membership.proto 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679
  1. // Copyright 2021 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.gkehub.v1beta1;
  16. import "google/api/annotations.proto";
  17. import "google/api/client.proto";
  18. import "google/api/field_behavior.proto";
  19. import "google/api/resource.proto";
  20. import "google/longrunning/operations.proto";
  21. import "google/protobuf/field_mask.proto";
  22. import "google/protobuf/timestamp.proto";
  23. import "google/rpc/status.proto";
  24. option csharp_namespace = "Google.Cloud.GkeHub.V1Beta1";
  25. option go_package = "google.golang.org/genproto/googleapis/cloud/gkehub/v1beta1;gkehub";
  26. option java_multiple_files = true;
  27. option java_package = "com.google.cloud.gkehub.v1beta1";
  28. option php_namespace = "Google\\Cloud\\GkeHub\\V1beta1";
  29. option ruby_package = "Google::Cloud::GkeHub::V1beta1";
  30. // GKE Hub CRUD API for the Membership resource.
  31. // The Membership service is currently only available in the global location.
  32. service GkeHubMembershipService {
  33. option (google.api.default_host) = "gkehub.googleapis.com";
  34. option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
  35. // Lists Memberships in a given project and location.
  36. rpc ListMemberships(ListMembershipsRequest) returns (ListMembershipsResponse) {
  37. option (google.api.http) = {
  38. get: "/v1beta1/{parent=projects/*/locations/*}/memberships"
  39. };
  40. option (google.api.method_signature) = "parent";
  41. }
  42. // Gets the details of a Membership.
  43. rpc GetMembership(GetMembershipRequest) returns (Membership) {
  44. option (google.api.http) = {
  45. get: "/v1beta1/{name=projects/*/locations/*/memberships/*}"
  46. };
  47. option (google.api.method_signature) = "name";
  48. }
  49. // Adds a new Membership.
  50. rpc CreateMembership(CreateMembershipRequest) returns (google.longrunning.Operation) {
  51. option (google.api.http) = {
  52. post: "/v1beta1/{parent=projects/*/locations/*}/memberships"
  53. body: "resource"
  54. };
  55. option (google.api.method_signature) = "parent,resource,membership_id";
  56. option (google.longrunning.operation_info) = {
  57. response_type: "Membership"
  58. metadata_type: "OperationMetadata"
  59. };
  60. }
  61. // Removes a Membership.
  62. rpc DeleteMembership(DeleteMembershipRequest) returns (google.longrunning.Operation) {
  63. option (google.api.http) = {
  64. delete: "/v1beta1/{name=projects/*/locations/*/memberships/*}"
  65. };
  66. option (google.api.method_signature) = "name";
  67. option (google.longrunning.operation_info) = {
  68. response_type: "google.protobuf.Empty"
  69. metadata_type: "OperationMetadata"
  70. };
  71. }
  72. // Updates an existing Membership.
  73. rpc UpdateMembership(UpdateMembershipRequest) returns (google.longrunning.Operation) {
  74. option (google.api.http) = {
  75. patch: "/v1beta1/{name=projects/*/locations/*/memberships/*}"
  76. body: "resource"
  77. };
  78. option (google.api.method_signature) = "name,resource,update_mask";
  79. option (google.longrunning.operation_info) = {
  80. response_type: "Membership"
  81. metadata_type: "OperationMetadata"
  82. };
  83. }
  84. // Generates the manifest for deployment of the GKE connect agent.
  85. rpc GenerateConnectManifest(GenerateConnectManifestRequest) returns (GenerateConnectManifestResponse) {
  86. option (google.api.http) = {
  87. get: "/v1beta1/{name=projects/*/locations/*/memberships/*}:generateConnectManifest"
  88. };
  89. }
  90. // ValidateExclusivity validates the state of exclusivity in the cluster.
  91. // The validation does not depend on an existing Hub membership resource.
  92. rpc ValidateExclusivity(ValidateExclusivityRequest) returns (ValidateExclusivityResponse) {
  93. option (google.api.http) = {
  94. get: "/v1beta1/{parent=projects/*/locations/*}/memberships:validateExclusivity"
  95. };
  96. }
  97. // GenerateExclusivityManifest generates the manifests to update the
  98. // exclusivity artifacts in the cluster if needed.
  99. //
  100. // Exclusivity artifacts include the Membership custom resource definition
  101. // (CRD) and the singleton Membership custom resource (CR). Combined with
  102. // ValidateExclusivity, exclusivity artifacts guarantee that a Kubernetes
  103. // cluster is only registered to a single GKE Hub.
  104. //
  105. // The Membership CRD is versioned, and may require conversion when the GKE
  106. // Hub API server begins serving a newer version of the CRD and
  107. // corresponding CR. The response will be the converted CRD and CR if there
  108. // are any differences between the versions.
  109. rpc GenerateExclusivityManifest(GenerateExclusivityManifestRequest) returns (GenerateExclusivityManifestResponse) {
  110. option (google.api.http) = {
  111. get: "/v1beta1/{name=projects/*/locations/*/memberships/*}:generateExclusivityManifest"
  112. };
  113. }
  114. }
  115. // Membership contains information about a member cluster.
  116. message Membership {
  117. option (google.api.resource) = {
  118. type: "gkehub.googleapis.com/Membership"
  119. pattern: "projects/{project}/locations/{location}/memberships/{membership}"
  120. };
  121. // Specifies the infrastructure type of a Membership. Infrastructure type is
  122. // used by Hub to control infrastructure-specific behavior, including pricing.
  123. //
  124. // Each GKE distribution (on-GCP, on-Prem, on-X,...) will set this field
  125. // automatically, but Attached Clusters customers should specify a type
  126. // during registration.
  127. enum InfrastructureType {
  128. // No type was specified. Some Hub functionality may require a type be
  129. // specified, and will not support Memberships with this value.
  130. INFRASTRUCTURE_TYPE_UNSPECIFIED = 0;
  131. // Private infrastructure that is owned or operated by customer. This
  132. // includes GKE distributions such as GKE-OnPrem and GKE-OnBareMetal.
  133. ON_PREM = 1;
  134. // Public cloud infrastructure.
  135. MULTI_CLOUD = 2;
  136. }
  137. // Output only. The full, unique name of this Membership resource in the format
  138. // `projects/*/locations/*/memberships/{membership_id}`, set during creation.
  139. //
  140. // `membership_id` must be a valid RFC 1123 compliant DNS label:
  141. //
  142. // 1. At most 63 characters in length
  143. // 2. It must consist of lower case alphanumeric characters or `-`
  144. // 3. It must start and end with an alphanumeric character
  145. //
  146. // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`,
  147. // with a maximum length of 63 characters.
  148. string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  149. // Optional. GCP labels for this membership.
  150. map<string, string> labels = 2 [(google.api.field_behavior) = OPTIONAL];
  151. // Required. Description of this membership, limited to 63 characters.
  152. // Must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.\ ]*`
  153. string description = 3 [(google.api.field_behavior) = REQUIRED];
  154. // Type of resource represented by this Membership
  155. oneof type {
  156. // Optional. Endpoint information to reach this member.
  157. MembershipEndpoint endpoint = 4 [(google.api.field_behavior) = OPTIONAL];
  158. }
  159. // Output only. State of the Membership resource.
  160. MembershipState state = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  161. // Optional. How to identify workloads from this Membership.
  162. // See the documentation on Workload Identity for more details:
  163. // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
  164. Authority authority = 9 [(google.api.field_behavior) = OPTIONAL];
  165. // Output only. When the Membership was created.
  166. google.protobuf.Timestamp create_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
  167. // Output only. When the Membership was last updated.
  168. google.protobuf.Timestamp update_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
  169. // Output only. When the Membership was deleted.
  170. google.protobuf.Timestamp delete_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
  171. // Optional. An externally-generated and managed ID for this Membership. This ID may
  172. // be modified after creation, but this is not recommended. For GKE clusters,
  173. // external_id is managed by the Hub API and updates will be ignored.
  174. //
  175. // The ID must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.]*`
  176. //
  177. // If this Membership represents a Kubernetes cluster, this value should be
  178. // set to the UID of the `kube-system` namespace object.
  179. string external_id = 10 [(google.api.field_behavior) = OPTIONAL];
  180. // Output only. For clusters using Connect, the timestamp of the most recent connection
  181. // established with Google Cloud. This time is updated every several minutes,
  182. // not continuously. For clusters that do not use GKE Connect, or that have
  183. // never connected successfully, this field will be unset.
  184. google.protobuf.Timestamp last_connection_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
  185. // Output only. Google-generated UUID for this resource. This is unique across all
  186. // Membership resources. If a Membership resource is deleted and another
  187. // resource with the same name is created, it gets a different unique_id.
  188. string unique_id = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
  189. // Optional. The infrastructure type this Membership is running on.
  190. InfrastructureType infrastructure_type = 13 [(google.api.field_behavior) = OPTIONAL];
  191. }
  192. // MembershipEndpoint contains information needed to contact a Kubernetes API,
  193. // endpoint and any additional Kubernetes metadata.
  194. message MembershipEndpoint {
  195. // Optional. GKE-specific information. Only present if this Membership is a GKE cluster.
  196. GkeCluster gke_cluster = 4 [(google.api.field_behavior) = OPTIONAL];
  197. // Output only. Useful Kubernetes-specific metadata.
  198. KubernetesMetadata kubernetes_metadata = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  199. // Optional. The in-cluster Kubernetes Resources that should be applied for a correctly
  200. // registered cluster, in the steady state. These resources:
  201. //
  202. // * Ensure that the cluster is exclusively registered to one and only one
  203. // Hub Membership.
  204. // * Propagate Workload Pool Information available in the Membership
  205. // Authority field.
  206. // * Ensure proper initial configuration of default Hub Features.
  207. KubernetesResource kubernetes_resource = 6 [(google.api.field_behavior) = OPTIONAL];
  208. }
  209. // KubernetesResource contains the YAML manifests and configuration for
  210. // Membership Kubernetes resources in the cluster. After CreateMembership or
  211. // UpdateMembership, these resources should be re-applied in the cluster.
  212. message KubernetesResource {
  213. // Input only. The YAML representation of the Membership CR. This field is ignored for GKE
  214. // clusters where Hub can read the CR directly.
  215. //
  216. // Callers should provide the CR that is currently present in the cluster
  217. // during CreateMembership or UpdateMembership, or leave this field empty if
  218. // none exists. The CR manifest is used to validate the cluster has not been
  219. // registered with another Membership.
  220. string membership_cr_manifest = 1 [(google.api.field_behavior) = INPUT_ONLY];
  221. // Output only. Additional Kubernetes resources that need to be applied to the cluster
  222. // after Membership creation, and after every update.
  223. //
  224. // This field is only populated in the Membership returned from a successful
  225. // long-running operation from CreateMembership or UpdateMembership. It is not
  226. // populated during normal GetMembership or ListMemberships requests. To get
  227. // the resource manifest after the initial registration, the caller should
  228. // make a UpdateMembership call with an empty field mask.
  229. repeated ResourceManifest membership_resources = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  230. // Output only. The Kubernetes resources for installing the GKE Connect agent
  231. //
  232. // This field is only populated in the Membership returned from a successful
  233. // long-running operation from CreateMembership or UpdateMembership. It is not
  234. // populated during normal GetMembership or ListMemberships requests. To get
  235. // the resource manifest after the initial registration, the caller should
  236. // make a UpdateMembership call with an empty field mask.
  237. repeated ResourceManifest connect_resources = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  238. // Optional. Options for Kubernetes resource generation.
  239. ResourceOptions resource_options = 4 [(google.api.field_behavior) = OPTIONAL];
  240. }
  241. // ResourceOptions represent options for Kubernetes resource generation.
  242. message ResourceOptions {
  243. // Optional. The Connect agent version to use for connect_resources. Defaults to the
  244. // latest GKE Connect version. The version must be a currently supported
  245. // version, obsolete versions will be rejected.
  246. string connect_version = 1 [(google.api.field_behavior) = OPTIONAL];
  247. // Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for
  248. // CustomResourceDefinition resources.
  249. // This option should be set for clusters with Kubernetes apiserver versions
  250. // <1.16.
  251. bool v1beta1_crd = 2 [(google.api.field_behavior) = OPTIONAL];
  252. }
  253. // ResourceManifest represents a single Kubernetes resource to be applied to
  254. // the cluster.
  255. message ResourceManifest {
  256. // YAML manifest of the resource.
  257. string manifest = 1;
  258. // Whether the resource provided in the manifest is `cluster_scoped`.
  259. // If unset, the manifest is assumed to be namespace scoped.
  260. //
  261. // This field is used for REST mapping when applying the resource in a
  262. // cluster.
  263. bool cluster_scoped = 2;
  264. }
  265. // GkeCluster contains information specific to GKE clusters.
  266. message GkeCluster {
  267. // Immutable. Self-link of the GCP resource for the GKE cluster. For example:
  268. //
  269. // > container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster
  270. //
  271. // Zonal clusters are also supported.
  272. string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE];
  273. }
  274. // KubernetesMetadata provides informational metadata for Memberships
  275. // representing Kubernetes clusters.
  276. message KubernetesMetadata {
  277. // Output only. Kubernetes API server version string as reported by '/version'.
  278. string kubernetes_api_server_version = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  279. // Output only. Node providerID as reported by the first node in the list of nodes on
  280. // the Kubernetes endpoint. On Kubernetes platforms that support zero-node
  281. // clusters (like GKE-on-GCP), the node_count will be zero and the
  282. // node_provider_id will be empty.
  283. string node_provider_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  284. // Output only. Node count as reported by Kubernetes nodes resources.
  285. int32 node_count = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  286. // Output only. vCPU count as reported by Kubernetes nodes resources.
  287. int32 vcpu_count = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
  288. // Output only. The total memory capacity as reported by the sum of all Kubernetes nodes
  289. // resources, defined in MB.
  290. int32 memory_mb = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  291. // Output only. The time at which these details were last updated. This update_time is
  292. // different from the Membership-level update_time since EndpointDetails are
  293. // updated internally for API consumers.
  294. google.protobuf.Timestamp update_time = 100 [(google.api.field_behavior) = OUTPUT_ONLY];
  295. }
  296. // Authority encodes how Google will recognize identities from this Membership.
  297. // See the workload identity documentation for more details:
  298. // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
  299. message Authority {
  300. // Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and
  301. // be a valid URL with length <2000 characters.
  302. //
  303. // If set, then Google will allow valid OIDC tokens from this issuer to
  304. // authenticate within the workload_identity_pool. OIDC discovery will be
  305. // performed on this URI to validate tokens from the issuer.
  306. //
  307. // Clearing `issuer` disables Workload Identity. `issuer` cannot be directly
  308. // modified; it must be cleared (and Workload Identity disabled) before using
  309. // a new issuer (and re-enabling Workload Identity).
  310. string issuer = 1 [(google.api.field_behavior) = OPTIONAL];
  311. // Output only. The name of the workload identity pool in which `issuer` will be
  312. // recognized.
  313. //
  314. // There is a single Workload Identity Pool per Hub that is shared
  315. // between all Memberships that belong to that Hub. For a Hub hosted in
  316. // {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`,
  317. // although this is subject to change in newer versions of this API.
  318. string workload_identity_pool = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  319. // Output only. An identity provider that reflects the `issuer` in the workload identity
  320. // pool.
  321. string identity_provider = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  322. // Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
  323. //
  324. // When this field is set, OIDC discovery will NOT be performed on `issuer`,
  325. // and instead OIDC tokens will be validated using this field.
  326. bytes oidc_jwks = 4 [(google.api.field_behavior) = OPTIONAL];
  327. }
  328. // State of the Membership resource.
  329. message MembershipState {
  330. // Code describes the state of a Membership resource.
  331. enum Code {
  332. // The code is not set.
  333. CODE_UNSPECIFIED = 0;
  334. // The cluster is being registered.
  335. CREATING = 1;
  336. // The cluster is registered.
  337. READY = 2;
  338. // The cluster is being unregistered.
  339. DELETING = 3;
  340. // The Membership is being updated.
  341. UPDATING = 4;
  342. // The Membership is being updated by the Hub Service.
  343. SERVICE_UPDATING = 5;
  344. }
  345. // Output only. The current state of the Membership resource.
  346. Code code = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  347. // This field is never set by the Hub Service.
  348. string description = 2 [deprecated = true];
  349. // This field is never set by the Hub Service.
  350. google.protobuf.Timestamp update_time = 3 [deprecated = true];
  351. }
  352. // Request message for `GkeHubMembershipService.ListMemberships` method.
  353. message ListMembershipsRequest {
  354. // Required. The parent (project and location) where the Memberships will be listed.
  355. // Specified in the format `projects/*/locations/*`.
  356. string parent = 1 [(google.api.field_behavior) = REQUIRED];
  357. // Optional. When requesting a 'page' of resources, `page_size` specifies number of
  358. // resources to return. If unspecified or set to 0, all resources will
  359. // be returned.
  360. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
  361. // Optional. Token returned by previous call to `ListMemberships` which
  362. // specifies the position in the list from where to continue listing the
  363. // resources.
  364. string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
  365. // Optional. Lists Memberships that match the filter expression, following the syntax
  366. // outlined in https://google.aip.dev/160.
  367. //
  368. // Examples:
  369. //
  370. // - Name is `bar` in project `foo-proj` and location `global`:
  371. //
  372. // name = "projects/foo-proj/locations/global/membership/bar"
  373. //
  374. // - Memberships that have a label called `foo`:
  375. //
  376. // labels.foo:*
  377. //
  378. // - Memberships that have a label called `foo` whose value is `bar`:
  379. //
  380. // labels.foo = bar
  381. //
  382. // - Memberships in the CREATING state:
  383. //
  384. // state = CREATING
  385. string filter = 4 [(google.api.field_behavior) = OPTIONAL];
  386. // Optional. One or more fields to compare and use to sort the output.
  387. // See https://google.aip.dev/132#ordering.
  388. string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
  389. }
  390. // Response message for the `GkeHubMembershipService.ListMemberships` method.
  391. message ListMembershipsResponse {
  392. // The list of matching Memberships.
  393. repeated Membership resources = 1;
  394. // A token to request the next page of resources from the
  395. // `ListMemberships` method. The value of an empty string means that
  396. // there are no more resources to return.
  397. string next_page_token = 2;
  398. // List of locations that could not be reached while fetching this list.
  399. repeated string unreachable = 3;
  400. }
  401. // Request message for `GkeHubMembershipService.GetMembership` method.
  402. message GetMembershipRequest {
  403. // Required. The Membership resource name in the format
  404. // `projects/*/locations/*/memberships/*`.
  405. string name = 1 [(google.api.field_behavior) = REQUIRED];
  406. }
  407. // Request message for the `GkeHubMembershipService.CreateMembership` method.
  408. message CreateMembershipRequest {
  409. // Required. The parent (project and location) where the Memberships will be created.
  410. // Specified in the format `projects/*/locations/*`.
  411. string parent = 1 [(google.api.field_behavior) = REQUIRED];
  412. // Required. Client chosen ID for the membership. `membership_id` must be a valid RFC
  413. // 1123 compliant DNS label:
  414. //
  415. // 1. At most 63 characters in length
  416. // 2. It must consist of lower case alphanumeric characters or `-`
  417. // 3. It must start and end with an alphanumeric character
  418. //
  419. // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`,
  420. // with a maximum length of 63 characters.
  421. string membership_id = 2 [(google.api.field_behavior) = REQUIRED];
  422. // Required. The membership to create.
  423. Membership resource = 3 [(google.api.field_behavior) = REQUIRED];
  424. }
  425. // Request message for `GkeHubMembershipService.DeleteMembership` method.
  426. message DeleteMembershipRequest {
  427. // Required. The Membership resource name in the format
  428. // `projects/*/locations/*/memberships/*`.
  429. string name = 1 [(google.api.field_behavior) = REQUIRED];
  430. }
  431. // Request message for `GkeHubMembershipService.UpdateMembership` method.
  432. message UpdateMembershipRequest {
  433. // Required. The membership resource name in the format:
  434. // `projects/[project_id]/locations/global/memberships/[membership_id]`
  435. string name = 1 [(google.api.field_behavior) = REQUIRED];
  436. // Required. Mask of fields to update. At least one field path must be specified in this
  437. // mask.
  438. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
  439. // Required. Only fields specified in update_mask are updated.
  440. // If you specify a field in the update_mask but don't specify its value here
  441. // that field will be deleted.
  442. // If you are updating a map field, set the value of a key to null or empty
  443. // string to delete the key from the map. It's not possible to update a key's
  444. // value to the empty string.
  445. Membership resource = 3 [(google.api.field_behavior) = REQUIRED];
  446. }
  447. // Request message for `GkeHubMembershipService.GenerateConnectManifest`
  448. // method.
  449. // .
  450. message GenerateConnectManifestRequest {
  451. // Required. The Membership resource name the Agent will associate with, in the format
  452. // `projects/*/locations/*/memberships/*`.
  453. string name = 1 [(google.api.field_behavior) = REQUIRED];
  454. // Optional. The connect agent to generate manifest for.
  455. ConnectAgent connect_agent = 2 [(google.api.field_behavior) = OPTIONAL];
  456. // Optional. The Connect agent version to use. Defaults to the most current version.
  457. string version = 3 [(google.api.field_behavior) = OPTIONAL];
  458. // Optional. If true, generate the resources for upgrade only. Some resources
  459. // generated only for installation (e.g. secrets) will be excluded.
  460. bool is_upgrade = 4 [(google.api.field_behavior) = OPTIONAL];
  461. // Optional. The registry to fetch the connect agent image from. Defaults to
  462. // gcr.io/gkeconnect.
  463. string registry = 5 [(google.api.field_behavior) = OPTIONAL];
  464. // Optional. The image pull secret content for the registry, if not public.
  465. bytes image_pull_secret_content = 6 [(google.api.field_behavior) = OPTIONAL];
  466. }
  467. // GenerateConnectManifestResponse contains manifest information for
  468. // installing/upgrading a Connect agent.
  469. message GenerateConnectManifestResponse {
  470. // The ordered list of Kubernetes resources that need to be applied to the
  471. // cluster for GKE Connect agent installation/upgrade.
  472. repeated ConnectAgentResource manifest = 1;
  473. }
  474. // ConnectAgentResource represents a Kubernetes resource manifest for Connect
  475. // Agent deployment.
  476. message ConnectAgentResource {
  477. // Kubernetes type of the resource.
  478. TypeMeta type = 1;
  479. // YAML manifest of the resource.
  480. string manifest = 2;
  481. }
  482. // TypeMeta is the type information needed for content unmarshalling of
  483. // Kubernetes resources in the manifest.
  484. message TypeMeta {
  485. // Kind of the resource (e.g. Deployment).
  486. string kind = 1;
  487. // APIVersion of the resource (e.g. v1).
  488. string api_version = 2;
  489. }
  490. // The information required from end users to use GKE Connect.
  491. message ConnectAgent {
  492. // Do not set.
  493. string name = 1 [deprecated = true];
  494. // Optional. URI of a proxy if connectivity from the agent to gkeconnect.googleapis.com
  495. // requires the use of a proxy. Format must be in the form
  496. // `http(s)://{proxy_address}`, depending on the HTTP/HTTPS protocol
  497. // supported by the proxy. This will direct the connect agent's outbound
  498. // traffic through a HTTP(S) proxy.
  499. bytes proxy = 2 [(google.api.field_behavior) = OPTIONAL];
  500. // Optional. Namespace for GKE Connect agent resources. Defaults to `gke-connect`.
  501. //
  502. // The Connect Agent is authorized automatically when run in the default
  503. // namespace. Otherwise, explicit authorization must be granted with an
  504. // additional IAM binding.
  505. string namespace = 3 [(google.api.field_behavior) = OPTIONAL];
  506. }
  507. // The request to validate the existing state of the membership CR in the
  508. // cluster.
  509. message ValidateExclusivityRequest {
  510. // Required. The parent (project and location) where the Memberships will be created.
  511. // Specified in the format `projects/*/locations/*`.
  512. string parent = 1 [(google.api.field_behavior) = REQUIRED];
  513. // Optional. The YAML of the membership CR in the cluster. Empty if the membership
  514. // CR does not exist.
  515. string cr_manifest = 2 [(google.api.field_behavior) = OPTIONAL];
  516. // Required. The intended membership name under the `parent`. This method only does
  517. // validation in anticipation of a CreateMembership call with the same name.
  518. string intended_membership = 3 [(google.api.field_behavior) = REQUIRED];
  519. }
  520. // The response of exclusivity artifacts validation result status.
  521. message ValidateExclusivityResponse {
  522. // The validation result.
  523. //
  524. // * `OK` means that exclusivity is validated, assuming the manifest produced
  525. // by GenerateExclusivityManifest is successfully applied.
  526. // * `ALREADY_EXISTS` means that the Membership CRD is already owned by
  527. // another Hub. See `status.message` for more information.
  528. google.rpc.Status status = 1;
  529. }
  530. // The request to generate the manifests for exclusivity artifacts.
  531. message GenerateExclusivityManifestRequest {
  532. // Required. The Membership resource name in the format
  533. // `projects/*/locations/*/memberships/*`.
  534. string name = 1 [(google.api.field_behavior) = REQUIRED];
  535. // Optional. The YAML manifest of the membership CRD retrieved by
  536. // `kubectl get customresourcedefinitions membership`.
  537. // Leave empty if the resource does not exist.
  538. string crd_manifest = 2 [(google.api.field_behavior) = OPTIONAL];
  539. // Optional. The YAML manifest of the membership CR retrieved by
  540. // `kubectl get memberships membership`.
  541. // Leave empty if the resource does not exist.
  542. string cr_manifest = 3 [(google.api.field_behavior) = OPTIONAL];
  543. }
  544. // The response of the exclusivity artifacts manifests for the client to apply.
  545. message GenerateExclusivityManifestResponse {
  546. // The YAML manifest of the membership CRD to apply if a newer version of the
  547. // CRD is available. Empty if no update needs to be applied.
  548. string crd_manifest = 1;
  549. // The YAML manifest of the membership CR to apply if a new version of the
  550. // CR is available. Empty if no update needs to be applied.
  551. string cr_manifest = 2;
  552. }
  553. // Represents the metadata of the long-running operation.
  554. message OperationMetadata {
  555. // Output only. The time the operation was created.
  556. google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  557. // Output only. The time the operation finished running.
  558. google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
  559. // Output only. Server-defined resource path for the target of the operation.
  560. string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  561. // Output only. Name of the verb executed by the operation.
  562. string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
  563. // Output only. Human-readable status of the operation, if any.
  564. string status_detail = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
  565. // Output only. Identifies whether the user has requested cancellation
  566. // of the operation. Operations that have successfully been cancelled
  567. // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
  568. // corresponding to `Code.CANCELLED`.
  569. bool cancel_requested = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
  570. // Output only. API version used to start the operation.
  571. string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
  572. }