google-apis-gkehub_v1alpha 0.9.0 → 0.13.0

data/lib/google/apis/gkehub_v1alpha/classes.rb

@@ -93,7 +93,61 @@ module Google
         end
       end
       
-      # Associates `members` with a `role`.
+      # Authority encodes how Google will recognize identities from this Membership.
+      # See the workload identity documentation for more details: https://cloud.google.
+      # com/kubernetes-engine/docs/how-to/workload-identity
+      class Authority
+        include Google::Apis::Core::Hashable
+      
+        # Output only. An identity provider that reflects the `issuer` in the workload
+        # identity pool.
+        # Corresponds to the JSON property `identityProvider`
+        # @return [String]
+        attr_accessor :identity_provider
+      
+        # Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://
+        # ` and be a valid URL with length <2000 characters. If set, then Google will
+        # allow valid OIDC tokens from this issuer to authenticate within the
+        # workload_identity_pool. OIDC discovery will be performed on this URI to
+        # validate tokens from the issuer. Clearing `issuer` disables Workload Identity.
+        # `issuer` cannot be directly modified; it must be cleared (and Workload
+        # Identity disabled) before using a new issuer (and re-enabling Workload
+        # Identity).
+        # Corresponds to the JSON property `issuer`
+        # @return [String]
+        attr_accessor :issuer
+      
+        # Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
+        # When this field is set, OIDC discovery will NOT be performed on `issuer`, and
+        # instead OIDC tokens will be validated using this field.
+        # Corresponds to the JSON property `oidcJwks`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :oidc_jwks
+      
+        # Output only. The name of the workload identity pool in which `issuer` will be
+        # recognized. There is a single Workload Identity Pool per Hub that is shared
+        # between all Memberships that belong to that Hub. For a Hub hosted in `
+        # PROJECT_ID`, the workload pool format is ``PROJECT_ID`.hub.id.goog`, although
+        # this is subject to change in newer versions of this API.
+        # Corresponds to the JSON property `workloadIdentityPool`
+        # @return [String]
+        attr_accessor :workload_identity_pool
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @identity_provider = args[:identity_provider] if args.key?(:identity_provider)
+          @issuer = args[:issuer] if args.key?(:issuer)
+          @oidc_jwks = args[:oidc_jwks] if args.key?(:oidc_jwks)
+          @workload_identity_pool = args[:workload_identity_pool] if args.key?(:workload_identity_pool)
+        end
+      end
+      
+      # Associates `members`, or principals, with a `role`.
       class Binding
         include Google::Apis::Core::Hashable
       
@@ -116,7 +170,7 @@ module Google
         # @return [Google::Apis::GkehubV1alpha::Expr]
         attr_accessor :condition
       
-        # Specifies the identities requesting access for a Cloud Platform resource. `
+        # Specifies the principals requesting access for a Cloud Platform resource. `
         # members` can have the following values: * `allUsers`: A special identifier
         # that represents anyone who is on the internet; with or without a Google
         # account. * `allAuthenticatedUsers`: A special identifier that represents
@@ -146,8 +200,8 @@ module Google
         # @return [Array<String>]
         attr_accessor :members
       
-        # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
-        # , or `roles/owner`.
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role
@@ -322,6 +376,16 @@ module Google
       class ConfigManagementConfigSync
         include Google::Apis::Core::Hashable
       
+        # Enables the installation of ConfigSync. If set to true, ConfigSync resources
+        # will be created and the other ConfigSync fields will be applied if exist. If
+        # set to false, all other ConfigSync fields will be ignored, ConfigSync
+        # resources will be deleted. If omitted, ConfigSync resources will be managed
+        # depends on the presence of git field.
+        # Corresponds to the JSON property `enabled`
+        # @return [Boolean]
+        attr_accessor :enabled
+        alias_method :enabled?, :enabled
+      
         # Git repo configuration for a single cluster.
         # Corresponds to the JSON property `git`
         # @return [Google::Apis::GkehubV1alpha::ConfigManagementGitConfig]
@@ -339,6 +403,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @enabled = args[:enabled] if args.key?(:enabled)
           @git = args[:git] if args.key?(:git)
           @source_format = args[:source_format] if args.key?(:source_format)
         end
@@ -348,6 +413,11 @@ module Google
       class ConfigManagementConfigSyncDeploymentState
         include Google::Apis::Core::Hashable
       
+        # Deployment state of admission-webhook
+        # Corresponds to the JSON property `admissionWebhook`
+        # @return [String]
+        attr_accessor :admission_webhook
+      
         # Deployment state of the git-sync pod
         # Corresponds to the JSON property `gitSync`
         # @return [String]
@@ -384,6 +454,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @admission_webhook = args[:admission_webhook] if args.key?(:admission_webhook)
           @git_sync = args[:git_sync] if args.key?(:git_sync)
           @importer = args[:importer] if args.key?(:importer)
           @monitor = args[:monitor] if args.key?(:monitor)
@@ -428,6 +499,11 @@ module Google
       class ConfigManagementConfigSyncVersion
         include Google::Apis::Core::Hashable
       
+        # Version of the deployed admission_webhook pod
+        # Corresponds to the JSON property `admissionWebhook`
+        # @return [String]
+        attr_accessor :admission_webhook
+      
         # Version of the deployed git-sync pod
         # Corresponds to the JSON property `gitSync`
         # @return [String]
@@ -464,6 +540,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @admission_webhook = args[:admission_webhook] if args.key?(:admission_webhook)
           @git_sync = args[:git_sync] if args.key?(:git_sync)
           @importer = args[:importer] if args.key?(:importer)
           @monitor = args[:monitor] if args.key?(:monitor)
@@ -1096,6 +1173,33 @@ module Google
         end
       end
       
+      # ConnectAgentResource represents a Kubernetes resource manifest for Connect
+      # Agent deployment.
+      class ConnectAgentResource
+        include Google::Apis::Core::Hashable
+      
+        # YAML manifest of the resource.
+        # Corresponds to the JSON property `manifest`
+        # @return [String]
+        attr_accessor :manifest
+      
+        # TypeMeta is the type information needed for content unmarshalling of
+        # Kubernetes resources in the manifest.
+        # Corresponds to the JSON property `type`
+        # @return [Google::Apis::GkehubV1alpha::TypeMeta]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @manifest = args[:manifest] if args.key?(:manifest)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
       # A generic empty message that you can re-use to avoid defining duplicated empty
       # messages in your APIs. A typical example is to use it as the request or the
       # response type of an API method. For instance: service Foo ` rpc Bar(google.
@@ -1312,6 +1416,56 @@ module Google
         end
       end
       
+      # GenerateConnectManifestResponse contains manifest information for installing/
+      # upgrading a Connect agent.
+      class GenerateConnectManifestResponse
+        include Google::Apis::Core::Hashable
+      
+        # The ordered list of Kubernetes resources that need to be applied to the
+        # cluster for GKE Connect agent installation/upgrade.
+        # Corresponds to the JSON property `manifest`
+        # @return [Array<Google::Apis::GkehubV1alpha::ConnectAgentResource>]
+        attr_accessor :manifest
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @manifest = args[:manifest] if args.key?(:manifest)
+        end
+      end
+      
+      # GkeCluster contains information specific to GKE clusters.
+      class GkeCluster
+        include Google::Apis::Core::Hashable
+      
+        # Output only. If cluster_missing is set then it denotes that the GKE cluster no
+        # longer exists in the GKE Control Plane.
+        # Corresponds to the JSON property `clusterMissing`
+        # @return [Boolean]
+        attr_accessor :cluster_missing
+        alias_method :cluster_missing?, :cluster_missing
+      
+        # Immutable. Self-link of the GCP resource for the GKE cluster. For example: //
+        # container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-
+        # cluster Zonal clusters are also supported.
+        # Corresponds to the JSON property `resourceLink`
+        # @return [String]
+        attr_accessor :resource_link
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @cluster_missing = args[:cluster_missing] if args.key?(:cluster_missing)
+          @resource_link = args[:resource_link] if args.key?(:resource_link)
+        end
+      end
+      
       # The `Status` type defines a logical error model that is suitable for different
       # programming environments, including REST APIs and RPC APIs. It is used by [
       # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
@@ -1351,6 +1505,267 @@ module Google
         end
       end
       
+      # Configuration of an auth method for a member/cluster. Only one authentication
+      # method (e.g., OIDC and LDAP) can be set per AuthMethod.
+      class IdentityServiceAuthMethod
+        include Google::Apis::Core::Hashable
+      
+        # Identifier for auth config.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Configuration for OIDC Auth flow.
+        # Corresponds to the JSON property `oidcConfig`
+        # @return [Google::Apis::GkehubV1alpha::IdentityServiceOidcConfig]
+        attr_accessor :oidc_config
+      
+        # Proxy server address to use for auth method.
+        # Corresponds to the JSON property `proxy`
+        # @return [String]
+        attr_accessor :proxy
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @oidc_config = args[:oidc_config] if args.key?(:oidc_config)
+          @proxy = args[:proxy] if args.key?(:proxy)
+        end
+      end
+      
+      # **Anthos Identity Service**: Configuration for a single Membership.
+      class IdentityServiceMembershipSpec
+        include Google::Apis::Core::Hashable
+      
+        # A member may support multiple auth methods.
+        # Corresponds to the JSON property `authMethods`
+        # @return [Array<Google::Apis::GkehubV1alpha::IdentityServiceAuthMethod>]
+        attr_accessor :auth_methods
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @auth_methods = args[:auth_methods] if args.key?(:auth_methods)
+        end
+      end
+      
+      # **Anthos Identity Service**: State for a single Membership.
+      class IdentityServiceMembershipState
+        include Google::Apis::Core::Hashable
+      
+        # The reason of the failure.
+        # Corresponds to the JSON property `failureReason`
+        # @return [String]
+        attr_accessor :failure_reason
+      
+        # Installed AIS version. This is the AIS version installed on this member. The
+        # values makes sense iff state is OK.
+        # Corresponds to the JSON property `installedVersion`
+        # @return [String]
+        attr_accessor :installed_version
+      
+        # **Anthos Identity Service**: Configuration for a single Membership.
+        # Corresponds to the JSON property `memberConfig`
+        # @return [Google::Apis::GkehubV1alpha::IdentityServiceMembershipSpec]
+        attr_accessor :member_config
+      
+        # Deployment state on this member
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @failure_reason = args[:failure_reason] if args.key?(:failure_reason)
+          @installed_version = args[:installed_version] if args.key?(:installed_version)
+          @member_config = args[:member_config] if args.key?(:member_config)
+          @state = args[:state] if args.key?(:state)
+        end
+      end
+      
+      # Configuration for OIDC Auth flow.
+      class IdentityServiceOidcConfig
+        include Google::Apis::Core::Hashable
+      
+        # PEM-encoded CA for OIDC provider.
+        # Corresponds to the JSON property `certificateAuthorityData`
+        # @return [String]
+        attr_accessor :certificate_authority_data
+      
+        # ID for OIDC client application.
+        # Corresponds to the JSON property `clientId`
+        # @return [String]
+        attr_accessor :client_id
+      
+        # Flag to denote if reverse proxy is used to connect to auth provider. This flag
+        # should be set to true when provider is not reachable by Google Cloud Console.
+        # Corresponds to the JSON property `deployCloudConsoleProxy`
+        # @return [Boolean]
+        attr_accessor :deploy_cloud_console_proxy
+        alias_method :deploy_cloud_console_proxy?, :deploy_cloud_console_proxy
+      
+        # Comma-separated list of key-value pairs.
+        # Corresponds to the JSON property `extraParams`
+        # @return [String]
+        attr_accessor :extra_params
+      
+        # Prefix to prepend to group name.
+        # Corresponds to the JSON property `groupPrefix`
+        # @return [String]
+        attr_accessor :group_prefix
+      
+        # Claim in OIDC ID token that holds group information.
+        # Corresponds to the JSON property `groupsClaim`
+        # @return [String]
+        attr_accessor :groups_claim
+      
+        # URI for the OIDC provider. This should point to the level below .well-known/
+        # openid-configuration.
+        # Corresponds to the JSON property `issuerUri`
+        # @return [String]
+        attr_accessor :issuer_uri
+      
+        # Registered redirect uri to redirect users going through OAuth flow using
+        # kubectl plugin.
+        # Corresponds to the JSON property `kubectlRedirectUri`
+        # @return [String]
+        attr_accessor :kubectl_redirect_uri
+      
+        # Comma-separated list of identifiers.
+        # Corresponds to the JSON property `scopes`
+        # @return [String]
+        attr_accessor :scopes
+      
+        # Claim in OIDC ID token that holds username.
+        # Corresponds to the JSON property `userClaim`
+        # @return [String]
+        attr_accessor :user_claim
+      
+        # Prefix to prepend to user name.
+        # Corresponds to the JSON property `userPrefix`
+        # @return [String]
+        attr_accessor :user_prefix
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @certificate_authority_data = args[:certificate_authority_data] if args.key?(:certificate_authority_data)
+          @client_id = args[:client_id] if args.key?(:client_id)
+          @deploy_cloud_console_proxy = args[:deploy_cloud_console_proxy] if args.key?(:deploy_cloud_console_proxy)
+          @extra_params = args[:extra_params] if args.key?(:extra_params)
+          @group_prefix = args[:group_prefix] if args.key?(:group_prefix)
+          @groups_claim = args[:groups_claim] if args.key?(:groups_claim)
+          @issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri)
+          @kubectl_redirect_uri = args[:kubectl_redirect_uri] if args.key?(:kubectl_redirect_uri)
+          @scopes = args[:scopes] if args.key?(:scopes)
+          @user_claim = args[:user_claim] if args.key?(:user_claim)
+          @user_prefix = args[:user_prefix] if args.key?(:user_prefix)
+        end
+      end
+      
+      # KubernetesMetadata provides informational metadata for Memberships
+      # representing Kubernetes clusters.
+      class KubernetesMetadata
+        include Google::Apis::Core::Hashable
+      
+        # Output only. Kubernetes API server version string as reported by `/version`.
+        # Corresponds to the JSON property `kubernetesApiServerVersion`
+        # @return [String]
+        attr_accessor :kubernetes_api_server_version
+      
+        # Output only. The total memory capacity as reported by the sum of all
+        # Kubernetes nodes resources, defined in MB.
+        # Corresponds to the JSON property `memoryMb`
+        # @return [Fixnum]
+        attr_accessor :memory_mb
+      
+        # Output only. Node count as reported by Kubernetes nodes resources.
+        # Corresponds to the JSON property `nodeCount`
+        # @return [Fixnum]
+        attr_accessor :node_count
+      
+        # Output only. Node providerID as reported by the first node in the list of
+        # nodes on the Kubernetes endpoint. On Kubernetes platforms that support zero-
+        # node clusters (like GKE-on-GCP), the node_count will be zero and the
+        # node_provider_id will be empty.
+        # Corresponds to the JSON property `nodeProviderId`
+        # @return [String]
+        attr_accessor :node_provider_id
+      
+        # Output only. The time at which these details were last updated. This
+        # update_time is different from the Membership-level update_time since
+        # EndpointDetails are updated internally for API consumers.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        # Output only. vCPU count as reported by Kubernetes nodes resources.
+        # Corresponds to the JSON property `vcpuCount`
+        # @return [Fixnum]
+        attr_accessor :vcpu_count
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @kubernetes_api_server_version = args[:kubernetes_api_server_version] if args.key?(:kubernetes_api_server_version)
+          @memory_mb = args[:memory_mb] if args.key?(:memory_mb)
+          @node_count = args[:node_count] if args.key?(:node_count)
+          @node_provider_id = args[:node_provider_id] if args.key?(:node_provider_id)
+          @update_time = args[:update_time] if args.key?(:update_time)
+          @vcpu_count = args[:vcpu_count] if args.key?(:vcpu_count)
+        end
+      end
+      
+      # Response message for the `GkeHub.ListAdminClusterMemberships` method.
+      class ListAdminClusterMembershipsResponse
+        include Google::Apis::Core::Hashable
+      
+        # The list of matching Memberships of admin clusters.
+        # Corresponds to the JSON property `adminClusterMemberships`
+        # @return [Array<Google::Apis::GkehubV1alpha::Membership>]
+        attr_accessor :admin_cluster_memberships
+      
+        # A token to request the next page of resources from the `
+        # ListAdminClusterMemberships` method. The value of an empty string means that
+        # there are no more resources to return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # List of locations that could not be reached while fetching this list.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @admin_cluster_memberships = args[:admin_cluster_memberships] if args.key?(:admin_cluster_memberships)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      
       # Response message for the `GkeHub.ListFeatures` method.
       class ListFeaturesResponse
         include Google::Apis::Core::Hashable
@@ -1402,6 +1817,39 @@ module Google
         end
       end
       
+      # Response message for the `GkeHub.ListMemberships` method.
+      class ListMembershipsResponse
+        include Google::Apis::Core::Hashable
+      
+        # A token to request the next page of resources from the `ListMemberships`
+        # method. The value of an empty string means that there are no more resources to
+        # return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # The list of matching Memberships.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<Google::Apis::GkehubV1alpha::Membership>]
+        attr_accessor :resources
+      
+        # List of locations that could not be reached while fetching this list.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @resources = args[:resources] if args.key?(:resources)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      
       # The response message for Operations.ListOperations.
       class ListOperationsResponse
         include Google::Apis::Core::Hashable
@@ -1474,6 +1922,148 @@ module Google
         end
       end
       
+      # Membership contains information about a member cluster.
+      class Membership
+        include Google::Apis::Core::Hashable
+      
+        # Authority encodes how Google will recognize identities from this Membership.
+        # See the workload identity documentation for more details: https://cloud.google.
+        # com/kubernetes-engine/docs/how-to/workload-identity
+        # Corresponds to the JSON property `authority`
+        # @return [Google::Apis::GkehubV1alpha::Authority]
+        attr_accessor :authority
+      
+        # Output only. When the Membership was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # Output only. When the Membership was deleted.
+        # Corresponds to the JSON property `deleteTime`
+        # @return [String]
+        attr_accessor :delete_time
+      
+        # Output only. Description of this membership, limited to 63 characters. Must
+        # match the regex: `a-zA-Z0-9*` This field is present for legacy purposes.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # MembershipEndpoint contains information needed to contact a Kubernetes API,
+        # endpoint and any additional Kubernetes metadata.
+        # Corresponds to the JSON property `endpoint`
+        # @return [Google::Apis::GkehubV1alpha::MembershipEndpoint]
+        attr_accessor :endpoint
+      
+        # Optional. An externally-generated and managed ID for this Membership. This ID
+        # may be modified after creation, but this is not recommended. The ID must match
+        # the regex: `a-zA-Z0-9*` If this Membership represents a Kubernetes cluster,
+        # this value should be set to the UID of the `kube-system` namespace object.
+        # Corresponds to the JSON property `externalId`
+        # @return [String]
+        attr_accessor :external_id
+      
+        # Optional. GCP labels for this membership.
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+      
+        # Output only. For clusters using Connect, the timestamp of the most recent
+        # connection established with Google Cloud. This time is updated every several
+        # minutes, not continuously. For clusters that do not use GKE Connect, or that
+        # have never connected successfully, this field will be unset.
+        # Corresponds to the JSON property `lastConnectionTime`
+        # @return [String]
+        attr_accessor :last_connection_time
+      
+        # Output only. The full, unique name of this Membership resource in the format `
+        # projects/*/locations/*/memberships/`membership_id``, set during creation. `
+        # membership_id` must be a valid RFC 1123 compliant DNS label: 1. At most 63
+        # characters in length 2. It must consist of lower case alphanumeric characters
+        # or `-` 3. It must start and end with an alphanumeric character Which can be
+        # expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`, with a maximum length
+        # of 63 characters.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # MembershipState describes the state of a Membership resource.
+        # Corresponds to the JSON property `state`
+        # @return [Google::Apis::GkehubV1alpha::MembershipState]
+        attr_accessor :state
+      
+        # Output only. Google-generated UUID for this resource. This is unique across
+        # all Membership resources. If a Membership resource is deleted and another
+        # resource with the same name is created, it gets a different unique_id.
+        # Corresponds to the JSON property `uniqueId`
+        # @return [String]
+        attr_accessor :unique_id
+      
+        # Output only. When the Membership was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @authority = args[:authority] if args.key?(:authority)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @delete_time = args[:delete_time] if args.key?(:delete_time)
+          @description = args[:description] if args.key?(:description)
+          @endpoint = args[:endpoint] if args.key?(:endpoint)
+          @external_id = args[:external_id] if args.key?(:external_id)
+          @labels = args[:labels] if args.key?(:labels)
+          @last_connection_time = args[:last_connection_time] if args.key?(:last_connection_time)
+          @name = args[:name] if args.key?(:name)
+          @state = args[:state] if args.key?(:state)
+          @unique_id = args[:unique_id] if args.key?(:unique_id)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
+      # MembershipEndpoint contains information needed to contact a Kubernetes API,
+      # endpoint and any additional Kubernetes metadata.
+      class MembershipEndpoint
+        include Google::Apis::Core::Hashable
+      
+        # GkeCluster contains information specific to GKE clusters.
+        # Corresponds to the JSON property `gkeCluster`
+        # @return [Google::Apis::GkehubV1alpha::GkeCluster]
+        attr_accessor :gke_cluster
+      
+        # KubernetesMetadata provides informational metadata for Memberships
+        # representing Kubernetes clusters.
+        # Corresponds to the JSON property `kubernetesMetadata`
+        # @return [Google::Apis::GkehubV1alpha::KubernetesMetadata]
+        attr_accessor :kubernetes_metadata
+      
+        # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
+        # Corresponds to the JSON property `multiCloudCluster`
+        # @return [Google::Apis::GkehubV1alpha::MultiCloudCluster]
+        attr_accessor :multi_cloud_cluster
+      
+        # OnPremCluster contains information specific to GKE On-Prem clusters.
+        # Corresponds to the JSON property `onPremCluster`
+        # @return [Google::Apis::GkehubV1alpha::OnPremCluster]
+        attr_accessor :on_prem_cluster
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @gke_cluster = args[:gke_cluster] if args.key?(:gke_cluster)
+          @kubernetes_metadata = args[:kubernetes_metadata] if args.key?(:kubernetes_metadata)
+          @multi_cloud_cluster = args[:multi_cloud_cluster] if args.key?(:multi_cloud_cluster)
+          @on_prem_cluster = args[:on_prem_cluster] if args.key?(:on_prem_cluster)
+        end
+      end
+      
       # MembershipFeatureSpec contains configuration information for a single
       # Membership.
       class MembershipFeatureSpec
@@ -1485,6 +2075,16 @@ module Google
         # @return [Google::Apis::GkehubV1alpha::ConfigManagementMembershipSpec]
         attr_accessor :configmanagement
       
+        # **Anthos Identity Service**: Configuration for a single Membership.
+        # Corresponds to the JSON property `identityservice`
+        # @return [Google::Apis::GkehubV1alpha::IdentityServiceMembershipSpec]
+        attr_accessor :identityservice
+      
+        # **Service Mesh**: Spec for a single Membership for the servicemesh feature
+        # Corresponds to the JSON property `mesh`
+        # @return [Google::Apis::GkehubV1alpha::ServiceMeshMembershipSpec]
+        attr_accessor :mesh
+      
         def initialize(**args)
            update!(**args)
         end
@@ -1492,6 +2092,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @configmanagement = args[:configmanagement] if args.key?(:configmanagement)
+          @identityservice = args[:identityservice] if args.key?(:identityservice)
+          @mesh = args[:mesh] if args.key?(:mesh)
         end
       end
       
@@ -1505,6 +2107,11 @@ module Google
         # @return [Google::Apis::GkehubV1alpha::ConfigManagementMembershipState]
         attr_accessor :configmanagement
       
+        # **Anthos Identity Service**: State for a single Membership.
+        # Corresponds to the JSON property `identityservice`
+        # @return [Google::Apis::GkehubV1alpha::IdentityServiceMembershipState]
+        attr_accessor :identityservice
+      
         # **Metering**: Per-Membership Feature State.
         # Corresponds to the JSON property `metering`
         # @return [Google::Apis::GkehubV1alpha::MeteringMembershipState]
@@ -1530,12 +2137,32 @@ module Google
         # Update properties of this object
         def update!(**args)
           @configmanagement = args[:configmanagement] if args.key?(:configmanagement)
+          @identityservice = args[:identityservice] if args.key?(:identityservice)
           @metering = args[:metering] if args.key?(:metering)
           @servicemesh = args[:servicemesh] if args.key?(:servicemesh)
           @state = args[:state] if args.key?(:state)
         end
       end
       
+      # MembershipState describes the state of a Membership resource.
+      class MembershipState
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The current state of the Membership resource.
+        # Corresponds to the JSON property `code`
+        # @return [String]
+        attr_accessor :code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @code = args[:code] if args.key?(:code)
+        end
+      end
+      
       # **Metering**: Per-Membership Feature State.
       class MeteringMembershipState
         include Google::Apis::Core::Hashable
@@ -1563,6 +2190,36 @@ module Google
         end
       end
       
+      # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
+      class MultiCloudCluster
+        include Google::Apis::Core::Hashable
+      
+        # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.
+        # googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
+        # Corresponds to the JSON property `clusterMissing`
+        # @return [Boolean]
+        attr_accessor :cluster_missing
+        alias_method :cluster_missing?, :cluster_missing
+      
+        # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For
+        # example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-
+        # a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/
+        # locations/us-west1-a/azureClusters/my-cluster
+        # Corresponds to the JSON property `resourceLink`
+        # @return [String]
+        attr_accessor :resource_link
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @cluster_missing = args[:cluster_missing] if args.key?(:cluster_missing)
+          @resource_link = args[:resource_link] if args.key?(:resource_link)
+        end
+      end
+      
       # **Multi-cluster Ingress**: The configuration for the MultiClusterIngress
       # feature.
       class MultiClusterIngressFeatureSpec
@@ -1591,6 +2248,43 @@ module Google
         end
       end
       
+      # OnPremCluster contains information specific to GKE On-Prem clusters.
+      class OnPremCluster
+        include Google::Apis::Core::Hashable
+      
+        # Immutable. Whether the cluster is an admin cluster.
+        # Corresponds to the JSON property `adminCluster`
+        # @return [Boolean]
+        attr_accessor :admin_cluster
+        alias_method :admin_cluster?, :admin_cluster
+      
+        # Output only. If cluster_missing is set then it denotes that API(gkeonprem.
+        # googleapis.com) resource for this GKE On-Prem cluster no longer exists.
+        # Corresponds to the JSON property `clusterMissing`
+        # @return [Boolean]
+        attr_accessor :cluster_missing
+        alias_method :cluster_missing?, :cluster_missing
+      
+        # Immutable. Self-link of the GCP resource for the GKE On-Prem cluster. For
+        # example: //gkeonprem.googleapis.com/projects/my-project/locations/us-west1-a/
+        # vmwareClusters/my-cluster //gkeonprem.googleapis.com/projects/my-project/
+        # locations/us-west1-a/bareMetalClusters/my-cluster
+        # Corresponds to the JSON property `resourceLink`
+        # @return [String]
+        attr_accessor :resource_link
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @admin_cluster = args[:admin_cluster] if args.key?(:admin_cluster)
+          @cluster_missing = args[:cluster_missing] if args.key?(:cluster_missing)
+          @resource_link = args[:resource_link] if args.key?(:resource_link)
+        end
+      end
+      
       # This resource represents a long-running operation that is the result of a
       # network API call.
       class Operation
@@ -1714,31 +2408,31 @@ module Google
       
       # An Identity and Access Management (IAM) policy, which specifies access
       # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members` to a single `role`. Members can be
-      # user accounts, service accounts, Google groups, and domains (such as G Suite).
-      # A `role` is a named list of permissions; each `role` can be an IAM predefined
-      # role or a user-created custom role. For some types of Google Cloud resources,
-      # a `binding` can also specify a `condition`, which is a logical expression that
-      # allows access to a resource only if the expression evaluates to `true`. A
-      # condition can add constraints based on attributes of the request, the resource,
-      # or both. To learn which resources support conditions in their IAM policies,
-      # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-      # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-      # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-      # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-      # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-      # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-      # title": "expirable access", "description": "Does not grant access after Sep
-      # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-      # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-      # members: - user:mike@example.com - group:admins@example.com - domain:google.
-      # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-      # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-      # roles/resourcemanager.organizationViewer condition: title: expirable access
-      # description: Does not grant access after Sep 2020 expression: request.time <
-      # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
-      # description of IAM and its features, see the [IAM documentation](https://cloud.
-      # google.com/iam/docs/).
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+      # bindings: - members: - user:mike@example.com - group:admins@example.com -
+      # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+      # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+      # access description: Does not grant access after Sep 2020 expression: request.
+      # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+      # a description of IAM and its features, see the [IAM documentation](https://
+      # cloud.google.com/iam/docs/).
       class Policy
         include Google::Apis::Core::Hashable
       
@@ -1747,9 +2441,14 @@ module Google
         # @return [Array<Google::Apis::GkehubV1alpha::AuditConfig>]
         attr_accessor :audit_configs
       
-        # Associates a list of `members` to a `role`. Optionally, may specify a `
-        # condition` that determines how and when the `bindings` are applied. Each of
-        # the `bindings` must contain at least one member.
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
         # Corresponds to the JSON property `bindings`
         # @return [Array<Google::Apis::GkehubV1alpha::Binding>]
         attr_accessor :bindings
@@ -1904,6 +2603,19 @@ module Google
         end
       end
       
+      # **Service Mesh**: Spec for a single Membership for the servicemesh feature
+      class ServiceMeshMembershipSpec
+        include Google::Apis::Core::Hashable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      
       # **Service Mesh**: State for a single Membership, as analyzed by the Service
       # Mesh Hub Controller.
       class ServiceMeshMembershipState
@@ -1963,31 +2675,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::GkehubV1alpha::Policy]
         attr_accessor :policy
@@ -2049,6 +2761,32 @@ module Google
           @permissions = args[:permissions] if args.key?(:permissions)
         end
       end
+      
+      # TypeMeta is the type information needed for content unmarshalling of
+      # Kubernetes resources in the manifest.
+      class TypeMeta
+        include Google::Apis::Core::Hashable
+      
+        # APIVersion of the resource (e.g. v1).
+        # Corresponds to the JSON property `apiVersion`
+        # @return [String]
+        attr_accessor :api_version
+      
+        # Kind of the resource (e.g. Deployment).
+        # Corresponds to the JSON property `kind`
+        # @return [String]
+        attr_accessor :kind
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @api_version = args[:api_version] if args.key?(:api_version)
+          @kind = args[:kind] if args.key?(:kind)
+        end
+      end
     end
   end
 end