionally, * may specify a `condition` that determines how and when the `bindings` are * applied. Each of the `bindings` must contain at least one principal. The * `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of * these principals can be Google groups. Each occurrence of a principal * counts towards these limits. For example, if the `bindings` grant 50 * different roles to `user:alice@example.com`, and not to any other * principal, then you can add another 1,450 principals to the `bindings` in * the `Policy`. */ bindings?: Binding[]; /** * `etag` is used for optimistic concurrency control as a way to help prevent * simultaneous updates of a policy from overwriting each other. It is * strongly suggested that systems make use of the `etag` in the * read-modify-write cycle to perform policy updates in order to avoid race * conditions: An `etag` is returned in the response to `getIamPolicy`, and * systems are expected to put that etag in the request to `setIamPolicy` to * ensure that their change will be applied to the same version of the policy. * **Important:** If you use IAM Conditions, you must include the `etag` field * whenever you call `setIamPolicy`. If you omit this field, then IAM allows * you to overwrite a version `3` policy with a version `1` policy, and all of * the conditions in the version `3` policy are lost. */ etag?: Uint8Array; /** * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. * Requests that specify an invalid value are rejected. Any operation that * affects conditional role bindings must specify version `3`. This * requirement applies to the following operations: * Getting a policy that * includes a conditional role binding * Adding a conditional role binding to * a policy * Changing a conditional role binding in a policy * Removing any * role binding, with or without a condition, from a policy that includes * conditions **Important:** If you use IAM Conditions, you must include the * `etag` field whenever you call `setIamPolicy`. If you omit this field, then * IAM allows you to overwrite a version `3` policy with a version `1` policy, * and all of the conditions in the version `3` policy are lost. If a policy * does not include any conditions, operations on that policy may specify any * valid version or leave the field unset. To learn which resources support * conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ version?: number; } function serializePolicy(data: any): Policy { return { ...data, etag: data["etag"] !== undefined ? encodeBase64(data["etag"]) : undefined, }; } function deserializePolicy(data: any): Policy { return { ...data, etag: data["etag"] !== undefined ? decodeBase64(data["etag"] as string) : undefined, }; } /** * Results of active probing from the last run of the test. */ export interface ProbingDetails { /** * The reason probing was aborted. */ abortCause?: | "PROBING_ABORT_CAUSE_UNSPECIFIED" | "PERMISSION_DENIED" | "NO_SOURCE_LOCATION"; /** * The EdgeLocation from which a packet, destined to the internet, will * egress the Google network. This will only be populated for a connectivity * test which has an internet destination address. The absence of this field * *must not* be used as an indication that the destination is part of the * Google network. */ destinationEgressLocation?: EdgeLocation; /** * Probing results for all edge devices. */ edgeResponses?: SingleEdgeResponse[]; /** * The source and destination endpoints derived from the test input and used * for active probing. */ endpointInfo?: EndpointInfo; /** * Details about an internal failure or the cancellation of active probing. */ error?: Status; /** * Whether all relevant edge devices were probed. */ probedAllDevices?: boolean; /** * Latency as measured by active probing in one direction: from the source to * the destination endpoint. */ probingLatency?: LatencyDistribution; /** * The overall result of active probing. */ result?: | "PROBING_RESULT_UNSPECIFIED" | "REACHABLE" | "UNREACHABLE" | "REACHABILITY_INCONSISTENT" | "UNDETERMINED"; /** * Number of probes sent. */ sentProbeCount?: number; /** * Number of probes that reached the destination. */ successfulProbeCount?: number; /** * The time that reachability was assessed through active probing. */ verifyTime?: Date; } function serializeProbingDetails(data: any): ProbingDetails { return { ...data, edgeResponses: data["edgeResponses"] !== undefined ? data["edgeResponses"].map((item: any) => (serializeSingleEdgeResponse(item))) : undefined, probingLatency: data["probingLatency"] !== undefined ? serializeLatencyDistribution(data["probingLatency"]) : undefined, verifyTime: data["verifyTime"] !== undefined ? data["verifyTime"].toISOString() : undefined, }; } function deserializeProbingDetails(data: any): ProbingDetails { return { ...data, edgeResponses: data["edgeResponses"] !== undefined ? data["edgeResponses"].map((item: any) => (deserializeSingleEdgeResponse(item))) : undefined, probingLatency: data["probingLatency"] !== undefined ? deserializeLatencyDistribution(data["probingLatency"]) : undefined, verifyTime: data["verifyTime"] !== undefined ? new Date(data["verifyTime"]) : undefined, }; } /** * Additional options for * NetworkManagement#projectsLocationsGlobalConnectivityTestsCreate. */ export interface ProjectsLocationsGlobalConnectivityTestsCreateOptions { /** * Required. The logical name of the Connectivity Test in your project with * the following restrictions: * Must contain only lowercase letters, numbers, * and hyphens. * Must start with a letter. * Must be between 1-40 characters. * * Must end with a number or a letter. * Must be unique within the customer * project */ testId?: string; } /** * Additional options for * NetworkManagement#projectsLocationsGlobalConnectivityTestsGetIamPolicy. */ export interface ProjectsLocationsGlobalConnectivityTestsGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkManagement#projectsLocationsGlobalConnectivityTestsList. */ export interface ProjectsLocationsGlobalConnectivityTestsListOptions { /** * Lists the `ConnectivityTests` that match the filter expression. A filter * expression filters the resources listed in the response. The expression * must be of the form ` ` where operators: `<`, `>`, `<=`, `>=`, `!=`, `=`, * `:` are supported (colon `:` represents a HAS operator which is roughly * synonymous with equality). can refer to a proto or JSON field, or a * synthetic field. Field names can be camelCase or snake_case. Examples: - * Filter by name: name = * "projects/proj-1/locations/global/connectivityTests/test-1 - Filter by * labels: - Resources that have a key called `foo` labels.foo:* - Resources * that have a key called `foo` whose value is `bar` labels.foo = bar */ filter?: string; /** * Field to use to sort the list. */ orderBy?: string; /** * Number of `ConnectivityTests` to return. */ pageSize?: number; /** * Page token from an earlier query, as returned in `next_page_token`. */ pageToken?: string; } /** * Additional options for * NetworkManagement#projectsLocationsGlobalConnectivityTestsPatch. */ export interface ProjectsLocationsGlobalConnectivityTestsPatchOptions { /** * Required. Mask of fields to update. At least one path must be supplied in * this field. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsGlobalConnectivityTestsPatchOptions(data: any): ProjectsLocationsGlobalConnectivityTestsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsGlobalConnectivityTestsPatchOptions(data: any): ProjectsLocationsGlobalConnectivityTestsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkManagement#projectsLocationsGlobalOperationsList. */ export interface ProjectsLocationsGlobalOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * Additional options for NetworkManagement#projectsLocationsList. */ export interface ProjectsLocationsListOptions { /** * Optional. A list of extra location types that should be used as conditions * for controlling the visibility of the locations. */ extraLocationTypes?: string; /** * A filter to narrow down results to a preferred subset. The filtering * language accepts strings like `"displayName=tokyo"`, and is documented in * more detail in [AIP-160](https://google.aip.dev/160). */ filter?: string; /** * The maximum number of results to return. If not set, the service selects a * default. */ pageSize?: number; /** * A page token received from the `next_page_token` field in the response. * Send that page token to receive the subsequent page. */ pageToken?: string; } /** * Additional options for * NetworkManagement#projectsLocationsVpcFlowLogsConfigsCreate. */ export interface ProjectsLocationsVpcFlowLogsConfigsCreateOptions { /** * Required. ID of the `VpcFlowLogsConfig`. */ vpcFlowLogsConfigId?: string; } /** * Additional options for * NetworkManagement#projectsLocationsVpcFlowLogsConfigsList. */ export interface ProjectsLocationsVpcFlowLogsConfigsListOptions { /** * Optional. Lists the `VpcFlowLogsConfigs` that match the filter expression. * A filter expression must use the supported [CEL logic operators] * (https://cloud.google.com/vpc/docs/about-flow-logs-records#supported_cel_logic_operators). */ filter?: string; /** * Optional. Field to use to sort the list. */ orderBy?: string; /** * Optional. Number of `VpcFlowLogsConfigs` to return. */ pageSize?: number; /** * Optional. Page token from an earlier query, as returned in * `next_page_token`. */ pageToken?: string; } /** * Additional options for * NetworkManagement#projectsLocationsVpcFlowLogsConfigsPatch. */ export interface ProjectsLocationsVpcFlowLogsConfigsPatchOptions { /** * Required. Mask of fields to update. At least one path must be supplied in * this field. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsVpcFlowLogsConfigsPatchOptions(data: any): ProjectsLocationsVpcFlowLogsConfigsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsVpcFlowLogsConfigsPatchOptions(data: any): ProjectsLocationsVpcFlowLogsConfigsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * For display only. Metadata associated with ProxyConnection. */ export interface ProxyConnectionInfo { /** * URI of the network where connection is proxied. */ networkUri?: string; /** * Destination IP address of a new connection. */ newDestinationIp?: string; /** * Destination port of a new connection. Only valid when protocol is TCP or * UDP. */ newDestinationPort?: number; /** * Source IP address of a new connection. */ newSourceIp?: string; /** * Source port of a new connection. Only valid when protocol is TCP or UDP. */ newSourcePort?: number; /** * Destination IP address of an original connection */ oldDestinationIp?: string; /** * Destination port of an original connection. Only valid when protocol is * TCP or UDP. */ oldDestinationPort?: number; /** * Source IP address of an original connection. */ oldSourceIp?: string; /** * Source port of an original connection. Only valid when protocol is TCP or * UDP. */ oldSourcePort?: number; /** * IP protocol in string format, for example: "TCP", "UDP", "ICMP". */ protocol?: string; /** * Uri of proxy subnet. */ subnetUri?: string; } /** * Results of the configuration analysis from the last run of the test. */ export interface ReachabilityDetails { /** * The details of a failure or a cancellation of reachability analysis. */ error?: Status; /** * The overall result of the test's configuration analysis. */ result?: | "RESULT_UNSPECIFIED" | "REACHABLE" | "UNREACHABLE" | "AMBIGUOUS" | "UNDETERMINED"; /** * Result may contain a list of traces if a test has multiple possible paths * in the network, such as when destination endpoint is a load balancer with * multiple backends. */ traces?: Trace[]; /** * The time of the configuration analysis. */ verifyTime?: Date; } function serializeReachabilityDetails(data: any): ReachabilityDetails { return { ...data, traces: data["traces"] !== undefined ? data["traces"].map((item: any) => (serializeTrace(item))) : undefined, verifyTime: data["verifyTime"] !== undefined ? data["verifyTime"].toISOString() : undefined, }; } function deserializeReachabilityDetails(data: any): ReachabilityDetails { return { ...data, traces: data["traces"] !== undefined ? data["traces"].map((item: any) => (deserializeTrace(item))) : undefined, verifyTime: data["verifyTime"] !== undefined ? new Date(data["verifyTime"]) : undefined, }; } /** * For display only. Metadata associated with a Redis Cluster. */ export interface RedisClusterInfo { /** * Discovery endpoint IP address of a Redis Cluster. */ discoveryEndpointIpAddress?: string; /** * Name of a Redis Cluster. */ displayName?: string; /** * Name of the region in which the Redis Cluster is defined. For example, * "us-central1". */ location?: string; /** * URI of the network containing the Redis Cluster endpoints in format * "projects/{project_id}/global/networks/{network_id}". */ networkUri?: string; /** * Secondary endpoint IP address of a Redis Cluster. */ secondaryEndpointIpAddress?: string; /** * URI of a Redis Cluster in format * "projects/{project_id}/locations/{location}/clusters/{cluster_id}" */ uri?: string; } /** * For display only. Metadata associated with a Cloud Redis Instance. */ export interface RedisInstanceInfo { /** * Name of a Cloud Redis Instance. */ displayName?: string; /** * URI of a Cloud Redis Instance network. */ networkUri?: string; /** * Primary endpoint IP address of a Cloud Redis Instance. */ primaryEndpointIp?: string; /** * Read endpoint IP address of a Cloud Redis Instance (if applicable). */ readEndpointIp?: string; /** * Region in which the Cloud Redis Instance is defined. */ region?: string; /** * URI of a Cloud Redis Instance. */ uri?: string; } /** * Request for the `RerunConnectivityTest` method. */ export interface RerunConnectivityTestRequest { } /** * For display only. Metadata associated with a Compute Engine route. */ export interface RouteInfo { /** * For ADVERTISED routes, the URI of their next hop, i.e. the URI of the * hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) * the advertised prefix is advertised through, or URI of the source peered * network. Deprecated in favor of the next_hop_uri field, not used in new * tests. */ advertisedRouteNextHopUri?: string; /** * For ADVERTISED dynamic routes, the URI of the Cloud Router that advertised * the corresponding IP prefix. */ advertisedRouteSourceRouterUri?: string; /** * Destination IP range of the route. */ destIpRange?: string; /** * Destination port ranges of the route. POLICY_BASED routes only. */ destPortRanges?: string[]; /** * Name of a route. */ displayName?: string; /** * Instance tags of the route. */ instanceTags?: string[]; /** * For PEERING_SUBNET and PEERING_DYNAMIC routes that are advertised by NCC * Hub, the URI of the corresponding route in NCC Hub's routing table. */ nccHubRouteUri?: string; /** * URI of the NCC Hub the route is advertised by. PEERING_SUBNET and * PEERING_DYNAMIC routes that are advertised by NCC Hub only. */ nccHubUri?: string; /** * URI of the destination NCC Spoke. PEERING_SUBNET and PEERING_DYNAMIC * routes that are advertised by NCC Hub only. */ nccSpokeUri?: string; /** * URI of a VPC network where route is located. */ networkUri?: string; /** * String type of the next hop of the route (for example, "VPN tunnel"). * Deprecated in favor of the next_hop_type and next_hop_uri fields, not used * in new tests. */ nextHop?: string; /** * URI of a VPC network where the next hop resource is located. */ nextHopNetworkUri?: string; /** * Type of next hop. */ nextHopType?: | "NEXT_HOP_TYPE_UNSPECIFIED" | "NEXT_HOP_IP" | "NEXT_HOP_INSTANCE" | "NEXT_HOP_NETWORK" | "NEXT_HOP_PEERING" | "NEXT_HOP_INTERCONNECT" | "NEXT_HOP_VPN_TUNNEL" | "NEXT_HOP_VPN_GATEWAY" | "NEXT_HOP_INTERNET_GATEWAY" | "NEXT_HOP_BLACKHOLE" | "NEXT_HOP_ILB" | "NEXT_HOP_ROUTER_APPLIANCE" | "NEXT_HOP_NCC_HUB"; /** * URI of the next hop resource. */ nextHopUri?: string; /** * For PEERING_SUBNET, PEERING_STATIC and PEERING_DYNAMIC routes, the name of * the originating SUBNET/STATIC/DYNAMIC route. */ originatingRouteDisplayName?: string; /** * For PEERING_SUBNET and PEERING_STATIC routes, the URI of the originating * SUBNET/STATIC route. */ originatingRouteUri?: string; /** * Priority of the route. */ priority?: number; /** * Protocols of the route. POLICY_BASED routes only. */ protocols?: string[]; /** * Region of the route. DYNAMIC, PEERING_DYNAMIC, POLICY_BASED and ADVERTISED * routes only. If set for POLICY_BASED route, this is a region of VLAN * attachments for Cloud Interconnect the route applies to. */ region?: string; /** * Indicates where route is applicable. Deprecated, routes with NCC_HUB scope * are not included in the trace in new tests. */ routeScope?: | "ROUTE_SCOPE_UNSPECIFIED" | "NETWORK" | "NCC_HUB"; /** * Type of route. */ routeType?: | "ROUTE_TYPE_UNSPECIFIED" | "SUBNET" | "STATIC" | "DYNAMIC" | "PEERING_SUBNET" | "PEERING_STATIC" | "PEERING_DYNAMIC" | "POLICY_BASED" | "ADVERTISED"; /** * Source IP address range of the route. POLICY_BASED routes only. */ srcIpRange?: string; /** * Source port ranges of the route. POLICY_BASED routes only. */ srcPortRanges?: string[]; /** * URI of a route. SUBNET, STATIC, PEERING_SUBNET (only for peering network) * and POLICY_BASED routes only. */ uri?: string; } /** * For display only. Metadata associated with a serverless public connection. */ export interface ServerlessExternalConnectionInfo { /** * Selected starting IP address, from the Google dynamic address pool. */ selectedIpAddress?: string; } /** * For display only. Metadata associated with the serverless network endpoint * group backend. */ export interface ServerlessNegInfo { /** * URI of the serverless network endpoint group. */ negUri?: string; } /** * Request message for `SetIamPolicy` method. */ export interface SetIamPolicyRequest { /** * REQUIRED: The complete policy to be applied to the `resource`. The size of * the policy is limited to a few 10s of KB. An empty policy is a valid policy * but certain Google Cloud services (such as Projects) might reject them. */ policy?: Policy; /** * OPTIONAL: A FieldMask specifying which fields of the policy to modify. * Only the fields in the mask will be modified. If no mask is provided, the * following default mask is used: `paths: "bindings, etag"` */ updateMask?: string /* FieldMask */; } function serializeSetIamPolicyRequest(data: any): SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? serializePolicy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeSetIamPolicyRequest(data: any): SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? deserializePolicy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Probing results for a single edge device. */ export interface SingleEdgeResponse { /** * The EdgeLocation from which a packet, destined to the internet, will * egress the Google network. This will only be populated for a connectivity * test which has an internet destination address. The absence of this field * *must not* be used as an indication that the destination is part of the * Google network. */ destinationEgressLocation?: EdgeLocation; /** * Router name in the format '{router}.{metroshard}'. For example: * pf01.aaa01, pr02.aaa01. */ destinationRouter?: string; /** * Latency as measured by active probing in one direction: from the source to * the destination endpoint. */ probingLatency?: LatencyDistribution; /** * The overall result of active probing for this egress device. */ result?: | "PROBING_RESULT_UNSPECIFIED" | "REACHABLE" | "UNREACHABLE" | "REACHABILITY_INCONSISTENT" | "UNDETERMINED"; /** * Number of probes sent. */ sentProbeCount?: number; /** * Number of probes that reached the destination. */ successfulProbeCount?: number; } function serializeSingleEdgeResponse(data: any): SingleEdgeResponse { return { ...data, probingLatency: data["probingLatency"] !== undefined ? serializeLatencyDistribution(data["probingLatency"]) : undefined, }; } function deserializeSingleEdgeResponse(data: any): SingleEdgeResponse { return { ...data, probingLatency: data["probingLatency"] !== undefined ? deserializeLatencyDistribution(data["probingLatency"]) : undefined, }; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * A simulated forwarding path is composed of multiple steps. Each step has a * well-defined state and an associated configuration. */ export interface Step { /** * Display information of the final state "abort" and reason. */ abort?: AbortInfo; /** * Display information of an App Engine service version. */ appEngineVersion?: AppEngineVersionInfo; /** * This is a step that leads to the final state Drop. */ causesDrop?: boolean; /** * Display information of a Cloud Function. */ cloudFunction?: CloudFunctionInfo; /** * Display information of a Cloud Run revision. */ cloudRunRevision?: CloudRunRevisionInfo; /** * Display information of a Cloud SQL instance. */ cloudSqlInstance?: CloudSQLInstanceInfo; /** * Display information of the final state "deliver" and reason. */ deliver?: DeliverInfo; /** * A description of the step. Usually this is a summary of the state. */ description?: string; /** * Display information of a serverless direct VPC egress connection. */ directVpcEgressConnection?: DirectVpcEgressConnectionInfo; /** * Display information of the final state "drop" and reason. */ drop?: DropInfo; /** * Display information of the source and destination under analysis. The * endpoint information in an intermediate state may differ with the initial * input, as it might be modified by state like NAT, or Connection Proxy. */ endpoint?: EndpointInfo; /** * Display information of a Compute Engine firewall rule. */ firewall?: FirewallInfo; /** * Display information of the final state "forward" and reason. */ forward?: ForwardInfo; /** * Display information of a Compute Engine forwarding rule. */ forwardingRule?: ForwardingRuleInfo; /** * Display information of a Google Kubernetes Engine cluster master. */ gkeMaster?: GKEMasterInfo; /** * Display information of a Google service */ googleService?: GoogleServiceInfo; /** * Display information of a Compute Engine instance. */ instance?: InstanceInfo; /** * Display information of the load balancers. Deprecated in favor of the * `load_balancer_backend_info` field, not used in new tests. */ loadBalancer?: LoadBalancerInfo; /** * Display information of a specific load balancer backend. */ loadBalancerBackendInfo?: LoadBalancerBackendInfo; /** * Display information of a NAT. */ nat?: NatInfo; /** * Display information of a Google Cloud network. */ network?: NetworkInfo; /** * Project ID that contains the configuration this step is validating. */ projectId?: string; /** * Display information of a ProxyConnection. */ proxyConnection?: ProxyConnectionInfo; /** * Display information of a Redis Cluster. */ redisCluster?: RedisClusterInfo; /** * Display information of a Redis Instance. */ redisInstance?: RedisInstanceInfo; /** * Display information of a Compute Engine route. */ route?: RouteInfo; /** * Display information of a serverless public (external) connection. */ serverlessExternalConnection?: ServerlessExternalConnectionInfo; /** * Display information of a Serverless network endpoint group backend. Used * only for return traces. */ serverlessNeg?: ServerlessNegInfo; /** * Each step is in one of the pre-defined states. */ state?: | "STATE_UNSPECIFIED" | "START_FROM_INSTANCE" | "START_FROM_INTERNET" | "START_FROM_GOOGLE_SERVICE" | "START_FROM_PRIVATE_NETWORK" | "START_FROM_GKE_MASTER" | "START_FROM_CLOUD_SQL_INSTANCE" | "START_FROM_REDIS_INSTANCE" | "START_FROM_REDIS_CLUSTER" | "START_FROM_CLOUD_FUNCTION" | "START_FROM_APP_ENGINE_VERSION" | "START_FROM_CLOUD_RUN_REVISION" | "START_FROM_STORAGE_BUCKET" | "START_FROM_PSC_PUBLISHED_SERVICE" | "START_FROM_SERVERLESS_NEG" | "APPLY_INGRESS_FIREWALL_RULE" | "APPLY_EGRESS_FIREWALL_RULE" | "APPLY_ROUTE" | "APPLY_FORWARDING_RULE" | "ANALYZE_LOAD_BALANCER_BACKEND" | "SPOOFING_APPROVED" | "ARRIVE_AT_INSTANCE" | "ARRIVE_AT_INTERNAL_LOAD_BALANCER" | "ARRIVE_AT_EXTERNAL_LOAD_BALANCER" | "ARRIVE_AT_VPN_GATEWAY" | "ARRIVE_AT_VPN_TUNNEL" | "ARRIVE_AT_VPC_CONNECTOR" | "DIRECT_VPC_EGRESS_CONNECTION" | "SERVERLESS_EXTERNAL_CONNECTION" | "NAT" | "PROXY_CONNECTION" | "DELIVER" | "DROP" | "FORWARD" | "ABORT" | "VIEWER_PERMISSION_MISSING"; /** * Display information of a Storage Bucket. Used only for return traces. */ storageBucket?: StorageBucketInfo; /** * Display information of a VPC connector. */ vpcConnector?: VpcConnectorInfo; /** * Display information of a Compute Engine VPN gateway. */ vpnGateway?: VpnGatewayInfo; /** * Display information of a Compute Engine VPN tunnel. */ vpnTunnel?: VpnTunnelInfo; } function serializeStep(data: any): Step { return { ...data, cloudFunction: data["cloudFunction"] !== undefined ? serializeCloudFunctionInfo(data["cloudFunction"]) : undefined, }; } function deserializeStep(data: any): Step { return { ...data, cloudFunction: data["cloudFunction"] !== undefined ? deserializeCloudFunctionInfo(data["cloudFunction"]) : undefined, }; } /** * For display only. Metadata associated with Storage Bucket. */ export interface StorageBucketInfo { /** * Cloud Storage Bucket name. */ bucket?: string; } /** * Request message for `TestIamPermissions` method. */ export interface TestIamPermissionsRequest { /** * The set of permissions to check for the `resource`. Permissions with * wildcards (such as `*` or `storage.*`) are not allowed. For more * information see [IAM * Overview](https://cloud.google.com/iam/docs/overview#permissions). */ permissions?: string[]; } /** * Response message for `TestIamPermissions` method. */ export interface TestIamPermissionsResponse { /** * A subset of `TestPermissionsRequest.permissions` that the caller is * allowed. */ permissions?: string[]; } /** * Trace represents one simulated packet forwarding path. * Each trace contains * multiple ordered steps. * Each step is in a particular state with associated * configuration. * State is categorized as final or non-final states. * Each * final state has a reason associated. * Each trace must end with a final state * (the last step). ``` |---------------------Trace----------------------| * Step1(State) Step2(State) --- StepN(State(final)) ``` */ export interface Trace { /** * Derived from the source and destination endpoints definition specified by * user request, and validated by the data plane model. If there are multiple * traces starting from different source locations, then the endpoint_info may * be different between traces. */ endpointInfo?: EndpointInfo; /** * ID of trace. For forward traces, this ID is unique for each trace. For * return traces, it matches ID of associated forward trace. A single forward * trace can be associated with none, one or more than one return trace. */ forwardTraceId?: number; /** * A trace of a test contains multiple steps from the initial state to the * final state (delivered, dropped, forwarded, or aborted). The steps are * ordered by the processing sequence within the simulated network state * machine. It is critical to preserve the order of the steps and avoid * reordering or sorting them. */ steps?: Step[]; } function serializeTrace(data: any): Trace { return { ...data, steps: data["steps"] !== undefined ? data["steps"].map((item: any) => (serializeStep(item))) : undefined, }; } function deserializeTrace(data: any): Trace { return { ...data, steps: data["steps"] !== undefined ? data["steps"].map((item: any) => (deserializeStep(item))) : undefined, }; } /** * For display only. Metadata associated with a VPC connector. */ export interface VpcConnectorInfo { /** * Name of a VPC connector. */ displayName?: string; /** * Location in which the VPC connector is deployed. */ location?: string; /** * URI of a VPC connector. */ uri?: string; } /** * A configuration to generate VPC Flow Logs. */ export interface VpcFlowLogsConfig { /** * Optional. The aggregation interval for the logs. Default value is * INTERVAL_5_SEC. */ aggregationInterval?: | "AGGREGATION_INTERVAL_UNSPECIFIED" | "INTERVAL_5_SEC" | "INTERVAL_30_SEC" | "INTERVAL_1_MIN" | "INTERVAL_5_MIN" | "INTERVAL_10_MIN" | "INTERVAL_15_MIN"; /** * Output only. The time the config was created. */ readonly createTime?: Date; /** * Optional. The user-supplied description of the VPC Flow Logs * configuration. Maximum of 512 characters. */ description?: string; /** * Optional. Export filter used to define which VPC Flow Logs should be * logged. */ filterExpr?: string; /** * Optional. The value of the field must be in (0, 1]. The sampling rate of * VPC Flow Logs where 1.0 means all collected logs are reported. Setting the * sampling rate to 0.0 is not allowed. If you want to disable VPC Flow Logs, * use the state field instead. Default value is 1.0. */ flowSampling?: number; /** * Traffic will be logged from the Interconnect Attachment. Format: * projects/{project_id}/regions/{region}/interconnectAttachments/{name} */ interconnectAttachment?: string; /** * Optional. Resource labels to represent user-provided metadata. */ labels?: { [key: string]: string }; /** * Optional. Configures whether all, none or a subset of metadata fields * should be added to the reported VPC flow logs. Default value is * INCLUDE_ALL_METADATA. */ metadata?: | "METADATA_UNSPECIFIED" | "INCLUDE_ALL_METADATA" | "EXCLUDE_ALL_METADATA" | "CUSTOM_METADATA"; /** * Optional. Custom metadata fields to include in the reported VPC flow logs. * Can only be specified if "metadata" was set to CUSTOM_METADATA. */ metadataFields?: string[]; /** * Identifier. Unique name of the configuration using the form: * `projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}` */ name?: string; /** * Optional. The state of the VPC Flow Log configuration. Default value is * ENABLED. When creating a new configuration, it must be enabled. Setting * state=DISABLED will pause the log generation for this config. */ state?: | "STATE_UNSPECIFIED" | "ENABLED" | "DISABLED"; /** * Output only. A diagnostic bit - describes the state of the configured * target resource for diagnostic purposes. */ readonly targetResourceState?: | "TARGET_RESOURCE_STATE_UNSPECIFIED" | "TARGET_RESOURCE_EXISTS" | "TARGET_RESOURCE_DOES_NOT_EXIST"; /** * Output only. The time the config was updated. */ readonly updateTime?: Date; /** * Traffic will be logged from the VPN Tunnel. Format: * projects/{project_id}/regions/{region}/vpnTunnels/{name} */ vpnTunnel?: string; } /** * For display only. Metadata associated with a Compute Engine VPN gateway. */ export interface VpnGatewayInfo { /** * Name of a VPN gateway. */ displayName?: string; /** * IP address of the VPN gateway. */ ipAddress?: string; /** * URI of a Compute Engine network where the VPN gateway is configured. */ networkUri?: string; /** * Name of a Google Cloud region where this VPN gateway is configured. */ region?: string; /** * URI of a VPN gateway. */ uri?: string; /** * A VPN tunnel that is associated with this VPN gateway. There may be * multiple VPN tunnels configured on a VPN gateway, and only the one relevant * to the test is displayed. */ vpnTunnelUri?: string; } /** * For display only. Metadata associated with a Compute Engine VPN tunnel. */ export interface VpnTunnelInfo { /** * Name of a VPN tunnel. */ displayName?: string; /** * URI of a Compute Engine network where the VPN tunnel is configured. */ networkUri?: string; /** * Name of a Google Cloud region where this VPN tunnel is configured. */ region?: string; /** * URI of a VPN gateway at remote end of the tunnel. */ remoteGateway?: string; /** * Remote VPN gateway's IP address. */ remoteGatewayIp?: string; /** * Type of the routing policy. */ routingType?: | "ROUTING_TYPE_UNSPECIFIED" | "ROUTE_BASED" | "POLICY_BASED" | "DYNAMIC"; /** * URI of the VPN gateway at local end of the tunnel. */ sourceGateway?: string; /** * Local VPN gateway's IP address. */ sourceGatewayIp?: string; /** * URI of a VPN tunnel. */ uri?: string; } function decodeBase64(b64: string): Uint8Array { const binString = atob(b64); const size = binString.length; const bytes = new Uint8Array(size); for (let i = 0; i < size; i++) { bytes[i] = binString.charCodeAt(i); } return bytes; } const base64abc = ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","0","1","2","3","4","5","6","7","8","9","+","/"]; /** * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727 * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation * @param data */ function encodeBase64(uint8: Uint8Array): string { let result = "", i; const l = uint8.length; for (i = 2; i < l; i += 3) { result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)]; result += base64abc[uint8[i] & 0x3f]; } if (i === l + 1) { // 1 octet yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[(uint8[i - 2] & 0x03) << 4]; result += "=="; } if (i === l) { // 2 octets yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[(uint8[i - 1] & 0x0f) << 2]; result += "="; } return result; }