// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Network Security API Client for Deno * ==================================== * * * * Docs: https://cloud.google.com/networking * Source: https://googleapis.deno.dev/v1/networksecurity:v1.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; export class NetworkSecurity { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://networksecurity.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Adds items to an address group. * * @param addressGroup Required. A name of the AddressGroup to add items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsAddItems(addressGroup: string, req: AddAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:addItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Clones items from one address group to another. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsCloneItems(addressGroup: string, req: CloneAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:cloneItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Creates a new address group in a given project and location. * * @param parent Required. The parent resource of the AddressGroup. Must be in the format `projects/*/locations/{location}`. */ async organizationsLocationsAddressGroupsCreate(parent: string, req: AddressGroup, opts: OrganizationsLocationsAddressGroupsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.addressGroupId !== undefined) { url.searchParams.append("addressGroupId", String(opts.addressGroupId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes an address group. * * @param name Required. A name of the AddressGroup to delete. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsDelete(name: string, opts: OrganizationsLocationsAddressGroupsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single address group. * * @param name Required. A name of the AddressGroup to get. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AddressGroup; } /** * Lists address groups in a given project and location. * * @param parent Required. The project and location from which the AddressGroups should be listed, specified in the format `projects/*/locations/{location}`. */ async organizationsLocationsAddressGroupsList(parent: string, opts: OrganizationsLocationsAddressGroupsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupsResponse; } /** * Lists references of an address group. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsListReferences(addressGroup: string, opts: OrganizationsLocationsAddressGroupsListReferencesOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:listReferences`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupReferencesResponse; } /** * Updates parameters of an address group. * * @param name Required. Name of the AddressGroup resource. It matches pattern `projects/*/locations/{location}/addressGroups/`. */ async organizationsLocationsAddressGroupsPatch(name: string, req: AddressGroup, opts: OrganizationsLocationsAddressGroupsPatchOptions = {}): Promise { opts = serializeOrganizationsLocationsAddressGroupsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Removes items from an address group. * * @param addressGroup Required. A name of the AddressGroup to remove items from. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async organizationsLocationsAddressGroupsRemoveItems(addressGroup: string, req: RemoveAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:removeItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async organizationsLocationsOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Empty; } /** * Deletes a long-running operation. This method indicates that the client is * no longer interested in the operation result. It does not cancel the * operation. If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. * * @param name The name of the operation resource to be deleted. */ async organizationsLocationsOperationsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Empty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async organizationsLocationsOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async organizationsLocationsOperationsList(name: string, opts: OrganizationsLocationsOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } /** * Adds items to an address group. * * @param addressGroup Required. A name of the AddressGroup to add items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsAddItems(addressGroup: string, req: AddAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:addItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Clones items from one address group to another. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsCloneItems(addressGroup: string, req: CloneAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:cloneItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Creates a new address group in a given project and location. * * @param parent Required. The parent resource of the AddressGroup. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsAddressGroupsCreate(parent: string, req: AddressGroup, opts: ProjectsLocationsAddressGroupsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.addressGroupId !== undefined) { url.searchParams.append("addressGroupId", String(opts.addressGroupId)); } if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single address group. * * @param name Required. A name of the AddressGroup to delete. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsDelete(name: string, opts: ProjectsLocationsAddressGroupsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single address group. * * @param name Required. A name of the AddressGroup to get. Must be in the format `projects/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AddressGroup; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAddressGroupsGetIamPolicy(resource: string, opts: ProjectsLocationsAddressGroupsGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists address groups in a given project and location. * * @param parent Required. The project and location from which the AddressGroups should be listed, specified in the format `projects/*/locations/{location}`. */ async projectsLocationsAddressGroupsList(parent: string, opts: ProjectsLocationsAddressGroupsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/addressGroups`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupsResponse; } /** * Lists references of an address group. * * @param addressGroup Required. A name of the AddressGroup to clone items to. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsListReferences(addressGroup: string, opts: ProjectsLocationsAddressGroupsListReferencesOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:listReferences`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAddressGroupReferencesResponse; } /** * Updates the parameters of a single address group. * * @param name Required. Name of the AddressGroup resource. It matches pattern `projects/*/locations/{location}/addressGroups/`. */ async projectsLocationsAddressGroupsPatch(name: string, req: AddressGroup, opts: ProjectsLocationsAddressGroupsPatchOptions = {}): Promise { opts = serializeProjectsLocationsAddressGroupsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.requestId !== undefined) { url.searchParams.append("requestId", String(opts.requestId)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Removes items from an address group. * * @param addressGroup Required. A name of the AddressGroup to remove items from. Must be in the format `projects|organization/*/locations/{location}/addressGroups/*`. */ async projectsLocationsAddressGroupsRemoveItems(addressGroup: string, req: RemoveAddressGroupItemsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ addressGroup }:removeItems`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAddressGroupsSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAddressGroupsTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new AuthorizationPolicy in a given project and location. * * @param parent Required. The parent resource of the AuthorizationPolicy. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsAuthorizationPoliciesCreate(parent: string, req: AuthorizationPolicy, opts: ProjectsLocationsAuthorizationPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/authorizationPolicies`); if (opts.authorizationPolicyId !== undefined) { url.searchParams.append("authorizationPolicyId", String(opts.authorizationPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single AuthorizationPolicy. * * @param name Required. A name of the AuthorizationPolicy to delete. Must be in the format `projects/{project}/locations/{location}/authorizationPolicies/*`. */ async projectsLocationsAuthorizationPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single AuthorizationPolicy. * * @param name Required. A name of the AuthorizationPolicy to get. Must be in the format `projects/{project}/locations/{location}/authorizationPolicies/*`. */ async projectsLocationsAuthorizationPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as AuthorizationPolicy; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthorizationPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsAuthorizationPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists AuthorizationPolicies in a given project and location. * * @param parent Required. The project and location from which the AuthorizationPolicies should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsAuthorizationPoliciesList(parent: string, opts: ProjectsLocationsAuthorizationPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/authorizationPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListAuthorizationPoliciesResponse; } /** * Updates the parameters of a single AuthorizationPolicy. * * @param name Required. Name of the AuthorizationPolicy resource. It matches pattern `projects/{project}/locations/{location}/authorizationPolicies/`. */ async projectsLocationsAuthorizationPoliciesPatch(name: string, req: AuthorizationPolicy, opts: ProjectsLocationsAuthorizationPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsAuthorizationPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthorizationPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsAuthorizationPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new ClientTlsPolicy in a given project and location. * * @param parent Required. The parent resource of the ClientTlsPolicy. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsClientTlsPoliciesCreate(parent: string, req: ClientTlsPolicy, opts: ProjectsLocationsClientTlsPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/clientTlsPolicies`); if (opts.clientTlsPolicyId !== undefined) { url.searchParams.append("clientTlsPolicyId", String(opts.clientTlsPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single ClientTlsPolicy. * * @param name Required. A name of the ClientTlsPolicy to delete. Must be in the format `projects/*/locations/{location}/clientTlsPolicies/*`. */ async projectsLocationsClientTlsPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single ClientTlsPolicy. * * @param name Required. A name of the ClientTlsPolicy to get. Must be in the format `projects/*/locations/{location}/clientTlsPolicies/*`. */ async projectsLocationsClientTlsPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ClientTlsPolicy; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsClientTlsPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsClientTlsPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists ClientTlsPolicies in a given project and location. * * @param parent Required. The project and location from which the ClientTlsPolicies should be listed, specified in the format `projects/*/locations/{location}`. */ async projectsLocationsClientTlsPoliciesList(parent: string, opts: ProjectsLocationsClientTlsPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/clientTlsPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListClientTlsPoliciesResponse; } /** * Updates the parameters of a single ClientTlsPolicy. * * @param name Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}` */ async projectsLocationsClientTlsPoliciesPatch(name: string, req: ClientTlsPolicy, opts: ProjectsLocationsClientTlsPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsClientTlsPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsClientTlsPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsClientTlsPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new GatewaySecurityPolicy in a given project and location. * * @param parent Required. The parent resource of the GatewaySecurityPolicy. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsGatewaySecurityPoliciesCreate(parent: string, req: GatewaySecurityPolicy, opts: ProjectsLocationsGatewaySecurityPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/gatewaySecurityPolicies`); if (opts.gatewaySecurityPolicyId !== undefined) { url.searchParams.append("gatewaySecurityPolicyId", String(opts.gatewaySecurityPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single GatewaySecurityPolicy. * * @param name Required. A name of the GatewaySecurityPolicy to delete. Must be in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/*`. */ async projectsLocationsGatewaySecurityPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single GatewaySecurityPolicy. * * @param name Required. A name of the GatewaySecurityPolicy to get. Must be in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/*`. */ async projectsLocationsGatewaySecurityPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as GatewaySecurityPolicy; } /** * Lists GatewaySecurityPolicies in a given project and location. * * @param parent Required. The project and location from which the GatewaySecurityPolicies should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsGatewaySecurityPoliciesList(parent: string, opts: ProjectsLocationsGatewaySecurityPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/gatewaySecurityPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListGatewaySecurityPoliciesResponse; } /** * Updates the parameters of a single GatewaySecurityPolicy. * * @param name Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy} gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsGatewaySecurityPoliciesPatch(name: string, req: GatewaySecurityPolicy, opts: ProjectsLocationsGatewaySecurityPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsGatewaySecurityPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new GatewaySecurityPolicy in a given project and location. * * @param parent Required. The parent where this rule will be created. Format : projects/{project}/location/{location}/gatewaySecurityPolicies/* */ async projectsLocationsGatewaySecurityPoliciesRulesCreate(parent: string, req: GatewaySecurityPolicyRule, opts: ProjectsLocationsGatewaySecurityPoliciesRulesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/rules`); if (opts.gatewaySecurityPolicyRuleId !== undefined) { url.searchParams.append("gatewaySecurityPolicyRuleId", String(opts.gatewaySecurityPolicyRuleId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single GatewaySecurityPolicyRule. * * @param name Required. A name of the GatewaySecurityPolicyRule to delete. Must be in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}/rules/*`. */ async projectsLocationsGatewaySecurityPoliciesRulesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single GatewaySecurityPolicyRule. * * @param name Required. The name of the GatewaySecurityPolicyRule to retrieve. Format: projects/{project}/location/{location}/gatewaySecurityPolicies/*/rules/* */ async projectsLocationsGatewaySecurityPoliciesRulesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as GatewaySecurityPolicyRule; } /** * Lists GatewaySecurityPolicyRules in a given project and location. * * @param parent Required. The project, location and GatewaySecurityPolicy from which the GatewaySecurityPolicyRules should be listed, specified in the format `projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}`. */ async projectsLocationsGatewaySecurityPoliciesRulesList(parent: string, opts: ProjectsLocationsGatewaySecurityPoliciesRulesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/rules`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListGatewaySecurityPolicyRulesResponse; } /** * Updates the parameters of a single GatewaySecurityPolicyRule. * * @param name Required. Immutable. Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} rule should match the pattern: (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsGatewaySecurityPoliciesRulesPatch(name: string, req: GatewaySecurityPolicyRule, opts: ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions = {}): Promise { opts = serializeProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Gets information about a location. * * @param name Resource name for the location. */ async projectsLocationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Location; } /** * Lists information about the supported locations for this service. * * @param name The resource that owns the locations collection, if applicable. */ async projectsLocationsList(name: string, opts: ProjectsLocationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/locations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListLocationsResponse; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async projectsLocationsOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Empty; } /** * Deletes a long-running operation. This method indicates that the client is * no longer interested in the operation result. It does not cancel the * operation. If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. * * @param name The name of the operation resource to be deleted. */ async projectsLocationsOperationsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Empty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async projectsLocationsOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async projectsLocationsOperationsList(name: string, opts: ProjectsLocationsOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } /** * Creates a new ServerTlsPolicy in a given project and location. * * @param parent Required. The parent resource of the ServerTlsPolicy. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsServerTlsPoliciesCreate(parent: string, req: ServerTlsPolicy, opts: ProjectsLocationsServerTlsPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/serverTlsPolicies`); if (opts.serverTlsPolicyId !== undefined) { url.searchParams.append("serverTlsPolicyId", String(opts.serverTlsPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single ServerTlsPolicy. * * @param name Required. A name of the ServerTlsPolicy to delete. Must be in the format `projects/*/locations/{location}/serverTlsPolicies/*`. */ async projectsLocationsServerTlsPoliciesDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single ServerTlsPolicy. * * @param name Required. A name of the ServerTlsPolicy to get. Must be in the format `projects/*/locations/{location}/serverTlsPolicies/*`. */ async projectsLocationsServerTlsPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ServerTlsPolicy; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsServerTlsPoliciesGetIamPolicy(resource: string, opts: ProjectsLocationsServerTlsPoliciesGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeGoogleIamV1Policy(data); } /** * Lists ServerTlsPolicies in a given project and location. * * @param parent Required. The project and location from which the ServerTlsPolicies should be listed, specified in the format `projects/*/locations/{location}`. */ async projectsLocationsServerTlsPoliciesList(parent: string, opts: ProjectsLocationsServerTlsPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/serverTlsPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListServerTlsPoliciesResponse; } /** * Updates the parameters of a single ServerTlsPolicy. * * @param name Required. Name of the ServerTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}` */ async projectsLocationsServerTlsPoliciesPatch(name: string, req: ServerTlsPolicy, opts: ProjectsLocationsServerTlsPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsServerTlsPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsServerTlsPoliciesSetIamPolicy(resource: string, req: GoogleIamV1SetIamPolicyRequest): Promise { req = serializeGoogleIamV1SetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGoogleIamV1Policy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsServerTlsPoliciesTestIamPermissions(resource: string, req: GoogleIamV1TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleIamV1TestIamPermissionsResponse; } /** * Creates a new TlsInspectionPolicy in a given project and location. * * @param parent Required. The parent resource of the TlsInspectionPolicy. Must be in the format `projects/{project}/locations/{location}`. */ async projectsLocationsTlsInspectionPoliciesCreate(parent: string, req: TlsInspectionPolicy, opts: ProjectsLocationsTlsInspectionPoliciesCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/tlsInspectionPolicies`); if (opts.tlsInspectionPolicyId !== undefined) { url.searchParams.append("tlsInspectionPolicyId", String(opts.tlsInspectionPolicyId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single TlsInspectionPolicy. * * @param name Required. A name of the TlsInspectionPolicy to delete. Must be in the format `projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy}`. */ async projectsLocationsTlsInspectionPoliciesDelete(name: string, opts: ProjectsLocationsTlsInspectionPoliciesDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.force !== undefined) { url.searchParams.append("force", String(opts.force)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single TlsInspectionPolicy. * * @param name Required. A name of the TlsInspectionPolicy to get. Must be in the format `projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy}`. */ async projectsLocationsTlsInspectionPoliciesGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as TlsInspectionPolicy; } /** * Lists TlsInspectionPolicies in a given project and location. * * @param parent Required. The project and location from which the TlsInspectionPolicies should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsTlsInspectionPoliciesList(parent: string, opts: ProjectsLocationsTlsInspectionPoliciesListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/tlsInspectionPolicies`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListTlsInspectionPoliciesResponse; } /** * Updates the parameters of a single TlsInspectionPolicy. * * @param name Required. Name of the resource. Name is of the form projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} tls_inspection_policy should match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsTlsInspectionPoliciesPatch(name: string, req: TlsInspectionPolicy, opts: ProjectsLocationsTlsInspectionPoliciesPatchOptions = {}): Promise { opts = serializeProjectsLocationsTlsInspectionPoliciesPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new UrlList in a given project and location. * * @param parent Required. The parent resource of the UrlList. Must be in the format `projects/*/locations/{location}`. */ async projectsLocationsUrlListsCreate(parent: string, req: UrlList, opts: ProjectsLocationsUrlListsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/urlLists`); if (opts.urlListId !== undefined) { url.searchParams.append("urlListId", String(opts.urlListId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes a single UrlList. * * @param name Required. A name of the UrlList to delete. Must be in the format `projects/*/locations/{location}/urlLists/*`. */ async projectsLocationsUrlListsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Gets details of a single UrlList. * * @param name Required. A name of the UrlList to get. Must be in the format `projects/*/locations/{location}/urlLists/*`. */ async projectsLocationsUrlListsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as UrlList; } /** * Lists UrlLists in a given project and location. * * @param parent Required. The project and location from which the UrlLists should be listed, specified in the format `projects/{project}/locations/{location}`. */ async projectsLocationsUrlListsList(parent: string, opts: ProjectsLocationsUrlListsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/urlLists`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListUrlListsResponse; } /** * Updates the parameters of a single UrlList. * * @param name Required. Name of the resource provided by the user. Name is of the form projects/{project}/locations/{location}/urlLists/{url_list} url_list should match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ async projectsLocationsUrlListsPatch(name: string, req: UrlList, opts: ProjectsLocationsUrlListsPatchOptions = {}): Promise { opts = serializeProjectsLocationsUrlListsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } } /** * Request used by the AddAddressGroupItems method. */ export interface AddAddressGroupItemsRequest { /** * Required. List of items to add. */ items?: string[]; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * AddressGroup is a resource that specifies how a collection of IP/DNS used in * Firewall Policy. */ export interface AddressGroup { /** * Required. Capacity of the Address Group */ capacity?: number; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. List of items. */ items?: string[]; /** * Optional. Set of label tags associated with the AddressGroup resource. */ labels?: { [key: string]: string }; /** * Required. Name of the AddressGroup resource. It matches pattern * `projects/*\/locations/{location}/addressGroups/`. */ name?: string; /** * Output only. Server-defined fully-qualified URL for this resource. */ readonly selfLink?: string; /** * Required. The type of the Address Group. Possible values are "IPv4" or * "IPV6". */ type?: | "TYPE_UNSPECIFIED" | "IPV4" | "IPV6"; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * AuthorizationPolicy is a resource that specifies how a server should * authorize incoming connections. This resource in itself does not change the * configuration unless it's attached to a target https proxy or endpoint config * selector resource. */ export interface AuthorizationPolicy { /** * Required. The action to take when a rule match is found. Possible values * are "ALLOW" or "DENY". */ action?: | "ACTION_UNSPECIFIED" | "ALLOW" | "DENY"; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. Set of label tags associated with the AuthorizationPolicy * resource. */ labels?: { [key: string]: string }; /** * Required. Name of the AuthorizationPolicy resource. It matches pattern * `projects/{project}/locations/{location}/authorizationPolicies/`. */ name?: string; /** * Optional. List of rules to match. Note that at least one of the rules must * match in order for the action specified in the 'action' field to be taken. * A rule is a match if there is a matching source and destination. If left * blank, the action specified in the `action` field will be applied on every * request. */ rules?: Rule[]; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * The request message for Operations.CancelOperation. */ export interface CancelOperationRequest { } /** * Specification of a TLS certificate provider instance. Workloads may have one * or more CertificateProvider instances (plugins) and one of them is enabled * and configured by specifying this message. Workloads use the values from this * message to locate and load the CertificateProvider instance configuration. */ export interface CertificateProviderInstance { /** * Required. Plugin instance name, used to locate and load * CertificateProvider instance configuration. Set to * "google_cloud_private_spiffe" to use Certificate Authority Service * certificate provider instance. */ pluginInstance?: string; } /** * ClientTlsPolicy is a resource that specifies how a client should * authenticate connections to backends of a service. This resource itself does * not affect configuration unless it is attached to a backend service resource. */ export interface ClientTlsPolicy { /** * Optional. Defines a mechanism to provision client identity (public and * private keys) for peer to peer authentication. The presence of this * dictates mTLS. */ clientCertificate?: GoogleCloudNetworksecurityV1CertificateProvider; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Optional. Set of label tags associated with the resource. */ labels?: { [key: string]: string }; /** * Required. Name of the ClientTlsPolicy resource. It matches the pattern * `projects/*\/locations/{location}/clientTlsPolicies/{client_tls_policy}` */ name?: string; /** * Optional. Defines the mechanism to obtain the Certificate Authority * certificate to validate the server certificate. If empty, client does not * validate the server certificate. */ serverValidationCa?: ValidationCA[]; /** * Optional. Server Name Indication string to present to the server during * TLS handshake. E.g: "secure.example.com". */ sni?: string; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * Request used by the CloneAddressGroupItems method. */ export interface CloneAddressGroupItemsRequest { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Required. Source address group to clone items from. */ sourceAddressGroup?: string; } /** * Specification of traffic destination attributes. */ export interface Destination { /** * Required. List of host names to match. Matched against the ":authority" * header in http requests. At least one host should match. Each host can be * an exact match, or a prefix match (example "mydomain.*") or a suffix match * (example "*.myorg.com") or a presence (any) match "*". */ hosts?: string[]; /** * Optional. Match against key:value pair in http header. Provides a flexible * match based on HTTP headers, for potentially advanced use cases. At least * one header should match. Avoid using header matches to make authorization * decisions unless there is a strong guarantee that requests arrive through a * trusted client or proxy. */ httpHeaderMatch?: HttpHeaderMatch; /** * Optional. A list of HTTP methods to match. At least one method should * match. Should not be set for gRPC services. */ methods?: string[]; /** * Required. List of destination ports to match. At least one port should * match. */ ports?: number[]; } /** * A generic empty message that you can re-use to avoid defining duplicated * empty messages in your APIs. A typical example is to use it as the request or * the response type of an API method. For instance: service Foo { rpc * Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } */ export interface Empty { } /** * Represents a textual expression in the Common Expression Language (CEL) * syntax. CEL is a C-like expression language. The syntax and semantics of CEL * are documented at https://github.com/google/cel-spec. Example (Comparison): * title: "Summary size limit" description: "Determines if a summary is less * than 100 chars" expression: "document.summary.size() < 100" Example * (Equality): title: "Requestor is owner" description: "Determines if requestor * is the document owner" expression: "document.owner == * request.auth.claims.email" Example (Logic): title: "Public documents" * description: "Determine whether the document should be publicly visible" * expression: "document.type != 'private' && document.type != 'internal'" * Example (Data Manipulation): title: "Notification string" description: * "Create a notification string with a timestamp." expression: "'New message * received at ' + string(document.create_time)" The exact variables and * functions that may be referenced within an expression are determined by the * service that evaluates it. See the service documentation for additional * information. */ export interface Expr { /** * Optional. Description of the expression. This is a longer text which * describes the expression, e.g. when hovered over it in a UI. */ description?: string; /** * Textual representation of an expression in Common Expression Language * syntax. */ expression?: string; /** * Optional. String indicating the location of the expression for error * reporting, e.g. a file name and a position in the file. */ location?: string; /** * Optional. Title for the expression, i.e. a short string describing its * purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string; } /** * The GatewaySecurityPolicy resource contains a collection of * GatewaySecurityPolicyRules and associated metadata. */ export interface GatewaySecurityPolicy { /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Name of the resource. Name is of the form * projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy} * gateway_security_policy should match the * pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Optional. Name of a TLS Inspection Policy resource that defines how TLS * inspection will be performed for any rule(s) which enables it. */ tlsInspectionPolicy?: string; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * The GatewaySecurityPolicyRule resource is in a nested collection within a * GatewaySecurityPolicy and represents a traffic matching condition and * associated action to perform. */ export interface GatewaySecurityPolicyRule { /** * Optional. CEL expression for matching on L7/application level criteria. */ applicationMatcher?: string; /** * Required. Profile which tells what the primitive action should be. */ basicProfile?: | "BASIC_PROFILE_UNSPECIFIED" | "ALLOW" | "DENY"; /** * Output only. Time when the rule was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Whether the rule is enforced. */ enabled?: boolean; /** * Required. Immutable. Name of the resource. ame is the full resource name * so * projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule} * rule should match the pattern: (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Required. Priority of the rule. Lower number corresponds to higher * precedence. */ priority?: number; /** * Required. CEL expression for matching on session criteria. */ sessionMatcher?: string; /** * Optional. Flag to enable TLS inspection of traffic matching on , can only * be true if the parent GatewaySecurityPolicy references a * TLSInspectionConfig. */ tlsInspectionEnabled?: boolean; /** * Output only. Time when the rule was updated. */ readonly updateTime?: Date; } /** * Specification of certificate provider. Defines the mechanism to obtain the * certificate and private key for peer to peer authentication. */ export interface GoogleCloudNetworksecurityV1CertificateProvider { /** * The certificate provider instance specification that will be passed to the * data plane, which will be used to load necessary credential information. */ certificateProviderInstance?: CertificateProviderInstance; /** * gRPC specific configuration to access the gRPC server to obtain the cert * and private key. */ grpcEndpoint?: GoogleCloudNetworksecurityV1GrpcEndpoint; } /** * Specification of the GRPC Endpoint. */ export interface GoogleCloudNetworksecurityV1GrpcEndpoint { /** * Required. The target URI of the gRPC endpoint. Only UDS path is supported, * and should start with "unix:". */ targetUri?: string; } /** * Specifies the audit configuration for a service. The configuration * determines which permission types are logged, and what identities, if any, * are exempted from logging. An AuditConfig must have one or more * AuditLogConfigs. If there are AuditConfigs for both `allServices` and a * specific service, the union of the two AuditConfigs is used for that service: * the log_types specified in each AuditConfig are enabled, and the * exempted_members in each AuditLogConfig are exempted. Example Policy with * multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": * "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", * "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": * "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For * sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ * logging. It also exempts `jose@example.com` from DATA_READ logging, and * `aliya@example.com` from DATA_WRITE logging. */ export interface GoogleIamV1AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: GoogleIamV1AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a * special value that covers all services. */ service?: string; } /** * Provides the configuration for logging a type of permissions. Example: { * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables * 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from * DATA_READ logging. */ export interface GoogleIamV1AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of * permission. Follows the same format of Binding.members. */ exemptedMembers?: string[]; /** * The log type that this config enables. */ logType?: | "LOG_TYPE_UNSPECIFIED" | "ADMIN_READ" | "DATA_WRITE" | "DATA_READ"; } /** * Associates `members`, or principals, with a `role`. */ export interface GoogleIamV1Binding { /** * The condition that is associated with this binding. If the condition * evaluates to `true`, then this binding applies to the current request. If * the condition evaluates to `false`, then this binding does not apply to the * current request. However, a different role binding might grant the same * role to one or more of the principals in this binding. To learn which * resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Expr; /** * Specifies the principals requesting access for a Google Cloud resource. * `members` can have the following values: * `allUsers`: A special identifier * that represents anyone who is on the internet; with or without a Google * account. * `allAuthenticatedUsers`: A special identifier that represents * anyone who is authenticated with a Google account or a service account. * Does not include identities that come from external identity providers * (IdPs) through identity federation. * `user:{emailid}`: An email address * that represents a specific Google account. For example, `alice@example.com` * . * `serviceAccount:{emailid}`: An email address that represents a Google * service account. For example, `my-other-app@appspot.gserviceaccount.com`. * * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An * identifier for a [Kubernetes service * account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). * For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * * `group:{emailid}`: An email address that represents a Google group. For * example, `admins@example.com`. * `domain:{domain}`: The G Suite domain * (primary) that represents all the users of that domain. For example, * `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: * An email address (plus unique identifier) representing a user that has been * recently deleted. For example, * `alice@example.com?uid=123456789012345678901`. If the user is recovered, * this value reverts to `user:{emailid}` and the recovered user retains the * role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: * An email address (plus unique identifier) representing a service account * that has been recently deleted. For example, * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If * the service account is undeleted, this value reverts to * `serviceAccount:{emailid}` and the undeleted service account retains the * role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email * address (plus unique identifier) representing a Google group that has been * recently deleted. For example, * `admins@example.com?uid=123456789012345678901`. If the group is recovered, * this value reverts to `group:{emailid}` and the recovered group retains the * role in the binding. */ members?: string[]; /** * Role that is assigned to the list of `members`, or principals. For * example, `roles/viewer`, `roles/editor`, or `roles/owner`. */ role?: string; } /** * An Identity and Access Management (IAM) policy, which specifies access * controls for Google Cloud resources. A `Policy` is a collection of * `bindings`. A `binding` binds one or more `members`, or principals, to a * single `role`. Principals can be user accounts, service accounts, Google * groups, and domains (such as G Suite). A `role` is a named list of * permissions; each `role` can be an IAM predefined role or a user-created * custom role. For some types of Google Cloud resources, a `binding` can also * specify a `condition`, which is a logical expression that allows access to a * resource only if the expression evaluates to `true`. A condition can add * constraints based on attributes of the request, the resource, or both. To * learn which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). * **JSON example:** { "bindings": [ { "role": * "roles/resourcemanager.organizationAdmin", "members": [ * "user:mike@example.com", "group:admins@example.com", "domain:google.com", * "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": * "roles/resourcemanager.organizationViewer", "members": [ * "user:eve@example.com" ], "condition": { "title": "expirable access", * "description": "Does not grant access after Sep 2020", "expression": * "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": * "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - * user:mike@example.com - group:admins@example.com - domain:google.com - * serviceAccount:my-project-id@appspot.gserviceaccount.com role: * roles/resourcemanager.organizationAdmin - members: - user:eve@example.com * role: roles/resourcemanager.organizationViewer condition: title: expirable * access description: Does not grant access after Sep 2020 expression: * request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= * version: 3 For a description of IAM and its features, see the [IAM * documentation](https://cloud.google.com/iam/docs/). */ export interface GoogleIamV1Policy { /** * Specifies cloud audit logging configuration for this policy. */ auditConfigs?: GoogleIamV1AuditConfig[]; /** * Associates a list of `members`, or principals, with a `role`. Optionally, * may specify a `condition` that determines how and when the `bindings` are * applied. Each of the `bindings` must contain at least one principal. The * `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of * these principals can be Google groups. Each occurrence of a principal * counts towards these limits. For example, if the `bindings` grant 50 * different roles to `user:alice@example.com`, and not to any other * principal, then you can add another 1,450 principals to the `bindings` in * the `Policy`. */ bindings?: GoogleIamV1Binding[]; /** * `etag` is used for optimistic concurrency control as a way to help prevent * simultaneous updates of a policy from overwriting each other. It is * strongly suggested that systems make use of the `etag` in the * read-modify-write cycle to perform policy updates in order to avoid race * conditions: An `etag` is returned in the response to `getIamPolicy`, and * systems are expected to put that etag in the request to `setIamPolicy` to * ensure that their change will be applied to the same version of the policy. * **Important:** If you use IAM Conditions, you must include the `etag` field * whenever you call `setIamPolicy`. If you omit this field, then IAM allows * you to overwrite a version `3` policy with a version `1` policy, and all of * the conditions in the version `3` policy are lost. */ etag?: Uint8Array; /** * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. * Requests that specify an invalid value are rejected. Any operation that * affects conditional role bindings must specify version `3`. This * requirement applies to the following operations: * Getting a policy that * includes a conditional role binding * Adding a conditional role binding to * a policy * Changing a conditional role binding in a policy * Removing any * role binding, with or without a condition, from a policy that includes * conditions **Important:** If you use IAM Conditions, you must include the * `etag` field whenever you call `setIamPolicy`. If you omit this field, then * IAM allows you to overwrite a version `3` policy with a version `1` policy, * and all of the conditions in the version `3` policy are lost. If a policy * does not include any conditions, operations on that policy may specify any * valid version or leave the field unset. To learn which resources support * conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ version?: number; } function serializeGoogleIamV1Policy(data: any): GoogleIamV1Policy { return { ...data, etag: data["etag"] !== undefined ? encodeBase64(data["etag"]) : undefined, }; } function deserializeGoogleIamV1Policy(data: any): GoogleIamV1Policy { return { ...data, etag: data["etag"] !== undefined ? decodeBase64(data["etag"] as string) : undefined, }; } /** * Request message for `SetIamPolicy` method. */ export interface GoogleIamV1SetIamPolicyRequest { /** * REQUIRED: The complete policy to be applied to the `resource`. The size of * the policy is limited to a few 10s of KB. An empty policy is a valid policy * but certain Google Cloud services (such as Projects) might reject them. */ policy?: GoogleIamV1Policy; /** * OPTIONAL: A FieldMask specifying which fields of the policy to modify. * Only the fields in the mask will be modified. If no mask is provided, the * following default mask is used: `paths: "bindings, etag"` */ updateMask?: string /* FieldMask */; } function serializeGoogleIamV1SetIamPolicyRequest(data: any): GoogleIamV1SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? serializeGoogleIamV1Policy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeGoogleIamV1SetIamPolicyRequest(data: any): GoogleIamV1SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? deserializeGoogleIamV1Policy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Request message for `TestIamPermissions` method. */ export interface GoogleIamV1TestIamPermissionsRequest { /** * The set of permissions to check for the `resource`. Permissions with * wildcards (such as `*` or `storage.*`) are not allowed. For more * information see [IAM * Overview](https://cloud.google.com/iam/docs/overview#permissions). */ permissions?: string[]; } /** * Response message for `TestIamPermissions` method. */ export interface GoogleIamV1TestIamPermissionsResponse { /** * A subset of `TestPermissionsRequest.permissions` that the caller is * allowed. */ permissions?: string[]; } /** * Specification of HTTP header match attributes. */ export interface HttpHeaderMatch { /** * Required. The name of the HTTP header to match. For matching against the * HTTP request's authority, use a headerMatch with the header name * ":authority". For matching a request's method, use the headerName * ":method". */ headerName?: string; /** * Required. The value of the header must match the regular expression * specified in regexMatch. For regular expression grammar, please see: * en.cppreference.com/w/cpp/regex/ecmascript For matching against a port * specified in the HTTP request, use a headerMatch with headerName set to * Host and a regular expression that satisfies the RFC2616 Host header's port * specifier. */ regexMatch?: string; } /** * Response of the ListAddressGroupReferences method. */ export interface ListAddressGroupReferencesResponse { /** * A list of references that matches the specified filter in the request. */ addressGroupReferences?: ListAddressGroupReferencesResponseAddressGroupReference[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * The Reference of AddressGroup. */ export interface ListAddressGroupReferencesResponseAddressGroupReference { /** * FirewallPolicy that is using the Address Group. */ firewallPolicy?: string; /** * Rule priority of the FirewallPolicy that is using the Address Group. */ rulePriority?: number; } /** * Response returned by the ListAddressGroups method. */ export interface ListAddressGroupsResponse { /** * List of AddressGroups resources. */ addressGroups?: AddressGroup[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * Response returned by the ListAuthorizationPolicies method. */ export interface ListAuthorizationPoliciesResponse { /** * List of AuthorizationPolicies resources. */ authorizationPolicies?: AuthorizationPolicy[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * Response returned by the ListClientTlsPolicies method. */ export interface ListClientTlsPoliciesResponse { /** * List of ClientTlsPolicy resources. */ clientTlsPolicies?: ClientTlsPolicy[]; /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; } /** * Response returned by the ListGatewaySecurityPolicies method. */ export interface ListGatewaySecurityPoliciesResponse { /** * List of GatewaySecurityPolicies resources. */ gatewaySecurityPolicies?: GatewaySecurityPolicy[]; /** * If there might be more results than those appearing in this response, then * 'next_page_token' is included. To get the next set of results, call this * method again using the value of 'next_page_token' as 'page_token'. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * Response returned by the ListGatewaySecurityPolicyRules method. */ export interface ListGatewaySecurityPolicyRulesResponse { /** * List of GatewaySecurityPolicyRule resources. */ gatewaySecurityPolicyRules?: GatewaySecurityPolicyRule[]; /** * If there might be more results than those appearing in this response, then * 'next_page_token' is included. To get the next set of results, call this * method again using the value of 'next_page_token' as 'page_token'. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * The response message for Locations.ListLocations. */ export interface ListLocationsResponse { /** * A list of locations that matches the specified filter in the request. */ locations?: Location[]; /** * The standard List next-page token. */ nextPageToken?: string; } /** * The response message for Operations.ListOperations. */ export interface ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string; /** * A list of operations that matches the specified filter in the request. */ operations?: Operation[]; } /** * Response returned by the ListServerTlsPolicies method. */ export interface ListServerTlsPoliciesResponse { /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; /** * List of ServerTlsPolicy resources. */ serverTlsPolicies?: ServerTlsPolicy[]; } /** * Response returned by the ListTlsInspectionPolicies method. */ export interface ListTlsInspectionPoliciesResponse { /** * If there might be more results than those appearing in this response, then * 'next_page_token' is included. To get the next set of results, call this * method again using the value of 'next_page_token' as 'page_token'. */ nextPageToken?: string; /** * List of TlsInspectionPolicies resources. */ tlsInspectionPolicies?: TlsInspectionPolicy[]; /** * Locations that could not be reached. */ unreachable?: string[]; } /** * Response returned by the ListUrlLists method. */ export interface ListUrlListsResponse { /** * If there might be more results than those appearing in this response, then * `next_page_token` is included. To get the next set of results, call this * method again using the value of `next_page_token` as `page_token`. */ nextPageToken?: string; /** * Locations that could not be reached. */ unreachable?: string[]; /** * List of UrlList resources. */ urlLists?: UrlList[]; } /** * A resource that represents a Google Cloud location. */ export interface Location { /** * The friendly name for this location, typically a nearby city name. For * example, "Tokyo". */ displayName?: string; /** * Cross-service attributes for the location. For example * {"cloud.googleapis.com/region": "us-east1"} */ labels?: { [key: string]: string }; /** * The canonical id for this location. For example: `"us-east1"`. */ locationId?: string; /** * Service-specific metadata. For example the available capacity at the given * location. */ metadata?: { [key: string]: any }; /** * Resource name for the location, which may vary between implementations. * For example: `"projects/example-project/locations/us-east1"` */ name?: string; } /** * Specification of the MTLSPolicy. */ export interface MTLSPolicy { /** * Required if the policy is to be used with Traffic Director. For external * HTTPS load balancers it must be empty. Defines the mechanism to obtain the * Certificate Authority certificate to validate the client certificate. */ clientValidationCa?: ValidationCA[]; /** * When the client presents an invalid certificate or no certificate to the * load balancer, the `client_validation_mode` specifies how the client * connection is handled. Required if the policy is to be used with the * external HTTPS load balancing. For Traffic Director it must be empty. */ clientValidationMode?: | "CLIENT_VALIDATION_MODE_UNSPECIFIED" | "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" | "REJECT_INVALID"; /** * Reference to the TrustConfig from certificatemanager.googleapis.com * namespace. If specified, the chain validation will be performed against * certificates configured in the given TrustConfig. Allowed only if the * policy is to be used with external HTTPS load balancers. */ clientValidationTrustConfig?: string; } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Status; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal response of the operation in case of success. If the original * method returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Represents the metadata of the long-running operation. */ export interface OperationMetadata { /** * Output only. API version used to start the operation. */ readonly apiVersion?: string; /** * Output only. The time the operation was created. */ readonly createTime?: Date; /** * Output only. The time the operation finished running. */ readonly endTime?: Date; /** * Output only. Identifies whether the user has requested cancellation of the * operation. Operations that have successfully been cancelled have * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. */ readonly requestedCancellation?: boolean; /** * Output only. Human-readable status of the operation, if any. */ readonly statusMessage?: string; /** * Output only. Server-defined resource path for the target of the operation. */ readonly target?: string; /** * Output only. Name of the verb executed by the operation. */ readonly verb?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsCreate. */ export interface OrganizationsLocationsAddressGroupsCreateOptions { /** * Required. Short name of the AddressGroup resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "authz_policy". */ addressGroupId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsDelete. */ export interface OrganizationsLocationsAddressGroupsDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsList. */ export interface OrganizationsLocationsAddressGroupsListOptions { /** * Maximum number of AddressGroups to return per call. */ pageSize?: number; /** * The value returned by the last `ListAddressGroupsResponse` Indicates that * this is a continuation of a prior `ListAddressGroups` call, and that the * system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsListReferences. */ export interface OrganizationsLocationsAddressGroupsListReferencesOptions { /** * The maximum number of references to return. If unspecified, server will * pick an appropriate default. Server may return fewer items than requested. * A caller should only rely on response's next_page_token to determine if * there are more AddressGroupUsers left to be queried. */ pageSize?: number; /** * The next_page_token value returned from a previous List request, if any. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#organizationsLocationsAddressGroupsPatch. */ export interface OrganizationsLocationsAddressGroupsPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Optional. Field mask is used to specify the fields to be overwritten in * the AddressGroup resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeOrganizationsLocationsAddressGroupsPatchOptions(data: any): OrganizationsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeOrganizationsLocationsAddressGroupsPatchOptions(data: any): OrganizationsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#organizationsLocationsOperationsList. */ export interface OrganizationsLocationsOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsCreate. */ export interface ProjectsLocationsAddressGroupsCreateOptions { /** * Required. Short name of the AddressGroup resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "authz_policy". */ addressGroupId?: string; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsDelete. */ export interface ProjectsLocationsAddressGroupsDeleteOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAddressGroupsGetIamPolicy. */ export interface ProjectsLocationsAddressGroupsGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsList. */ export interface ProjectsLocationsAddressGroupsListOptions { /** * Maximum number of AddressGroups to return per call. */ pageSize?: number; /** * The value returned by the last `ListAddressGroupsResponse` Indicates that * this is a continuation of a prior `ListAddressGroups` call, and that the * system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAddressGroupsListReferences. */ export interface ProjectsLocationsAddressGroupsListReferencesOptions { /** * The maximum number of references to return. If unspecified, server will * pick an appropriate default. Server may return fewer items than requested. * A caller should only rely on response's next_page_token to determine if * there are more AddressGroupUsers left to be queried. */ pageSize?: number; /** * The next_page_token value returned from a previous List request, if any. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsAddressGroupsPatch. */ export interface ProjectsLocationsAddressGroupsPatchOptions { /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; /** * Optional. Field mask is used to specify the fields to be overwritten in * the AddressGroup resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsAddressGroupsPatchOptions(data: any): ProjectsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsAddressGroupsPatchOptions(data: any): ProjectsLocationsAddressGroupsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesCreate. */ export interface ProjectsLocationsAuthorizationPoliciesCreateOptions { /** * Required. Short name of the AuthorizationPolicy resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "authz_policy". */ authorizationPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesGetIamPolicy. */ export interface ProjectsLocationsAuthorizationPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesList. */ export interface ProjectsLocationsAuthorizationPoliciesListOptions { /** * Maximum number of AuthorizationPolicies to return per call. */ pageSize?: number; /** * The value returned by the last `ListAuthorizationPoliciesResponse` * Indicates that this is a continuation of a prior * `ListAuthorizationPolicies` call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsAuthorizationPoliciesPatch. */ export interface ProjectsLocationsAuthorizationPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the AuthorizationPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsAuthorizationPoliciesPatchOptions(data: any): ProjectsLocationsAuthorizationPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsAuthorizationPoliciesPatchOptions(data: any): ProjectsLocationsAuthorizationPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesCreate. */ export interface ProjectsLocationsClientTlsPoliciesCreateOptions { /** * Required. Short name of the ClientTlsPolicy resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "client_mtls_policy". */ clientTlsPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesGetIamPolicy. */ export interface ProjectsLocationsClientTlsPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesList. */ export interface ProjectsLocationsClientTlsPoliciesListOptions { /** * Maximum number of ClientTlsPolicies to return per call. */ pageSize?: number; /** * The value returned by the last `ListClientTlsPoliciesResponse` Indicates * that this is a continuation of a prior `ListClientTlsPolicies` call, and * that the system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsClientTlsPoliciesPatch. */ export interface ProjectsLocationsClientTlsPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the ClientTlsPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsClientTlsPoliciesPatchOptions(data: any): ProjectsLocationsClientTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsClientTlsPoliciesPatchOptions(data: any): ProjectsLocationsClientTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesCreate. */ export interface ProjectsLocationsGatewaySecurityPoliciesCreateOptions { /** * Required. Short name of the GatewaySecurityPolicy resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "gateway_security_policy1". */ gatewaySecurityPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesList. */ export interface ProjectsLocationsGatewaySecurityPoliciesListOptions { /** * Maximum number of GatewaySecurityPolicies to return per call. */ pageSize?: number; /** * The value returned by the last 'ListGatewaySecurityPoliciesResponse' * Indicates that this is a continuation of a prior * 'ListGatewaySecurityPolicies' call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesPatch. */ export interface ProjectsLocationsGatewaySecurityPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the GatewaySecurityPolicy resource by the update. The fields specified in * the update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsGatewaySecurityPoliciesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsGatewaySecurityPoliciesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesRulesCreate. */ export interface ProjectsLocationsGatewaySecurityPoliciesRulesCreateOptions { /** * The ID to use for the rule, which will become the final component of the * rule's resource name. This value should be 4-63 characters, and valid * characters are /a-z-/. */ gatewaySecurityPolicyRuleId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesRulesList. */ export interface ProjectsLocationsGatewaySecurityPoliciesRulesListOptions { /** * Maximum number of GatewaySecurityPolicyRules to return per call. */ pageSize?: number; /** * The value returned by the last 'ListGatewaySecurityPolicyRulesResponse' * Indicates that this is a continuation of a prior * 'ListGatewaySecurityPolicyRules' call, and that the system should return * the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsGatewaySecurityPoliciesRulesPatch. */ export interface ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the GatewaySecurityPolicy resource by the update. The fields specified in * the update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions(data: any): ProjectsLocationsGatewaySecurityPoliciesRulesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#projectsLocationsList. */ export interface ProjectsLocationsListOptions { /** * A filter to narrow down results to a preferred subset. The filtering * language accepts strings like `"displayName=tokyo"`, and is documented in * more detail in [AIP-160](https://google.aip.dev/160). */ filter?: string; /** * The maximum number of results to return. If not set, the service selects a * default. */ pageSize?: number; /** * A page token received from the `next_page_token` field in the response. * Send that page token to receive the subsequent page. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsOperationsList. */ export interface ProjectsLocationsOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesCreate. */ export interface ProjectsLocationsServerTlsPoliciesCreateOptions { /** * Required. Short name of the ServerTlsPolicy resource to be created. This * value should be 1-63 characters long, containing only letters, numbers, * hyphens, and underscores, and should not start with a number. E.g. * "server_mtls_policy". */ serverTlsPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesGetIamPolicy. */ export interface ProjectsLocationsServerTlsPoliciesGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesList. */ export interface ProjectsLocationsServerTlsPoliciesListOptions { /** * Maximum number of ServerTlsPolicies to return per call. */ pageSize?: number; /** * The value returned by the last `ListServerTlsPoliciesResponse` Indicates * that this is a continuation of a prior `ListServerTlsPolicies` call, and * that the system should return the next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsServerTlsPoliciesPatch. */ export interface ProjectsLocationsServerTlsPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the ServerTlsPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsServerTlsPoliciesPatchOptions(data: any): ProjectsLocationsServerTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsServerTlsPoliciesPatchOptions(data: any): ProjectsLocationsServerTlsPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesCreate. */ export interface ProjectsLocationsTlsInspectionPoliciesCreateOptions { /** * Required. Short name of the TlsInspectionPolicy resource to be created. * This value should be 1-63 characters long, containing only letters, * numbers, hyphens, and underscores, and should not start with a number. E.g. * "tls_inspection_policy1". */ tlsInspectionPolicyId?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesDelete. */ export interface ProjectsLocationsTlsInspectionPoliciesDeleteOptions { /** * If set to true, any rules for this TlsInspectionPolicy will also be * deleted. (Otherwise, the request will only work if the TlsInspectionPolicy * has no rules.) */ force?: boolean; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesList. */ export interface ProjectsLocationsTlsInspectionPoliciesListOptions { /** * Maximum number of TlsInspectionPolicies to return per call. */ pageSize?: number; /** * The value returned by the last 'ListTlsInspectionPoliciesResponse' * Indicates that this is a continuation of a prior * 'ListTlsInspectionPolicies' call, and that the system should return the * next page of data. */ pageToken?: string; } /** * Additional options for * NetworkSecurity#projectsLocationsTlsInspectionPoliciesPatch. */ export interface ProjectsLocationsTlsInspectionPoliciesPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the TlsInspectionPolicy resource by the update. The fields specified in the * update_mask are relative to the resource, not the full request. A field * will be overwritten if it is in the mask. If the user does not provide a * mask then all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsTlsInspectionPoliciesPatchOptions(data: any): ProjectsLocationsTlsInspectionPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsTlsInspectionPoliciesPatchOptions(data: any): ProjectsLocationsTlsInspectionPoliciesPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for NetworkSecurity#projectsLocationsUrlListsCreate. */ export interface ProjectsLocationsUrlListsCreateOptions { /** * Required. Short name of the UrlList resource to be created. This value * should be 1-63 characters long, containing only letters, numbers, hyphens, * and underscores, and should not start with a number. E.g. "url_list". */ urlListId?: string; } /** * Additional options for NetworkSecurity#projectsLocationsUrlListsList. */ export interface ProjectsLocationsUrlListsListOptions { /** * Maximum number of UrlLists to return per call. */ pageSize?: number; /** * The value returned by the last `ListUrlListsResponse` Indicates that this * is a continuation of a prior `ListUrlLists` call, and that the system * should return the next page of data. */ pageToken?: string; } /** * Additional options for NetworkSecurity#projectsLocationsUrlListsPatch. */ export interface ProjectsLocationsUrlListsPatchOptions { /** * Optional. Field mask is used to specify the fields to be overwritten in * the UrlList resource by the update. The fields specified in the update_mask * are relative to the resource, not the full request. A field will be * overwritten if it is in the mask. If the user does not provide a mask then * all fields will be overwritten. */ updateMask?: string /* FieldMask */; } function serializeProjectsLocationsUrlListsPatchOptions(data: any): ProjectsLocationsUrlListsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsUrlListsPatchOptions(data: any): ProjectsLocationsUrlListsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Request used by the RemoveAddressGroupItems method. */ export interface RemoveAddressGroupItemsRequest { /** * Required. List of items to remove. */ items?: string[]; /** * Optional. An optional request ID to identify requests. Specify a unique * request ID so that if you must retry your request, the server will know to * ignore the request if it has already been completed. The server will * guarantee that for at least 60 minutes since the first request. For * example, consider a situation where you make an initial request and the * request times out. If you make the request again with the same request ID, * the server can check if original operation with the same request ID was * received, and if so, will ignore the second request. This prevents clients * from accidentally creating duplicate commitments. The request ID must be a * valid UUID with the exception that zero UUID is not supported * (00000000-0000-0000-0000-000000000000). */ requestId?: string; } /** * Specification of rules. */ export interface Rule { /** * Optional. List of attributes for the traffic destination. All of the * destinations must match. A destination is a match if a request matches all * the specified hosts, ports, methods and headers. If not set, the action * specified in the 'action' field will be applied without any rule checks for * the destination. */ destinations?: Destination[]; /** * Optional. List of attributes for the traffic source. All of the sources * must match. A source is a match if both principals and ip_blocks match. If * not set, the action specified in the 'action' field will be applied without * any rule checks for the source. */ sources?: Source[]; } /** * ServerTlsPolicy is a resource that specifies how a server should * authenticate incoming requests. This resource itself does not affect * configuration unless it is attached to a target HTTPS proxy or endpoint * config selector resource. ServerTlsPolicy in the form accepted by external * HTTPS load balancers can be attached only to TargetHttpsProxy with an * `EXTERNAL` or `EXTERNAL_MANAGED` load balancing scheme. Traffic Director * compatible ServerTlsPolicies can be attached to EndpointPolicy and * TargetHttpsProxy with Traffic Director `INTERNAL_SELF_MANAGED` load balancing * scheme. */ export interface ServerTlsPolicy { /** * This field applies only for Traffic Director policies. It is must be set * to false for external HTTPS load balancer policies. Determines if server * allows plaintext connections. If set to true, server allows plain text * connections. By default, it is set to false. This setting is not exclusive * of other encryption modes. For example, if `allow_open` and `mtls_policy` * are set, server allows both plain text and mTLS connections. See * documentation of other encryption modes to confirm compatibility. Consider * using it if you wish to upgrade in place your deployment to TLS while * having mixed TLS and non-TLS traffic reaching port :80. */ allowOpen?: boolean; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Free-text description of the resource. */ description?: string; /** * Set of label tags associated with the resource. */ labels?: { [key: string]: string }; /** * This field is required if the policy is used with external HTTPS load * balancers. This field can be empty for Traffic Director. Defines a * mechanism to provision peer validation certificates for peer to peer * authentication (Mutual TLS - mTLS). If not specified, client certificate * will not be requested. The connection is treated as TLS and not mTLS. If * `allow_open` and `mtls_policy` are set, server allows both plain text and * mTLS connections. */ mtlsPolicy?: MTLSPolicy; /** * Required. Name of the ServerTlsPolicy resource. It matches the pattern * `projects/*\/locations/{location}/serverTlsPolicies/{server_tls_policy}` */ name?: string; /** * Optional if policy is to be used with Traffic Director. For external HTTPS * load balancer must be empty. Defines a mechanism to provision server * identity (public and private keys). Cannot be combined with `allow_open` as * a permissive mode that allows both plain text and TLS is not supported. */ serverCertificate?: GoogleCloudNetworksecurityV1CertificateProvider; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * Specification of traffic source attributes. */ export interface Source { /** * Optional. List of CIDR ranges to match based on source IP address. At * least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR * (e.g., "1.2.3.0/24") are supported. Authorization based on source IP alone * should be avoided. The IP addresses of any load balancers or proxies should * be considered untrusted. */ ipBlocks?: string[]; /** * Optional. List of peer identities to match for authorization. At least one * principal should match. Each peer can be an exact match, or a prefix match * (example, "namespace/*") or a suffix match (example, "*\/service-account") * or a presence match "*". Authorization based on the principal name without * certificate validation (configured by ServerTlsPolicy resource) is * considered insecure. */ principals?: string[]; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * The TlsInspectionPolicy resource contains references to CA pools in * Certificate Authority Service and associated metadata. */ export interface TlsInspectionPolicy { /** * Required. A CA pool resource used to issue interception certificates. The * CA pool string has a relative resource path following the form * "projects/{project}/locations/{location}/caPools/{ca_pool}". */ caPool?: string; /** * Output only. The timestamp when the resource was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Name of the resource. Name is of the form * projects/{project}/locations/{location}/tlsInspectionPolicies/{tls_inspection_policy} * tls_inspection_policy should match the * pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Output only. The timestamp when the resource was updated. */ readonly updateTime?: Date; } /** * UrlList proto helps users to set reusable, independently manageable lists of * hosts, host patterns, URLs, URL patterns. */ export interface UrlList { /** * Output only. Time when the security policy was created. */ readonly createTime?: Date; /** * Optional. Free-text description of the resource. */ description?: string; /** * Required. Name of the resource provided by the user. Name is of the form * projects/{project}/locations/{location}/urlLists/{url_list} url_list should * match the pattern:(^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$). */ name?: string; /** * Output only. Time when the security policy was updated. */ readonly updateTime?: Date; /** * Required. FQDNs and URLs. */ values?: string[]; } /** * Specification of ValidationCA. Defines the mechanism to obtain the * Certificate Authority certificate to validate the peer certificate. */ export interface ValidationCA { /** * The certificate provider instance specification that will be passed to the * data plane, which will be used to load necessary credential information. */ certificateProviderInstance?: CertificateProviderInstance; /** * gRPC specific configuration to access the gRPC server to obtain the CA * certificate. */ grpcEndpoint?: GoogleCloudNetworksecurityV1GrpcEndpoint; } function decodeBase64(b64: string): Uint8Array { const binString = atob(b64); const size = binString.length; const bytes = new Uint8Array(size); for (let i = 0; i < size; i++) { bytes[i] = binString.charCodeAt(i); } return bytes; } const base64abc = ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","0","1","2","3","4","5","6","7","8","9","+","/"]; /** * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727 * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation * @param data */ function encodeBase64(uint8: Uint8Array): string { let result = "", i; const l = uint8.length; for (i = 2; i < l; i += 3) { result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)]; result += base64abc[uint8[i] & 0x3f]; } if (i === l + 1) { // 1 octet yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[(uint8[i - 2] & 0x03) << 4]; result += "=="; } if (i === l) { // 2 octets yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[(uint8[i - 1] & 0x0f) << 2]; result += "="; } return result; }