// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Cloud Workstations API Client for Deno * ====================================== * * Allows administrators to create managed developer environments in the cloud. * * Docs: https://cloud.google.com/workstations * Source: https://googleapis.deno.dev/v1/workstations:v1.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; /** * Allows administrators to create managed developer environments in the cloud. * */ export class Workstations { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://workstations.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Gets information about a location. * * @param name Resource name for the location. */ async projectsLocationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Location; } /** * Lists information about the supported locations for this service. * * @param name The resource that owns the locations collection, if applicable. */ async projectsLocationsList(name: string, opts: ProjectsLocationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/locations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListLocationsResponse; } /** * Starts asynchronous cancellation on a long-running operation. The server * makes a best effort to cancel the operation, but success is not guaranteed. * If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or * other methods to check whether the cancellation succeeded or whether the * operation completed despite cancellation. On successful cancellation, the * operation is not deleted; instead, it becomes an operation with an * Operation.error value with a google.rpc.Status.code of 1, corresponding to * `Code.CANCELLED`. * * @param name The name of the operation resource to be cancelled. */ async projectsLocationsOperationsCancel(name: string, req: CancelOperationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:cancel`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as GoogleProtobufEmpty; } /** * Deletes a long-running operation. This method indicates that the client is * no longer interested in the operation result. It does not cancel the * operation. If the server doesn't support this method, it returns * `google.rpc.Code.UNIMPLEMENTED`. * * @param name The name of the operation resource to be deleted. */ async projectsLocationsOperationsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as GoogleProtobufEmpty; } /** * Gets the latest state of a long-running operation. Clients can use this * method to poll the operation result at intervals as recommended by the API * service. * * @param name The name of the operation resource. */ async projectsLocationsOperationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Operation; } /** * Lists operations that match the specified filter in the request. If the * server doesn't support this method, it returns `UNIMPLEMENTED`. * * @param name The name of the operation's parent resource. */ async projectsLocationsOperationsList(name: string, opts: ProjectsLocationsOperationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }/operations`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListOperationsResponse; } /** * Creates a new workstation cluster. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersCreate(parent: string, req: WorkstationCluster, opts: ProjectsLocationsWorkstationClustersCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstationClusters`); if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } if (opts.workstationClusterId !== undefined) { url.searchParams.append("workstationClusterId", String(opts.workstationClusterId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes the specified workstation cluster. * * @param name Required. Name of the workstation cluster to delete. */ async projectsLocationsWorkstationClustersDelete(name: string, opts: ProjectsLocationsWorkstationClustersDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.etag !== undefined) { url.searchParams.append("etag", String(opts.etag)); } if (opts.force !== undefined) { url.searchParams.append("force", String(opts.force)); } if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Returns the requested workstation cluster. * * @param name Required. Name of the requested resource. */ async projectsLocationsWorkstationClustersGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as WorkstationCluster; } /** * Returns all workstation clusters in the specified location. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersList(parent: string, opts: ProjectsLocationsWorkstationClustersListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstationClusters`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListWorkstationClustersResponse; } /** * Updates an existing workstation cluster. * * @param name Identifier. Full name of this workstation cluster. */ async projectsLocationsWorkstationClustersPatch(name: string, req: WorkstationCluster, opts: ProjectsLocationsWorkstationClustersPatchOptions = {}): Promise { opts = serializeProjectsLocationsWorkstationClustersPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.allowMissing !== undefined) { url.searchParams.append("allowMissing", String(opts.allowMissing)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Creates a new workstation configuration. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersWorkstationConfigsCreate(parent: string, req: WorkstationConfig, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsCreateOptions = {}): Promise { req = serializeWorkstationConfig(req); const url = new URL(`${this.#baseUrl}v1/${ parent }/workstationConfigs`); if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } if (opts.workstationConfigId !== undefined) { url.searchParams.append("workstationConfigId", String(opts.workstationConfigId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes the specified workstation configuration. * * @param name Required. Name of the workstation configuration to delete. */ async projectsLocationsWorkstationClustersWorkstationConfigsDelete(name: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.etag !== undefined) { url.searchParams.append("etag", String(opts.etag)); } if (opts.force !== undefined) { url.searchParams.append("force", String(opts.force)); } if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Returns the requested workstation configuration. * * @param name Required. Name of the requested resource. */ async projectsLocationsWorkstationClustersWorkstationConfigsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeWorkstationConfig(data); } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsWorkstationClustersWorkstationConfigsGetIamPolicy(resource: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializePolicy(data); } /** * Returns all workstation configurations in the specified cluster. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersWorkstationConfigsList(parent: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstationConfigs`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListWorkstationConfigsResponse(data); } /** * Returns all workstation configurations in the specified cluster on which * the caller has the "workstations.workstation.create" permission. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersWorkstationConfigsListUsable(parent: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsListUsableOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstationConfigs:listUsable`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListUsableWorkstationConfigsResponse(data); } /** * Updates an existing workstation configuration. * * @param name Identifier. Full name of this workstation configuration. */ async projectsLocationsWorkstationClustersWorkstationConfigsPatch(name: string, req: WorkstationConfig, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions = {}): Promise { req = serializeWorkstationConfig(req); opts = serializeProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.allowMissing !== undefined) { url.searchParams.append("allowMissing", String(opts.allowMissing)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsWorkstationClustersWorkstationConfigsSetIamPolicy(resource: string, req: SetIamPolicyRequest): Promise { req = serializeSetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializePolicy(data); } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsWorkstationClustersWorkstationConfigsTestIamPermissions(resource: string, req: TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as TestIamPermissionsResponse; } /** * Creates a new workstation. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsCreate(parent: string, req: Workstation, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsCreateOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstations`); if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } if (opts.workstationId !== undefined) { url.searchParams.append("workstationId", String(opts.workstationId)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Deletes the specified workstation. * * @param name Required. Name of the workstation to delete. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsDelete(name: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsDeleteOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.etag !== undefined) { url.searchParams.append("etag", String(opts.etag)); } if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Operation; } /** * Returns a short-lived credential that can be used to send authenticated * and authorized traffic to a workstation. * * @param workstation Required. Name of the workstation for which the access token should be generated. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsGenerateAccessToken(workstation: string, req: GenerateAccessTokenRequest): Promise { req = serializeGenerateAccessTokenRequest(req); const url = new URL(`${this.#baseUrl}v1/${ workstation }:generateAccessToken`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeGenerateAccessTokenResponse(data); } /** * Returns the requested workstation. * * @param name Required. Name of the requested resource. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Workstation; } /** * Gets the access control policy for a resource. Returns an empty policy if * the resource exists and does not have a policy set. * * @param resource REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsGetIamPolicy(resource: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsGetIamPolicyOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:getIamPolicy`); if (opts["options.requestedPolicyVersion"] !== undefined) { url.searchParams.append("options.requestedPolicyVersion", String(opts["options.requestedPolicyVersion"])); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializePolicy(data); } /** * Returns all Workstations using the specified workstation configuration. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsList(parent: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstations`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListWorkstationsResponse; } /** * Returns all workstations using the specified workstation configuration on * which the caller has the "workstations.workstations.use" permission. * * @param parent Required. Parent resource name. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsListUsable(parent: string, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsListUsableOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/workstations:listUsable`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListUsableWorkstationsResponse; } /** * Updates an existing workstation. * * @param name Identifier. Full name of this workstation. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatch(name: string, req: Workstation, opts: ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions = {}): Promise { opts = serializeProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.allowMissing !== undefined) { url.searchParams.append("allowMissing", String(opts.allowMissing)); } if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } if (opts.validateOnly !== undefined) { url.searchParams.append("validateOnly", String(opts.validateOnly)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return data as Operation; } /** * Sets the access control policy on the specified resource. Replaces any * existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and * `PERMISSION_DENIED` errors. * * @param resource REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsSetIamPolicy(resource: string, req: SetIamPolicyRequest): Promise { req = serializeSetIamPolicyRequest(req); const url = new URL(`${this.#baseUrl}v1/${ resource }:setIamPolicy`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializePolicy(data); } /** * Starts running a workstation so that users can connect to it. * * @param name Required. Name of the workstation to start. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsStart(name: string, req: StartWorkstationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:start`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Stops running a workstation, reducing costs. * * @param name Required. Name of the workstation to stop. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsStop(name: string, req: StopWorkstationRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:stop`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as Operation; } /** * Returns permissions that a caller has on the specified resource. If the * resource does not exist, this will return an empty set of permissions, not * a `NOT_FOUND` error. Note: This operation is designed to be used for * building permission-aware UIs and command-line tools, not for authorization * checking. This operation may "fail open" without warning. * * @param resource REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. */ async projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsTestIamPermissions(resource: string, req: TestIamPermissionsRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ resource }:testIamPermissions`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return data as TestIamPermissionsResponse; } } /** * An accelerator card attached to the instance. */ export interface Accelerator { /** * Optional. Number of accelerator cards exposed to the instance. */ count?: number; /** * Optional. Type of accelerator resource to attach to the instance, for * example, `"nvidia-tesla-p100"`. */ type?: string; } /** * Specifies the audit configuration for a service. The configuration * determines which permission types are logged, and what identities, if any, * are exempted from logging. An AuditConfig must have one or more * AuditLogConfigs. If there are AuditConfigs for both `allServices` and a * specific service, the union of the two AuditConfigs is used for that service: * the log_types specified in each AuditConfig are enabled, and the * exempted_members in each AuditLogConfig are exempted. Example Policy with * multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": * "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", * "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": * "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For * sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ * logging. It also exempts `jose@example.com` from DATA_READ logging, and * `aliya@example.com` from DATA_WRITE logging. */ export interface AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a * special value that covers all services. */ service?: string; } /** * Provides the configuration for logging a type of permissions. Example: { * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ * "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables * 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from * DATA_READ logging. */ export interface AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of * permission. Follows the same format of Binding.members. */ exemptedMembers?: string[]; /** * The log type that this config enables. */ logType?: | "LOG_TYPE_UNSPECIFIED" | "ADMIN_READ" | "DATA_WRITE" | "DATA_READ"; } /** * Associates `members`, or principals, with a `role`. */ export interface Binding { /** * The condition that is associated with this binding. If the condition * evaluates to `true`, then this binding applies to the current request. If * the condition evaluates to `false`, then this binding does not apply to the * current request. However, a different role binding might grant the same * role to one or more of the principals in this binding. To learn which * resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Expr; /** * Specifies the principals requesting access for a Google Cloud resource. * `members` can have the following values: * `allUsers`: A special identifier * that represents anyone who is on the internet; with or without a Google * account. * `allAuthenticatedUsers`: A special identifier that represents * anyone who is authenticated with a Google account or a service account. * Does not include identities that come from external identity providers * (IdPs) through identity federation. * `user:{emailid}`: An email address * that represents a specific Google account. For example, `alice@example.com` * . * `serviceAccount:{emailid}`: An email address that represents a Google * service account. For example, `my-other-app@appspot.gserviceaccount.com`. * * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An * identifier for a [Kubernetes service * account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). * For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * * `group:{emailid}`: An email address that represents a Google group. For * example, `admins@example.com`. * `domain:{domain}`: The G Suite domain * (primary) that represents all the users of that domain. For example, * `google.com` or `example.com`. * * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: * A single identity in a workforce identity pool. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: * All workforce identities in a group. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: * All workforce identities with a specific attribute value. * * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: * All identities in a workforce identity pool. * * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: * A single identity in a workload identity pool. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: * A workload identity pool group. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: * All identities in a workload identity pool with a certain attribute. * * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: * All identities in a workload identity pool. * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique * identifier) representing a user that has been recently deleted. For * example, `alice@example.com?uid=123456789012345678901`. If the user is * recovered, this value reverts to `user:{emailid}` and the recovered user * retains the role in the binding. * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus * unique identifier) representing a service account that has been recently * deleted. For example, * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If * the service account is undeleted, this value reverts to * `serviceAccount:{emailid}` and the undeleted service account retains the * role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email * address (plus unique identifier) representing a Google group that has been * recently deleted. For example, * `admins@example.com?uid=123456789012345678901`. If the group is recovered, * this value reverts to `group:{emailid}` and the recovered group retains the * role in the binding. * * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: * Deleted single identity in a workforce identity pool. For example, * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[]; /** * Role that is assigned to the list of `members`, or principals. For * example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview * of the IAM roles and permissions, see the [IAM * documentation](https://cloud.google.com/iam/docs/roles-overview). For a * list of the available pre-defined roles, see * [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string; } /** * A configuration that workstations can boost to. */ export interface BoostConfig { /** * Optional. A list of the type and count of accelerator cards attached to * the boost instance. Defaults to `none`. */ accelerators?: Accelerator[]; /** * Optional. The size of the boot disk for the VM in gigabytes (GB). The * minimum boot disk size is `30` GB. Defaults to `50` GB. */ bootDiskSizeGb?: number; /** * Optional. Whether to enable nested virtualization on boosted Cloud * Workstations VMs running using this boost configuration. Defaults to false. * Nested virtualization lets you run virtual machine (VM) instances inside * your workstation. Before enabling nested virtualization, consider the * following important considerations. Cloud Workstations instances are * subject to the [same restrictions as Compute Engine * instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions): * * **Organization policy**: projects, folders, or organizations may be * restricted from creating nested VMs if the **Disable VM nested * virtualization** constraint is enforced in the organization policy. For * more information, see the Compute Engine section, [Checking whether nested * virtualization is * allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed). * * **Performance**: nested VMs might experience a 10% or greater decrease in * performance for workloads that are CPU-bound and possibly greater than a * 10% decrease for workloads that are input/output bound. * **Machine Type**: * nested virtualization can only be enabled on boost configurations that * specify a machine_type in the N1 or N2 machine series. */ enableNestedVirtualization?: boolean; /** * Optional. Required. The id to be used for the boost configuration. */ id?: string; /** * Optional. The type of machine that boosted VM instances will use—for * example, `e2-standard-4`. For more information about machine types that * Cloud Workstations supports, see the list of [available machine * types](https://cloud.google.com/workstations/docs/available-machine-types). * Defaults to `e2-standard-4`. */ machineType?: string; /** * Optional. The number of boost VMs that the system should keep idle so that * workstations can be boosted quickly. Defaults to `0`. */ poolSize?: number; } /** * The request message for Operations.CancelOperation. */ export interface CancelOperationRequest { } /** * A Docker container. */ export interface Container { /** * Optional. Arguments passed to the entrypoint. */ args?: string[]; /** * Optional. If set, overrides the default ENTRYPOINT specified by the image. */ command?: string[]; /** * Optional. Environment variables passed to the container's entrypoint. */ env?: { [key: string]: string }; /** * Optional. A Docker container image that defines a custom environment. * Cloud Workstations provides a number of [preconfigured * images](https://cloud.google.com/workstations/docs/preconfigured-base-images), * but you can create your own [custom container * images](https://cloud.google.com/workstations/docs/custom-container-images). * If using a private image, the `host.gceInstance.serviceAccount` field must * be specified in the workstation configuration. If using a custom container * image, the service account must have [Artifact Registry * Reader](https://cloud.google.com/artifact-registry/docs/access-control#roles) * permission to pull the specified image. Otherwise, the image must be * publicly accessible. */ image?: string; /** * Optional. If set, overrides the USER specified in the image with the given * uid. */ runAsUser?: number; /** * Optional. If set, overrides the default DIR specified by the image. */ workingDir?: string; } /** * A customer-managed encryption key (CMEK) for the Compute Engine resources of * the associated workstation configuration. Specify the name of your Cloud KMS * encryption key and the default service account. We recommend that you use a * separate service account and follow [Cloud KMS best * practices](https://cloud.google.com/kms/docs/separation-of-duties). */ export interface CustomerEncryptionKey { /** * Immutable. The name of the Google Cloud KMS encryption key. For example, * `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`. * The key must be in the same region as the workstation configuration. */ kmsKey?: string; /** * Immutable. The service account to use with the specified KMS key. We * recommend that you use a separate service account and follow KMS best * practices. For more information, see [Separation of * duties](https://cloud.google.com/kms/docs/separation-of-duties) and `gcloud * kms keys add-iam-policy-binding` * [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member). */ kmsKeyServiceAccount?: string; } /** * Configuration options for a custom domain. */ export interface DomainConfig { /** * Immutable. Domain used by Workstations for HTTP ingress. */ domain?: string; } /** * An ephemeral directory which won't persist across workstation sessions. It * is freshly created on every workstation start operation. */ export interface EphemeralDirectory { /** * An EphemeralDirectory backed by a Compute Engine persistent disk. */ gcePd?: GcePersistentDisk; /** * Required. Location of this directory in the running workstation. */ mountPath?: string; } /** * Represents a textual expression in the Common Expression Language (CEL) * syntax. CEL is a C-like expression language. The syntax and semantics of CEL * are documented at https://github.com/google/cel-spec. Example (Comparison): * title: "Summary size limit" description: "Determines if a summary is less * than 100 chars" expression: "document.summary.size() < 100" Example * (Equality): title: "Requestor is owner" description: "Determines if requestor * is the document owner" expression: "document.owner == * request.auth.claims.email" Example (Logic): title: "Public documents" * description: "Determine whether the document should be publicly visible" * expression: "document.type != 'private' && document.type != 'internal'" * Example (Data Manipulation): title: "Notification string" description: * "Create a notification string with a timestamp." expression: "'New message * received at ' + string(document.create_time)" The exact variables and * functions that may be referenced within an expression are determined by the * service that evaluates it. See the service documentation for additional * information. */ export interface Expr { /** * Optional. Description of the expression. This is a longer text which * describes the expression, e.g. when hovered over it in a UI. */ description?: string; /** * Textual representation of an expression in Common Expression Language * syntax. */ expression?: string; /** * Optional. String indicating the location of the expression for error * reporting, e.g. a file name and a position in the file. */ location?: string; /** * Optional. Title for the expression, i.e. a short string describing its * purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string; } /** * A set of Compute Engine Confidential VM instance options. */ export interface GceConfidentialInstanceConfig { /** * Optional. Whether the instance has confidential compute enabled. */ enableConfidentialCompute?: boolean; } /** * A runtime using a Compute Engine instance. */ export interface GceInstance { /** * Optional. A list of the type and count of accelerator cards attached to * the instance. */ accelerators?: Accelerator[]; /** * Optional. A list of the boost configurations that workstations created * using this workstation configuration are allowed to use. */ boostConfigs?: BoostConfig[]; /** * Optional. The size of the boot disk for the VM in gigabytes (GB). The * minimum boot disk size is `30` GB. Defaults to `50` GB. */ bootDiskSizeGb?: number; /** * Optional. A set of Compute Engine Confidential VM instance options. */ confidentialInstanceConfig?: GceConfidentialInstanceConfig; /** * Optional. When set to true, disables public IP addresses for VMs. If you * disable public IP addresses, you must set up Private Google Access or Cloud * NAT on your network. If you use Private Google Access and you use * `private.googleapis.com` or `restricted.googleapis.com` for Container * Registry and Artifact Registry, make sure that you set up DNS records for * domains `*.gcr.io` and `*.pkg.dev`. Defaults to false (VMs have public IP * addresses). */ disablePublicIpAddresses?: boolean; /** * Optional. Whether to disable SSH access to the VM. */ disableSsh?: boolean; /** * Optional. Whether to enable nested virtualization on Cloud Workstations * VMs created using this workstation configuration. Defaults to false. Nested * virtualization lets you run virtual machine (VM) instances inside your * workstation. Before enabling nested virtualization, consider the following * important considerations. Cloud Workstations instances are subject to the * [same restrictions as Compute Engine * instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions): * * **Organization policy**: projects, folders, or organizations may be * restricted from creating nested VMs if the **Disable VM nested * virtualization** constraint is enforced in the organization policy. For * more information, see the Compute Engine section, [Checking whether nested * virtualization is * allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed). * * **Performance**: nested VMs might experience a 10% or greater decrease in * performance for workloads that are CPU-bound and possibly greater than a * 10% decrease for workloads that are input/output bound. * **Machine Type**: * nested virtualization can only be enabled on workstation configurations * that specify a machine_type in the N1 or N2 machine series. */ enableNestedVirtualization?: boolean; /** * Optional. The type of machine to use for VM instances—for example, * `"e2-standard-4"`. For more information about machine types that Cloud * Workstations supports, see the list of [available machine * types](https://cloud.google.com/workstations/docs/available-machine-types). */ machineType?: string; /** * Output only. Number of instances currently available in the pool for * faster workstation startup. */ readonly pooledInstances?: number; /** * Optional. The number of VMs that the system should keep idle so that new * workstations can be started quickly for new users. Defaults to `0` in the * API. */ poolSize?: number; /** * Optional. The email address of the service account for Cloud Workstations * VMs created with this configuration. When specified, be sure that the * service account has `logging.logEntries.create` and * `monitoring.timeSeries.create` permissions on the project so it can write * logs out to Cloud Logging. If using a custom container image, the service * account must have [Artifact Registry * Reader](https://cloud.google.com/artifact-registry/docs/access-control#roles) * permission to pull the specified image. If you as the administrator want to * be able to `ssh` into the underlying VM, you need to set this value to a * service account for which you have the `iam.serviceAccounts.actAs` * permission. Conversely, if you don't want anyone to be able to `ssh` into * the underlying VM, use a service account where no one has that permission. * If not set, VMs run with a service account provided by the Cloud * Workstations service, and the image must be publicly accessible. */ serviceAccount?: string; /** * Optional. Scopes to grant to the service_account. When specified, users of * workstations under this configuration must have `iam.serviceAccounts.actAs` * on the service account. */ serviceAccountScopes?: string[]; /** * Optional. A set of Compute Engine Shielded instance options. */ shieldedInstanceConfig?: GceShieldedInstanceConfig; /** * Optional. Network tags to add to the Compute Engine VMs backing the * workstations. This option applies [network * tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs * created with this configuration. These network tags enable the creation of * [firewall * rules](https://cloud.google.com/workstations/docs/configure-firewall-rules). */ tags?: string[]; /** * Optional. Resource manager tags to be bound to this instance. Tag keys and * values have the same definition as [resource manager * tags](https://cloud.google.com/resource-manager/docs/tags/tags-overview). * Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the * format `tagValues/456`. */ vmTags?: { [key: string]: string }; } /** * An EphemeralDirectory is backed by a Compute Engine persistent disk. */ export interface GcePersistentDisk { /** * Optional. Type of the disk to use. Defaults to `"pd-standard"`. */ diskType?: string; /** * Optional. Whether the disk is read only. If true, the disk may be shared * by multiple VMs and source_snapshot must be set. */ readOnly?: boolean; /** * Optional. Name of the disk image to use as the source for the disk. Must * be empty if source_snapshot is set. Updating source_image will update * content in the ephemeral directory after the workstation is restarted. This * field is mutable. */ sourceImage?: string; /** * Optional. Name of the snapshot to use as the source for the disk. Must be * empty if source_image is set. Must be empty if read_only is false. Updating * source_snapshot will update content in the ephemeral directory after the * workstation is restarted. This field is mutable. */ sourceSnapshot?: string; } /** * A Persistent Directory backed by a Compute Engine regional persistent disk. * The persistent_directories field is repeated, but it may contain only one * entry. It creates a [persistent * disk](https://cloud.google.com/compute/docs/disks/persistent-disks) that * mounts to the workstation VM at `/home` when the session starts and detaches * when the session ends. If this field is empty, workstations created with this * configuration do not have a persistent home directory. */ export interface GceRegionalPersistentDisk { /** * Optional. The [type of the persistent * disk](https://cloud.google.com/compute/docs/disks#disk-types) for the home * directory. Defaults to `"pd-standard"`. */ diskType?: string; /** * Optional. Type of file system that the disk should be formatted with. The * workstation image must support this file system type. Must be empty if * source_snapshot is set. Defaults to `"ext4"`. */ fsType?: string; /** * Optional. Whether the persistent disk should be deleted when the * workstation is deleted. Valid values are `DELETE` and `RETAIN`. Defaults to * `DELETE`. */ reclaimPolicy?: | "RECLAIM_POLICY_UNSPECIFIED" | "DELETE" | "RETAIN"; /** * Optional. The GB capacity of a persistent home directory for each * workstation created with this configuration. Must be empty if * source_snapshot is set. Valid values are `10`, `50`, `100`, `200`, `500`, * or `1000`. Defaults to `200`. If less than `200` GB, the disk_type must be * `"pd-balanced"` or `"pd-ssd"`. */ sizeGb?: number; /** * Optional. Name of the snapshot to use as the source for the disk. If set, * size_gb and fs_type must be empty. */ sourceSnapshot?: string; } /** * A set of Compute Engine Shielded instance options. */ export interface GceShieldedInstanceConfig { /** * Optional. Whether the instance has integrity monitoring enabled. */ enableIntegrityMonitoring?: boolean; /** * Optional. Whether the instance has Secure Boot enabled. */ enableSecureBoot?: boolean; /** * Optional. Whether the instance has the vTPM enabled. */ enableVtpm?: boolean; } /** * Request message for GenerateAccessToken. */ export interface GenerateAccessTokenRequest { /** * Desired expiration time of the access token. This value must be at most 24 * hours in the future. If a value is not specified, the token's expiration * time will be set to a default value of 1 hour in the future. */ expireTime?: Date; /** * Optional. Port for which the access token should be generated. If * specified, the generated access token grants access only to the specified * port of the workstation. If specified, values must be within the range [1 - * 65535]. If not specified, the generated access token grants access to all * ports of the workstation. */ port?: number; /** * Desired lifetime duration of the access token. This value must be at most * 24 hours. If a value is not specified, the token's lifetime will be set to * a default value of 1 hour. */ ttl?: number /* Duration */; } function serializeGenerateAccessTokenRequest(data: any): GenerateAccessTokenRequest { return { ...data, expireTime: data["expireTime"] !== undefined ? data["expireTime"].toISOString() : undefined, ttl: data["ttl"] !== undefined ? data["ttl"] : undefined, }; } function deserializeGenerateAccessTokenRequest(data: any): GenerateAccessTokenRequest { return { ...data, expireTime: data["expireTime"] !== undefined ? new Date(data["expireTime"]) : undefined, ttl: data["ttl"] !== undefined ? data["ttl"] : undefined, }; } /** * Response message for GenerateAccessToken. */ export interface GenerateAccessTokenResponse { /** * The generated bearer access token. To use this token, include it in an * Authorization header of an HTTP request sent to the associated * workstation's hostname—for example, `Authorization: Bearer `. */ accessToken?: string; /** * Time at which the generated token will expire. */ expireTime?: Date; } function serializeGenerateAccessTokenResponse(data: any): GenerateAccessTokenResponse { return { ...data, expireTime: data["expireTime"] !== undefined ? data["expireTime"].toISOString() : undefined, }; } function deserializeGenerateAccessTokenResponse(data: any): GenerateAccessTokenResponse { return { ...data, expireTime: data["expireTime"] !== undefined ? new Date(data["expireTime"]) : undefined, }; } /** * A generic empty message that you can re-use to avoid defining duplicated * empty messages in your APIs. A typical example is to use it as the request or * the response type of an API method. For instance: service Foo { rpc * Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } */ export interface GoogleProtobufEmpty { } /** * Runtime host for a workstation. */ export interface Host { /** * Specifies a Compute Engine instance as the host. */ gceInstance?: GceInstance; } /** * The response message for Locations.ListLocations. */ export interface ListLocationsResponse { /** * A list of locations that matches the specified filter in the request. */ locations?: Location[]; /** * The standard List next-page token. */ nextPageToken?: string; } /** * The response message for Operations.ListOperations. */ export interface ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string; /** * A list of operations that matches the specified filter in the request. */ operations?: Operation[]; } /** * Response message for ListUsableWorkstationConfigs. */ export interface ListUsableWorkstationConfigsResponse { /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; /** * Unreachable resources. */ unreachable?: string[]; /** * The requested configs. */ workstationConfigs?: WorkstationConfig[]; } function serializeListUsableWorkstationConfigsResponse(data: any): ListUsableWorkstationConfigsResponse { return { ...data, workstationConfigs: data["workstationConfigs"] !== undefined ? data["workstationConfigs"].map((item: any) => (serializeWorkstationConfig(item))) : undefined, }; } function deserializeListUsableWorkstationConfigsResponse(data: any): ListUsableWorkstationConfigsResponse { return { ...data, workstationConfigs: data["workstationConfigs"] !== undefined ? data["workstationConfigs"].map((item: any) => (deserializeWorkstationConfig(item))) : undefined, }; } /** * Response message for ListUsableWorkstations. */ export interface ListUsableWorkstationsResponse { /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; /** * Unreachable resources. */ unreachable?: string[]; /** * The requested workstations. */ workstations?: Workstation[]; } /** * Response message for ListWorkstationClusters. */ export interface ListWorkstationClustersResponse { /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; /** * Unreachable resources. */ unreachable?: string[]; /** * The requested workstation clusters. */ workstationClusters?: WorkstationCluster[]; } /** * Response message for ListWorkstationConfigs. */ export interface ListWorkstationConfigsResponse { /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; /** * Unreachable resources. */ unreachable?: string[]; /** * The requested configs. */ workstationConfigs?: WorkstationConfig[]; } function serializeListWorkstationConfigsResponse(data: any): ListWorkstationConfigsResponse { return { ...data, workstationConfigs: data["workstationConfigs"] !== undefined ? data["workstationConfigs"].map((item: any) => (serializeWorkstationConfig(item))) : undefined, }; } function deserializeListWorkstationConfigsResponse(data: any): ListWorkstationConfigsResponse { return { ...data, workstationConfigs: data["workstationConfigs"] !== undefined ? data["workstationConfigs"].map((item: any) => (deserializeWorkstationConfig(item))) : undefined, }; } /** * Response message for ListWorkstations. */ export interface ListWorkstationsResponse { /** * Optional. Token to retrieve the next page of results, or empty if there * are no more results in the list. */ nextPageToken?: string; /** * Optional. Unreachable resources. */ unreachable?: string[]; /** * The requested workstations. */ workstations?: Workstation[]; } /** * A resource that represents a Google Cloud location. */ export interface Location { /** * The friendly name for this location, typically a nearby city name. For * example, "Tokyo". */ displayName?: string; /** * Cross-service attributes for the location. For example * {"cloud.googleapis.com/region": "us-east1"} */ labels?: { [key: string]: string }; /** * The canonical id for this location. For example: `"us-east1"`. */ locationId?: string; /** * Service-specific metadata. For example the available capacity at the given * location. */ metadata?: { [key: string]: any }; /** * Resource name for the location, which may vary between implementations. * For example: `"projects/example-project/locations/us-east1"` */ name?: string; } /** * This resource represents a long-running operation that is the result of a * network API call. */ export interface Operation { /** * If the value is `false`, it means the operation is still in progress. If * `true`, the operation is completed, and either `error` or `response` is * available. */ done?: boolean; /** * The error result of the operation in case of failure or cancellation. */ error?: Status; /** * Service-specific metadata associated with the operation. It typically * contains progress information and common metadata such as create time. Some * services might not provide such metadata. Any method that returns a * long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any }; /** * The server-assigned name, which is only unique within the same service * that originally returns it. If you use the default HTTP mapping, the `name` * should be a resource name ending with `operations/{unique_id}`. */ name?: string; /** * The normal, successful response of the operation. If the original method * returns no data on success, such as `Delete`, the response is * `google.protobuf.Empty`. If the original method is standard * `Get`/`Create`/`Update`, the response should be the resource. For other * methods, the response should have the type `XxxResponse`, where `Xxx` is * the original method name. For example, if the original method name is * `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any }; } /** * Metadata for long-running operations. */ export interface OperationMetadata { /** * Output only. API version used to start the operation. */ readonly apiVersion?: string; /** * Output only. Time that the operation was created. */ readonly createTime?: Date; /** * Output only. Time that the operation finished running. */ readonly endTime?: Date; /** * Output only. Identifies whether the user has requested cancellation of the * operation. */ readonly requestedCancellation?: boolean; /** * Output only. Human-readable status of the operation, if any. */ readonly statusMessage?: string; /** * Output only. Server-defined resource path for the target of the operation. */ readonly target?: string; /** * Output only. Name of the verb executed by the operation. */ readonly verb?: string; } /** * A directory to persist across workstation sessions. */ export interface PersistentDirectory { /** * A PersistentDirectory backed by a Compute Engine persistent disk. */ gcePd?: GceRegionalPersistentDisk; /** * Optional. Location of this directory in the running workstation. */ mountPath?: string; } /** * An Identity and Access Management (IAM) policy, which specifies access * controls for Google Cloud resources. A `Policy` is a collection of * `bindings`. A `binding` binds one or more `members`, or principals, to a * single `role`. Principals can be user accounts, service accounts, Google * groups, and domains (such as G Suite). A `role` is a named list of * permissions; each `role` can be an IAM predefined role or a user-created * custom role. For some types of Google Cloud resources, a `binding` can also * specify a `condition`, which is a logical expression that allows access to a * resource only if the expression evaluates to `true`. A condition can add * constraints based on attributes of the request, the resource, or both. To * learn which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). * **JSON example:** ``` { "bindings": [ { "role": * "roles/resourcemanager.organizationAdmin", "members": [ * "user:mike@example.com", "group:admins@example.com", "domain:google.com", * "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": * "roles/resourcemanager.organizationViewer", "members": [ * "user:eve@example.com" ], "condition": { "title": "expirable access", * "description": "Does not grant access after Sep 2020", "expression": * "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": * "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: * - user:mike@example.com - group:admins@example.com - domain:google.com - * serviceAccount:my-project-id@appspot.gserviceaccount.com role: * roles/resourcemanager.organizationAdmin - members: - user:eve@example.com * role: roles/resourcemanager.organizationViewer condition: title: expirable * access description: Does not grant access after Sep 2020 expression: * request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= * version: 3 ``` For a description of IAM and its features, see the [IAM * documentation](https://cloud.google.com/iam/docs/). */ export interface Policy { /** * Specifies cloud audit logging configuration for this policy. */ auditConfigs?: AuditConfig[]; /** * Associates a list of `members`, or principals, with a `role`. Optionally, * may specify a `condition` that determines how and when the `bindings` are * applied. Each of the `bindings` must contain at least one principal. The * `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of * these principals can be Google groups. Each occurrence of a principal * counts towards these limits. For example, if the `bindings` grant 50 * different roles to `user:alice@example.com`, and not to any other * principal, then you can add another 1,450 principals to the `bindings` in * the `Policy`. */ bindings?: Binding[]; /** * `etag` is used for optimistic concurrency control as a way to help prevent * simultaneous updates of a policy from overwriting each other. It is * strongly suggested that systems make use of the `etag` in the * read-modify-write cycle to perform policy updates in order to avoid race * conditions: An `etag` is returned in the response to `getIamPolicy`, and * systems are expected to put that etag in the request to `setIamPolicy` to * ensure that their change will be applied to the same version of the policy. * **Important:** If you use IAM Conditions, you must include the `etag` field * whenever you call `setIamPolicy`. If you omit this field, then IAM allows * you to overwrite a version `3` policy with a version `1` policy, and all of * the conditions in the version `3` policy are lost. */ etag?: Uint8Array; /** * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. * Requests that specify an invalid value are rejected. Any operation that * affects conditional role bindings must specify version `3`. This * requirement applies to the following operations: * Getting a policy that * includes a conditional role binding * Adding a conditional role binding to * a policy * Changing a conditional role binding in a policy * Removing any * role binding, with or without a condition, from a policy that includes * conditions **Important:** If you use IAM Conditions, you must include the * `etag` field whenever you call `setIamPolicy`. If you omit this field, then * IAM allows you to overwrite a version `3` policy with a version `1` policy, * and all of the conditions in the version `3` policy are lost. If a policy * does not include any conditions, operations on that policy may specify any * valid version or leave the field unset. To learn which resources support * conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ version?: number; } function serializePolicy(data: any): Policy { return { ...data, etag: data["etag"] !== undefined ? encodeBase64(data["etag"]) : undefined, }; } function deserializePolicy(data: any): Policy { return { ...data, etag: data["etag"] !== undefined ? decodeBase64(data["etag"] as string) : undefined, }; } /** * A PortRange defines a range of ports. Both first and last are inclusive. To * specify a single port, both first and last should be the same. */ export interface PortRange { /** * Required. Starting port number for the current range of ports. Valid ports * are 22, 80, and ports within the range 1024-65535. */ first?: number; /** * Required. Ending port number for the current range of ports. Valid ports * are 22, 80, and ports within the range 1024-65535. */ last?: number; } /** * Configuration options for private workstation clusters. */ export interface PrivateClusterConfig { /** * Optional. Additional projects that are allowed to attach to the * workstation cluster's service attachment. By default, the workstation * cluster's project and the VPC host project (if different) are allowed. */ allowedProjects?: string[]; /** * Output only. Hostname for the workstation cluster. This field will be * populated only when private endpoint is enabled. To access workstations in * the workstation cluster, create a new DNS zone mapping this domain name to * an internal IP address and a forwarding rule mapping that address to the * service attachment. */ readonly clusterHostname?: string; /** * Immutable. Whether Workstations endpoint is private. */ enablePrivateEndpoint?: boolean; /** * Output only. Service attachment URI for the workstation cluster. The * service attachemnt is created when private endpoint is enabled. To access * workstations in the workstation cluster, configure access to the managed * service using [Private Service * Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). */ readonly serviceAttachmentUri?: string; } /** * Additional options for Workstations#projectsLocationsList. */ export interface ProjectsLocationsListOptions { /** * A filter to narrow down results to a preferred subset. The filtering * language accepts strings like `"displayName=tokyo"`, and is documented in * more detail in [AIP-160](https://google.aip.dev/160). */ filter?: string; /** * The maximum number of results to return. If not set, the service selects a * default. */ pageSize?: number; /** * A page token received from the `next_page_token` field in the response. * Send that page token to receive the subsequent page. */ pageToken?: string; } /** * Additional options for Workstations#projectsLocationsOperationsList. */ export interface ProjectsLocationsOperationsListOptions { /** * The standard list filter. */ filter?: string; /** * The standard list page size. */ pageSize?: number; /** * The standard list page token. */ pageToken?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersCreate. */ export interface ProjectsLocationsWorkstationClustersCreateOptions { /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; /** * Required. ID to use for the workstation cluster. */ workstationClusterId?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersDelete. */ export interface ProjectsLocationsWorkstationClustersDeleteOptions { /** * Optional. If set, the request will be rejected if the latest version of * the workstation cluster on the server does not have this ETag. */ etag?: string; /** * Optional. If set, any workstation configurations and workstations in the * workstation cluster are also deleted. Otherwise, the request only works if * the workstation cluster has no configurations or workstations. */ force?: boolean; /** * Optional. If set, validate the request and preview the review, but do not * apply it. */ validateOnly?: boolean; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersList. */ export interface ProjectsLocationsWorkstationClustersListOptions { /** * Optional. Maximum number of items to return. */ pageSize?: number; /** * Optional. next_page_token value returned from a previous List request, if * any. */ pageToken?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersPatch. */ export interface ProjectsLocationsWorkstationClustersPatchOptions { /** * Optional. If set, and the workstation cluster is not found, a new * workstation cluster will be created. In this situation, update_mask is * ignored. */ allowMissing?: boolean; /** * Required. Mask that specifies which fields in the workstation cluster * should be updated. */ updateMask?: string /* FieldMask */; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } function serializeProjectsLocationsWorkstationClustersPatchOptions(data: any): ProjectsLocationsWorkstationClustersPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsWorkstationClustersPatchOptions(data: any): ProjectsLocationsWorkstationClustersPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsCreate. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsCreateOptions { /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; /** * Required. ID to use for the workstation configuration. */ workstationConfigId?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsDelete. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsDeleteOptions { /** * Optional. If set, the request is rejected if the latest version of the * workstation configuration on the server does not have this ETag. */ etag?: string; /** * Optional. If set, any workstations in the workstation configuration are * also deleted. Otherwise, the request works only if the workstation * configuration has no workstations. */ force?: boolean; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsGetIamPolicy. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsList. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsListOptions { /** * Optional. Maximum number of items to return. */ pageSize?: number; /** * Optional. next_page_token value returned from a previous List request, if * any. */ pageToken?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsListUsable. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsListUsableOptions { /** * Optional. Maximum number of items to return. */ pageSize?: number; /** * Optional. next_page_token value returned from a previous List request, if * any. */ pageToken?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsPatch. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions { /** * Optional. If set and the workstation configuration is not found, a new * workstation configuration will be created. In this situation, update_mask * is ignored. */ allowMissing?: boolean; /** * Required. Mask specifying which fields in the workstation configuration * should be updated. */ updateMask?: string /* FieldMask */; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } function serializeProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions(data: any): ProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions(data: any): ProjectsLocationsWorkstationClustersWorkstationConfigsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsCreate. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsCreateOptions { /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; /** * Required. ID to use for the workstation. */ workstationId?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsDelete. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsDeleteOptions { /** * Optional. If set, the request will be rejected if the latest version of * the workstation on the server does not have this ETag. */ etag?: string; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsGetIamPolicy. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsGetIamPolicyOptions { /** * Optional. The maximum policy version that will be used to format the * policy. Valid values are 0, 1, and 3. Requests specifying an invalid value * will be rejected. Requests for policies with any conditional role bindings * must specify version 3. Policies with no conditional role bindings may * specify any valid value or leave the field unset. The policy in the * response might use the policy version that you specified, or it might use a * lower policy version. For example, if you specify version 3, but the policy * has no conditional role bindings, the response uses version 1. To learn * which resources support conditions in their IAM policies, see the [IAM * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ ["options.requestedPolicyVersion"]?: number; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsList. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsListOptions { /** * Optional. Maximum number of items to return. */ pageSize?: number; /** * Optional. next_page_token value returned from a previous List request, if * any. */ pageToken?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsListUsable. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsListUsableOptions { /** * Optional. Maximum number of items to return. */ pageSize?: number; /** * Optional. next_page_token value returned from a previous List request, if * any. */ pageToken?: string; } /** * Additional options for * Workstations#projectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatch. */ export interface ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions { /** * Optional. If set and the workstation configuration is not found, a new * workstation configuration is created. In this situation, update_mask is * ignored. */ allowMissing?: boolean; /** * Required. Mask specifying which fields in the workstation configuration * should be updated. */ updateMask?: string /* FieldMask */; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } function serializeProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions(data: any): ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions(data: any): ProjectsLocationsWorkstationClustersWorkstationConfigsWorkstationsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * A readiness check to be performed on a workstation. */ export interface ReadinessCheck { /** * Optional. Path to which the request should be sent. */ path?: string; /** * Optional. Port to which the request should be sent. */ port?: number; } /** * Request message for `SetIamPolicy` method. */ export interface SetIamPolicyRequest { /** * REQUIRED: The complete policy to be applied to the `resource`. The size of * the policy is limited to a few 10s of KB. An empty policy is a valid policy * but certain Google Cloud services (such as Projects) might reject them. */ policy?: Policy; /** * OPTIONAL: A FieldMask specifying which fields of the policy to modify. * Only the fields in the mask will be modified. If no mask is provided, the * following default mask is used: `paths: "bindings, etag"` */ updateMask?: string /* FieldMask */; } function serializeSetIamPolicyRequest(data: any): SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? serializePolicy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeSetIamPolicyRequest(data: any): SetIamPolicyRequest { return { ...data, policy: data["policy"] !== undefined ? deserializePolicy(data["policy"]) : undefined, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Request message for StartWorkstation. */ export interface StartWorkstationRequest { /** * Optional. If set, the request will be rejected if the latest version of * the workstation on the server does not have this ETag. */ etag?: string; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } /** * The `Status` type defines a logical error model that is suitable for * different programming environments, including REST APIs and RPC APIs. It is * used by [gRPC](https://github.com/grpc). Each `Status` message contains three * pieces of data: error code, error message, and error details. You can find * out more about this error model and how to work with it in the [API Design * Guide](https://cloud.google.com/apis/design/errors). */ export interface Status { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number; /** * A list of messages that carry the error details. There is a common set of * message types for APIs to use. */ details?: { [key: string]: any }[]; /** * A developer-facing error message, which should be in English. Any * user-facing error message should be localized and sent in the * google.rpc.Status.details field, or localized by the client. */ message?: string; } /** * Request message for StopWorkstation. */ export interface StopWorkstationRequest { /** * Optional. If set, the request will be rejected if the latest version of * the workstation on the server does not have this ETag. */ etag?: string; /** * Optional. If set, validate the request and preview the review, but do not * actually apply it. */ validateOnly?: boolean; } /** * Request message for `TestIamPermissions` method. */ export interface TestIamPermissionsRequest { /** * The set of permissions to check for the `resource`. Permissions with * wildcards (such as `*` or `storage.*`) are not allowed. For more * information see [IAM * Overview](https://cloud.google.com/iam/docs/overview#permissions). */ permissions?: string[]; } /** * Response message for `TestIamPermissions` method. */ export interface TestIamPermissionsResponse { /** * A subset of `TestPermissionsRequest.permissions` that the caller is * allowed. */ permissions?: string[]; } /** * A single instance of a developer workstation with its own persistent * storage. */ export interface Workstation { /** * Optional. Client-specified annotations. */ annotations?: { [key: string]: string }; /** * Output only. Time when this workstation was created. */ readonly createTime?: Date; /** * Output only. Time when this workstation was soft-deleted. */ readonly deleteTime?: Date; /** * Optional. Human-readable name for this workstation. */ displayName?: string; /** * Optional. Environment variables passed to the workstation container's * entrypoint. */ env?: { [key: string]: string }; /** * Optional. Checksum computed by the server. May be sent on update and * delete requests to make sure that the client has an up-to-date value before * proceeding. */ etag?: string; /** * Output only. Host to which clients can send HTTPS traffic that will be * received by the workstation. Authorized traffic will be received to the * workstation as HTTP on port 80. To send traffic to a different port, * clients may prefix the host with the destination port in the format * `{port}-{host}`. */ readonly host?: string; /** * Output only. The name of the Google Cloud KMS encryption key used to * encrypt this workstation. The KMS key can only be configured in the * WorkstationConfig. The expected format is * `projects/*\/locations/*\/keyRings/*\/cryptoKeys/*`. */ readonly kmsKey?: string; /** * Optional. * [Labels](https://cloud.google.com/workstations/docs/label-resources) that * are applied to the workstation and that are also propagated to the * underlying Compute Engine resources. */ labels?: { [key: string]: string }; /** * Identifier. Full name of this workstation. */ name?: string; /** * Output only. Indicates whether this workstation is currently being updated * to match its intended state. */ readonly reconciling?: boolean; /** * Output only. Time when this workstation was most recently successfully * started, regardless of the workstation's initial state. */ readonly startTime?: Date; /** * Output only. Current state of the workstation. */ readonly state?: | "STATE_UNSPECIFIED" | "STATE_STARTING" | "STATE_RUNNING" | "STATE_STOPPING" | "STATE_STOPPED"; /** * Output only. A system-assigned unique identifier for this workstation. */ readonly uid?: string; /** * Output only. Time when this workstation was most recently updated. */ readonly updateTime?: Date; } /** * A workstation cluster resource in the Cloud Workstations API. Defines a * group of workstations in a particular region and the VPC network they're * attached to. */ export interface WorkstationCluster { /** * Optional. Client-specified annotations. */ annotations?: { [key: string]: string }; /** * Output only. Status conditions describing the workstation cluster's * current state. */ readonly conditions?: Status[]; /** * Output only. The private IP address of the control plane for this * workstation cluster. Workstation VMs need access to this IP address to work * with the service, so make sure that your firewall rules allow egress from * the workstation VMs to this address. */ readonly controlPlaneIp?: string; /** * Output only. Time when this workstation cluster was created. */ readonly createTime?: Date; /** * Output only. Whether this workstation cluster is in degraded mode, in * which case it may require user action to restore full functionality. * Details can be found in conditions. */ readonly degraded?: boolean; /** * Output only. Time when this workstation cluster was soft-deleted. */ readonly deleteTime?: Date; /** * Optional. Human-readable name for this workstation cluster. */ displayName?: string; /** * Optional. Configuration options for a custom domain. */ domainConfig?: DomainConfig; /** * Optional. Checksum computed by the server. May be sent on update and * delete requests to make sure that the client has an up-to-date value before * proceeding. */ etag?: string; /** * Optional. * [Labels](https://cloud.google.com/workstations/docs/label-resources) that * are applied to the workstation cluster and that are also propagated to the * underlying Compute Engine resources. */ labels?: { [key: string]: string }; /** * Identifier. Full name of this workstation cluster. */ name?: string; /** * Immutable. Name of the Compute Engine network in which instances * associated with this workstation cluster will be created. */ network?: string; /** * Optional. Configuration for private workstation cluster. */ privateClusterConfig?: PrivateClusterConfig; /** * Output only. Indicates whether this workstation cluster is currently being * updated to match its intended state. */ readonly reconciling?: boolean; /** * Immutable. Name of the Compute Engine subnetwork in which instances * associated with this workstation cluster will be created. Must be part of * the subnetwork specified for this workstation cluster. */ subnetwork?: string; /** * Optional. Tag keys/values directly bound to this resource. For example: * "123/environment": "production", "123/costCenter": "marketing" */ tags?: { [key: string]: string }; /** * Output only. A system-assigned unique identifier for this workstation * cluster. */ readonly uid?: string; /** * Output only. Time when this workstation cluster was most recently updated. */ readonly updateTime?: Date; } /** * A workstation configuration resource in the Cloud Workstations API. * Workstation configurations act as templates for workstations. The workstation * configuration defines details such as the workstation virtual machine (VM) * instance type, persistent storage, container image defining environment, * which IDE or Code Editor to use, and more. Administrators and platform teams * can also use [Identity and Access Management * (IAM)](https://cloud.google.com/iam/docs/overview) rules to grant access to * teams or to individual developers. */ export interface WorkstationConfig { /** * Optional. A list of PortRanges specifying single ports or ranges of ports * that are externally accessible in the workstation. Allowed ports must be * one of 22, 80, or within range 1024-65535. If not specified defaults to * ports 22, 80, and ports 1024-65535. */ allowedPorts?: PortRange[]; /** * Optional. Client-specified annotations. */ annotations?: { [key: string]: string }; /** * Output only. Status conditions describing the current resource state. */ readonly conditions?: Status[]; /** * Optional. Container that runs upon startup for each workstation using this * workstation configuration. */ container?: Container; /** * Output only. Time when this workstation configuration was created. */ readonly createTime?: Date; /** * Output only. Whether this resource is degraded, in which case it may * require user action to restore full functionality. See also the conditions * field. */ readonly degraded?: boolean; /** * Output only. Time when this workstation configuration was soft-deleted. */ readonly deleteTime?: Date; /** * Optional. Disables support for plain TCP connections in the workstation. * By default the service supports TCP connections through a websocket relay. * Setting this option to true disables that relay, which prevents the usage * of services that require plain TCP connections, such as SSH. When enabled, * all communication must occur over HTTPS or WSS. */ disableTcpConnections?: boolean; /** * Optional. Human-readable name for this workstation configuration. */ displayName?: string; /** * Optional. Whether to enable Linux `auditd` logging on the workstation. * When enabled, a service_account must also be specified that has * `roles/logging.logWriter` and `roles/monitoring.metricWriter` on the * project. Operating system audit logging is distinct from [Cloud Audit * Logs](https://cloud.google.com/workstations/docs/audit-logging) and * [Container output * logging](https://cloud.google.com/workstations/docs/container-output-logging#overview). * Operating system audit logs are available in the [Cloud * Logging](https://cloud.google.com/logging/docs) console by querying: * resource.type="gce_instance" log_name:"/logs/linux-auditd" */ enableAuditAgent?: boolean; /** * Immutable. Encrypts resources of this workstation configuration using a * customer-managed encryption key (CMEK). If specified, the boot disk of the * Compute Engine instance and the persistent disk are encrypted using this * encryption key. If this field is not set, the disks are encrypted using a * generated key. Customer-managed encryption keys do not protect disk * metadata. If the customer-managed encryption key is rotated, when the * workstation instance is stopped, the system attempts to recreate the * persistent disk with the new version of the key. Be sure to keep older * versions of the key until the persistent disk is recreated. Otherwise, data * on the persistent disk might be lost. If the encryption key is revoked, the * workstation session automatically stops within 7 hours. Immutable after the * workstation configuration is created. */ encryptionKey?: CustomerEncryptionKey; /** * Optional. Ephemeral directories which won't persist across workstation * sessions. */ ephemeralDirectories?: EphemeralDirectory[]; /** * Optional. Checksum computed by the server. May be sent on update and * delete requests to make sure that the client has an up-to-date value before * proceeding. */ etag?: string; /** * Optional. Grant creator of a workstation `roles/workstations.policyAdmin` * role along with `roles/workstations.user` role on the workstation created * by them. This allows workstation users to share access to either their * entire workstation, or individual ports. Defaults to false. */ grantWorkstationAdminRoleOnCreate?: boolean; /** * Optional. Runtime host for the workstation. */ host?: Host; /** * Optional. Number of seconds to wait before automatically stopping a * workstation after it last received user traffic. A value of `"0s"` * indicates that Cloud Workstations VMs created with this configuration * should never time out due to idleness. Provide * [duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration) * terminated by `s` for seconds—for example, `"7200s"` (2 hours). The default * is `"1200s"` (20 minutes). */ idleTimeout?: number /* Duration */; /** * Optional. * [Labels](https://cloud.google.com/workstations/docs/label-resources) that * are applied to the workstation configuration and that are also propagated * to the underlying Compute Engine resources. */ labels?: { [key: string]: string }; /** * Optional. Maximum number of workstations under this configuration a user * can have `workstations.workstation.use` permission on. Only enforced on * CreateWorkstation API calls on the user issuing the API request. Can be * overridden by: - granting a user * workstations.workstationConfigs.exemptMaxUsableWorkstationLimit permission, * or - having a user with that permission create a workstation and granting * another user `workstations.workstation.use` permission on that workstation. * If not specified, defaults to `0`, which indicates unlimited. */ maxUsableWorkstations?: number; /** * Identifier. Full name of this workstation configuration. */ name?: string; /** * Optional. Directories to persist across workstation sessions. */ persistentDirectories?: PersistentDirectory[]; /** * Optional. Readiness checks to perform when starting a workstation using * this workstation configuration. Mark a workstation as running only after * all specified readiness checks return 200 status codes. */ readinessChecks?: ReadinessCheck[]; /** * Output only. Indicates whether this workstation configuration is currently * being updated to match its intended state. */ readonly reconciling?: boolean; /** * Optional. Immutable. Specifies the zones used to replicate the VM and disk * resources within the region. If set, exactly two zones within the * workstation cluster's region must be specified—for example, * `['us-central1-a', 'us-central1-f']`. If this field is empty, two default * zones within the region are used. Immutable after the workstation * configuration is created. */ replicaZones?: string[]; /** * Optional. Number of seconds that a workstation can run until it is * automatically shut down. We recommend that workstations be shut down daily * to reduce costs and so that security updates can be applied upon restart. * The idle_timeout and running_timeout fields are independent of each other. * Note that the running_timeout field shuts down VMs after the specified * time, regardless of whether or not the VMs are idle. Provide duration * terminated by `s` for seconds—for example, `"54000s"` (15 hours). Defaults * to `"43200s"` (12 hours). A value of `"0s"` indicates that workstations * using this configuration should never time out. If encryption_key is set, * it must be greater than `"0s"` and less than `"86400s"` (24 hours). * Warning: A value of `"0s"` indicates that Cloud Workstations VMs created * with this configuration have no maximum running time. This is strongly * discouraged because you incur costs and will not pick up security updates. */ runningTimeout?: number /* Duration */; /** * Output only. A system-assigned unique identifier for this workstation * configuration. */ readonly uid?: string; /** * Output only. Time when this workstation configuration was most recently * updated. */ readonly updateTime?: Date; } function serializeWorkstationConfig(data: any): WorkstationConfig { return { ...data, idleTimeout: data["idleTimeout"] !== undefined ? data["idleTimeout"] : undefined, runningTimeout: data["runningTimeout"] !== undefined ? data["runningTimeout"] : undefined, }; } function deserializeWorkstationConfig(data: any): WorkstationConfig { return { ...data, createTime: data["createTime"] !== undefined ? new Date(data["createTime"]) : undefined, deleteTime: data["deleteTime"] !== undefined ? new Date(data["deleteTime"]) : undefined, idleTimeout: data["idleTimeout"] !== undefined ? data["idleTimeout"] : undefined, runningTimeout: data["runningTimeout"] !== undefined ? data["runningTimeout"] : undefined, updateTime: data["updateTime"] !== undefined ? new Date(data["updateTime"]) : undefined, }; } function decodeBase64(b64: string): Uint8Array { const binString = atob(b64); const size = binString.length; const bytes = new Uint8Array(size); for (let i = 0; i < size; i++) { bytes[i] = binString.charCodeAt(i); } return bytes; } const base64abc = ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","0","1","2","3","4","5","6","7","8","9","+","/"]; /** * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727 * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation * @param data */ function encodeBase64(uint8: Uint8Array): string { let result = "", i; const l = uint8.length; for (i = 2; i < l; i += 3) { result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)]; result += base64abc[uint8[i] & 0x3f]; } if (i === l + 1) { // 1 octet yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[(uint8[i - 2] & 0x03) << 4]; result += "=="; } if (i === l) { // 2 octets yet to write result += base64abc[uint8[i - 2] >> 2]; result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)]; result += base64abc[(uint8[i - 1] & 0x0f) << 2]; result += "="; } return result; }