google-apis-gkehub_v1alpha 0.9.0 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/OVERVIEW.md +5 -5
- data/lib/google/apis/gkehub_v1alpha/classes.rb +795 -57
- data/lib/google/apis/gkehub_v1alpha/gem_version.rb +2 -2
- data/lib/google/apis/gkehub_v1alpha/representations.rb +303 -0
- data/lib/google/apis/gkehub_v1alpha/service.rb +345 -1
- data/lib/google/apis/gkehub_v1alpha.rb +2 -2
- metadata +8 -8
@@ -93,7 +93,61 @@ module Google
|
|
93
93
|
end
|
94
94
|
end
|
95
95
|
|
96
|
-
#
|
96
|
+
# Authority encodes how Google will recognize identities from this Membership.
|
97
|
+
# See the workload identity documentation for more details: https://cloud.google.
|
98
|
+
# com/kubernetes-engine/docs/how-to/workload-identity
|
99
|
+
class Authority
|
100
|
+
include Google::Apis::Core::Hashable
|
101
|
+
|
102
|
+
# Output only. An identity provider that reflects the `issuer` in the workload
|
103
|
+
# identity pool.
|
104
|
+
# Corresponds to the JSON property `identityProvider`
|
105
|
+
# @return [String]
|
106
|
+
attr_accessor :identity_provider
|
107
|
+
|
108
|
+
# Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://
|
109
|
+
# ` and be a valid URL with length <2000 characters. If set, then Google will
|
110
|
+
# allow valid OIDC tokens from this issuer to authenticate within the
|
111
|
+
# workload_identity_pool. OIDC discovery will be performed on this URI to
|
112
|
+
# validate tokens from the issuer. Clearing `issuer` disables Workload Identity.
|
113
|
+
# `issuer` cannot be directly modified; it must be cleared (and Workload
|
114
|
+
# Identity disabled) before using a new issuer (and re-enabling Workload
|
115
|
+
# Identity).
|
116
|
+
# Corresponds to the JSON property `issuer`
|
117
|
+
# @return [String]
|
118
|
+
attr_accessor :issuer
|
119
|
+
|
120
|
+
# Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517).
|
121
|
+
# When this field is set, OIDC discovery will NOT be performed on `issuer`, and
|
122
|
+
# instead OIDC tokens will be validated using this field.
|
123
|
+
# Corresponds to the JSON property `oidcJwks`
|
124
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
125
|
+
# @return [String]
|
126
|
+
attr_accessor :oidc_jwks
|
127
|
+
|
128
|
+
# Output only. The name of the workload identity pool in which `issuer` will be
|
129
|
+
# recognized. There is a single Workload Identity Pool per Hub that is shared
|
130
|
+
# between all Memberships that belong to that Hub. For a Hub hosted in `
|
131
|
+
# PROJECT_ID`, the workload pool format is ``PROJECT_ID`.hub.id.goog`, although
|
132
|
+
# this is subject to change in newer versions of this API.
|
133
|
+
# Corresponds to the JSON property `workloadIdentityPool`
|
134
|
+
# @return [String]
|
135
|
+
attr_accessor :workload_identity_pool
|
136
|
+
|
137
|
+
def initialize(**args)
|
138
|
+
update!(**args)
|
139
|
+
end
|
140
|
+
|
141
|
+
# Update properties of this object
|
142
|
+
def update!(**args)
|
143
|
+
@identity_provider = args[:identity_provider] if args.key?(:identity_provider)
|
144
|
+
@issuer = args[:issuer] if args.key?(:issuer)
|
145
|
+
@oidc_jwks = args[:oidc_jwks] if args.key?(:oidc_jwks)
|
146
|
+
@workload_identity_pool = args[:workload_identity_pool] if args.key?(:workload_identity_pool)
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
# Associates `members`, or principals, with a `role`.
|
97
151
|
class Binding
|
98
152
|
include Google::Apis::Core::Hashable
|
99
153
|
|
@@ -116,7 +170,7 @@ module Google
|
|
116
170
|
# @return [Google::Apis::GkehubV1alpha::Expr]
|
117
171
|
attr_accessor :condition
|
118
172
|
|
119
|
-
# Specifies the
|
173
|
+
# Specifies the principals requesting access for a Cloud Platform resource. `
|
120
174
|
# members` can have the following values: * `allUsers`: A special identifier
|
121
175
|
# that represents anyone who is on the internet; with or without a Google
|
122
176
|
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
@@ -146,8 +200,8 @@ module Google
|
|
146
200
|
# @return [Array<String>]
|
147
201
|
attr_accessor :members
|
148
202
|
|
149
|
-
# Role that is assigned to `members
|
150
|
-
#
|
203
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
204
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`.
|
151
205
|
# Corresponds to the JSON property `role`
|
152
206
|
# @return [String]
|
153
207
|
attr_accessor :role
|
@@ -322,6 +376,16 @@ module Google
|
|
322
376
|
class ConfigManagementConfigSync
|
323
377
|
include Google::Apis::Core::Hashable
|
324
378
|
|
379
|
+
# Enables the installation of ConfigSync. If set to true, ConfigSync resources
|
380
|
+
# will be created and the other ConfigSync fields will be applied if exist. If
|
381
|
+
# set to false, all other ConfigSync fields will be ignored, ConfigSync
|
382
|
+
# resources will be deleted. If omitted, ConfigSync resources will be managed
|
383
|
+
# depends on the presence of git field.
|
384
|
+
# Corresponds to the JSON property `enabled`
|
385
|
+
# @return [Boolean]
|
386
|
+
attr_accessor :enabled
|
387
|
+
alias_method :enabled?, :enabled
|
388
|
+
|
325
389
|
# Git repo configuration for a single cluster.
|
326
390
|
# Corresponds to the JSON property `git`
|
327
391
|
# @return [Google::Apis::GkehubV1alpha::ConfigManagementGitConfig]
|
@@ -339,6 +403,7 @@ module Google
|
|
339
403
|
|
340
404
|
# Update properties of this object
|
341
405
|
def update!(**args)
|
406
|
+
@enabled = args[:enabled] if args.key?(:enabled)
|
342
407
|
@git = args[:git] if args.key?(:git)
|
343
408
|
@source_format = args[:source_format] if args.key?(:source_format)
|
344
409
|
end
|
@@ -348,6 +413,11 @@ module Google
|
|
348
413
|
class ConfigManagementConfigSyncDeploymentState
|
349
414
|
include Google::Apis::Core::Hashable
|
350
415
|
|
416
|
+
# Deployment state of admission-webhook
|
417
|
+
# Corresponds to the JSON property `admissionWebhook`
|
418
|
+
# @return [String]
|
419
|
+
attr_accessor :admission_webhook
|
420
|
+
|
351
421
|
# Deployment state of the git-sync pod
|
352
422
|
# Corresponds to the JSON property `gitSync`
|
353
423
|
# @return [String]
|
@@ -384,6 +454,7 @@ module Google
|
|
384
454
|
|
385
455
|
# Update properties of this object
|
386
456
|
def update!(**args)
|
457
|
+
@admission_webhook = args[:admission_webhook] if args.key?(:admission_webhook)
|
387
458
|
@git_sync = args[:git_sync] if args.key?(:git_sync)
|
388
459
|
@importer = args[:importer] if args.key?(:importer)
|
389
460
|
@monitor = args[:monitor] if args.key?(:monitor)
|
@@ -428,6 +499,11 @@ module Google
|
|
428
499
|
class ConfigManagementConfigSyncVersion
|
429
500
|
include Google::Apis::Core::Hashable
|
430
501
|
|
502
|
+
# Version of the deployed admission_webhook pod
|
503
|
+
# Corresponds to the JSON property `admissionWebhook`
|
504
|
+
# @return [String]
|
505
|
+
attr_accessor :admission_webhook
|
506
|
+
|
431
507
|
# Version of the deployed git-sync pod
|
432
508
|
# Corresponds to the JSON property `gitSync`
|
433
509
|
# @return [String]
|
@@ -464,6 +540,7 @@ module Google
|
|
464
540
|
|
465
541
|
# Update properties of this object
|
466
542
|
def update!(**args)
|
543
|
+
@admission_webhook = args[:admission_webhook] if args.key?(:admission_webhook)
|
467
544
|
@git_sync = args[:git_sync] if args.key?(:git_sync)
|
468
545
|
@importer = args[:importer] if args.key?(:importer)
|
469
546
|
@monitor = args[:monitor] if args.key?(:monitor)
|
@@ -1096,6 +1173,33 @@ module Google
|
|
1096
1173
|
end
|
1097
1174
|
end
|
1098
1175
|
|
1176
|
+
# ConnectAgentResource represents a Kubernetes resource manifest for Connect
|
1177
|
+
# Agent deployment.
|
1178
|
+
class ConnectAgentResource
|
1179
|
+
include Google::Apis::Core::Hashable
|
1180
|
+
|
1181
|
+
# YAML manifest of the resource.
|
1182
|
+
# Corresponds to the JSON property `manifest`
|
1183
|
+
# @return [String]
|
1184
|
+
attr_accessor :manifest
|
1185
|
+
|
1186
|
+
# TypeMeta is the type information needed for content unmarshalling of
|
1187
|
+
# Kubernetes resources in the manifest.
|
1188
|
+
# Corresponds to the JSON property `type`
|
1189
|
+
# @return [Google::Apis::GkehubV1alpha::TypeMeta]
|
1190
|
+
attr_accessor :type
|
1191
|
+
|
1192
|
+
def initialize(**args)
|
1193
|
+
update!(**args)
|
1194
|
+
end
|
1195
|
+
|
1196
|
+
# Update properties of this object
|
1197
|
+
def update!(**args)
|
1198
|
+
@manifest = args[:manifest] if args.key?(:manifest)
|
1199
|
+
@type = args[:type] if args.key?(:type)
|
1200
|
+
end
|
1201
|
+
end
|
1202
|
+
|
1099
1203
|
# A generic empty message that you can re-use to avoid defining duplicated empty
|
1100
1204
|
# messages in your APIs. A typical example is to use it as the request or the
|
1101
1205
|
# response type of an API method. For instance: service Foo ` rpc Bar(google.
|
@@ -1312,6 +1416,56 @@ module Google
|
|
1312
1416
|
end
|
1313
1417
|
end
|
1314
1418
|
|
1419
|
+
# GenerateConnectManifestResponse contains manifest information for installing/
|
1420
|
+
# upgrading a Connect agent.
|
1421
|
+
class GenerateConnectManifestResponse
|
1422
|
+
include Google::Apis::Core::Hashable
|
1423
|
+
|
1424
|
+
# The ordered list of Kubernetes resources that need to be applied to the
|
1425
|
+
# cluster for GKE Connect agent installation/upgrade.
|
1426
|
+
# Corresponds to the JSON property `manifest`
|
1427
|
+
# @return [Array<Google::Apis::GkehubV1alpha::ConnectAgentResource>]
|
1428
|
+
attr_accessor :manifest
|
1429
|
+
|
1430
|
+
def initialize(**args)
|
1431
|
+
update!(**args)
|
1432
|
+
end
|
1433
|
+
|
1434
|
+
# Update properties of this object
|
1435
|
+
def update!(**args)
|
1436
|
+
@manifest = args[:manifest] if args.key?(:manifest)
|
1437
|
+
end
|
1438
|
+
end
|
1439
|
+
|
1440
|
+
# GkeCluster contains information specific to GKE clusters.
|
1441
|
+
class GkeCluster
|
1442
|
+
include Google::Apis::Core::Hashable
|
1443
|
+
|
1444
|
+
# Output only. If cluster_missing is set then it denotes that the GKE cluster no
|
1445
|
+
# longer exists in the GKE Control Plane.
|
1446
|
+
# Corresponds to the JSON property `clusterMissing`
|
1447
|
+
# @return [Boolean]
|
1448
|
+
attr_accessor :cluster_missing
|
1449
|
+
alias_method :cluster_missing?, :cluster_missing
|
1450
|
+
|
1451
|
+
# Immutable. Self-link of the GCP resource for the GKE cluster. For example: //
|
1452
|
+
# container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-
|
1453
|
+
# cluster Zonal clusters are also supported.
|
1454
|
+
# Corresponds to the JSON property `resourceLink`
|
1455
|
+
# @return [String]
|
1456
|
+
attr_accessor :resource_link
|
1457
|
+
|
1458
|
+
def initialize(**args)
|
1459
|
+
update!(**args)
|
1460
|
+
end
|
1461
|
+
|
1462
|
+
# Update properties of this object
|
1463
|
+
def update!(**args)
|
1464
|
+
@cluster_missing = args[:cluster_missing] if args.key?(:cluster_missing)
|
1465
|
+
@resource_link = args[:resource_link] if args.key?(:resource_link)
|
1466
|
+
end
|
1467
|
+
end
|
1468
|
+
|
1315
1469
|
# The `Status` type defines a logical error model that is suitable for different
|
1316
1470
|
# programming environments, including REST APIs and RPC APIs. It is used by [
|
1317
1471
|
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
|
@@ -1351,6 +1505,267 @@ module Google
|
|
1351
1505
|
end
|
1352
1506
|
end
|
1353
1507
|
|
1508
|
+
# Configuration of an auth method for a member/cluster. Only one authentication
|
1509
|
+
# method (e.g., OIDC and LDAP) can be set per AuthMethod.
|
1510
|
+
class IdentityServiceAuthMethod
|
1511
|
+
include Google::Apis::Core::Hashable
|
1512
|
+
|
1513
|
+
# Identifier for auth config.
|
1514
|
+
# Corresponds to the JSON property `name`
|
1515
|
+
# @return [String]
|
1516
|
+
attr_accessor :name
|
1517
|
+
|
1518
|
+
# Configuration for OIDC Auth flow.
|
1519
|
+
# Corresponds to the JSON property `oidcConfig`
|
1520
|
+
# @return [Google::Apis::GkehubV1alpha::IdentityServiceOidcConfig]
|
1521
|
+
attr_accessor :oidc_config
|
1522
|
+
|
1523
|
+
# Proxy server address to use for auth method.
|
1524
|
+
# Corresponds to the JSON property `proxy`
|
1525
|
+
# @return [String]
|
1526
|
+
attr_accessor :proxy
|
1527
|
+
|
1528
|
+
def initialize(**args)
|
1529
|
+
update!(**args)
|
1530
|
+
end
|
1531
|
+
|
1532
|
+
# Update properties of this object
|
1533
|
+
def update!(**args)
|
1534
|
+
@name = args[:name] if args.key?(:name)
|
1535
|
+
@oidc_config = args[:oidc_config] if args.key?(:oidc_config)
|
1536
|
+
@proxy = args[:proxy] if args.key?(:proxy)
|
1537
|
+
end
|
1538
|
+
end
|
1539
|
+
|
1540
|
+
# **Anthos Identity Service**: Configuration for a single Membership.
|
1541
|
+
class IdentityServiceMembershipSpec
|
1542
|
+
include Google::Apis::Core::Hashable
|
1543
|
+
|
1544
|
+
# A member may support multiple auth methods.
|
1545
|
+
# Corresponds to the JSON property `authMethods`
|
1546
|
+
# @return [Array<Google::Apis::GkehubV1alpha::IdentityServiceAuthMethod>]
|
1547
|
+
attr_accessor :auth_methods
|
1548
|
+
|
1549
|
+
def initialize(**args)
|
1550
|
+
update!(**args)
|
1551
|
+
end
|
1552
|
+
|
1553
|
+
# Update properties of this object
|
1554
|
+
def update!(**args)
|
1555
|
+
@auth_methods = args[:auth_methods] if args.key?(:auth_methods)
|
1556
|
+
end
|
1557
|
+
end
|
1558
|
+
|
1559
|
+
# **Anthos Identity Service**: State for a single Membership.
|
1560
|
+
class IdentityServiceMembershipState
|
1561
|
+
include Google::Apis::Core::Hashable
|
1562
|
+
|
1563
|
+
# The reason of the failure.
|
1564
|
+
# Corresponds to the JSON property `failureReason`
|
1565
|
+
# @return [String]
|
1566
|
+
attr_accessor :failure_reason
|
1567
|
+
|
1568
|
+
# Installed AIS version. This is the AIS version installed on this member. The
|
1569
|
+
# values makes sense iff state is OK.
|
1570
|
+
# Corresponds to the JSON property `installedVersion`
|
1571
|
+
# @return [String]
|
1572
|
+
attr_accessor :installed_version
|
1573
|
+
|
1574
|
+
# **Anthos Identity Service**: Configuration for a single Membership.
|
1575
|
+
# Corresponds to the JSON property `memberConfig`
|
1576
|
+
# @return [Google::Apis::GkehubV1alpha::IdentityServiceMembershipSpec]
|
1577
|
+
attr_accessor :member_config
|
1578
|
+
|
1579
|
+
# Deployment state on this member
|
1580
|
+
# Corresponds to the JSON property `state`
|
1581
|
+
# @return [String]
|
1582
|
+
attr_accessor :state
|
1583
|
+
|
1584
|
+
def initialize(**args)
|
1585
|
+
update!(**args)
|
1586
|
+
end
|
1587
|
+
|
1588
|
+
# Update properties of this object
|
1589
|
+
def update!(**args)
|
1590
|
+
@failure_reason = args[:failure_reason] if args.key?(:failure_reason)
|
1591
|
+
@installed_version = args[:installed_version] if args.key?(:installed_version)
|
1592
|
+
@member_config = args[:member_config] if args.key?(:member_config)
|
1593
|
+
@state = args[:state] if args.key?(:state)
|
1594
|
+
end
|
1595
|
+
end
|
1596
|
+
|
1597
|
+
# Configuration for OIDC Auth flow.
|
1598
|
+
class IdentityServiceOidcConfig
|
1599
|
+
include Google::Apis::Core::Hashable
|
1600
|
+
|
1601
|
+
# PEM-encoded CA for OIDC provider.
|
1602
|
+
# Corresponds to the JSON property `certificateAuthorityData`
|
1603
|
+
# @return [String]
|
1604
|
+
attr_accessor :certificate_authority_data
|
1605
|
+
|
1606
|
+
# ID for OIDC client application.
|
1607
|
+
# Corresponds to the JSON property `clientId`
|
1608
|
+
# @return [String]
|
1609
|
+
attr_accessor :client_id
|
1610
|
+
|
1611
|
+
# Flag to denote if reverse proxy is used to connect to auth provider. This flag
|
1612
|
+
# should be set to true when provider is not reachable by Google Cloud Console.
|
1613
|
+
# Corresponds to the JSON property `deployCloudConsoleProxy`
|
1614
|
+
# @return [Boolean]
|
1615
|
+
attr_accessor :deploy_cloud_console_proxy
|
1616
|
+
alias_method :deploy_cloud_console_proxy?, :deploy_cloud_console_proxy
|
1617
|
+
|
1618
|
+
# Comma-separated list of key-value pairs.
|
1619
|
+
# Corresponds to the JSON property `extraParams`
|
1620
|
+
# @return [String]
|
1621
|
+
attr_accessor :extra_params
|
1622
|
+
|
1623
|
+
# Prefix to prepend to group name.
|
1624
|
+
# Corresponds to the JSON property `groupPrefix`
|
1625
|
+
# @return [String]
|
1626
|
+
attr_accessor :group_prefix
|
1627
|
+
|
1628
|
+
# Claim in OIDC ID token that holds group information.
|
1629
|
+
# Corresponds to the JSON property `groupsClaim`
|
1630
|
+
# @return [String]
|
1631
|
+
attr_accessor :groups_claim
|
1632
|
+
|
1633
|
+
# URI for the OIDC provider. This should point to the level below .well-known/
|
1634
|
+
# openid-configuration.
|
1635
|
+
# Corresponds to the JSON property `issuerUri`
|
1636
|
+
# @return [String]
|
1637
|
+
attr_accessor :issuer_uri
|
1638
|
+
|
1639
|
+
# Registered redirect uri to redirect users going through OAuth flow using
|
1640
|
+
# kubectl plugin.
|
1641
|
+
# Corresponds to the JSON property `kubectlRedirectUri`
|
1642
|
+
# @return [String]
|
1643
|
+
attr_accessor :kubectl_redirect_uri
|
1644
|
+
|
1645
|
+
# Comma-separated list of identifiers.
|
1646
|
+
# Corresponds to the JSON property `scopes`
|
1647
|
+
# @return [String]
|
1648
|
+
attr_accessor :scopes
|
1649
|
+
|
1650
|
+
# Claim in OIDC ID token that holds username.
|
1651
|
+
# Corresponds to the JSON property `userClaim`
|
1652
|
+
# @return [String]
|
1653
|
+
attr_accessor :user_claim
|
1654
|
+
|
1655
|
+
# Prefix to prepend to user name.
|
1656
|
+
# Corresponds to the JSON property `userPrefix`
|
1657
|
+
# @return [String]
|
1658
|
+
attr_accessor :user_prefix
|
1659
|
+
|
1660
|
+
def initialize(**args)
|
1661
|
+
update!(**args)
|
1662
|
+
end
|
1663
|
+
|
1664
|
+
# Update properties of this object
|
1665
|
+
def update!(**args)
|
1666
|
+
@certificate_authority_data = args[:certificate_authority_data] if args.key?(:certificate_authority_data)
|
1667
|
+
@client_id = args[:client_id] if args.key?(:client_id)
|
1668
|
+
@deploy_cloud_console_proxy = args[:deploy_cloud_console_proxy] if args.key?(:deploy_cloud_console_proxy)
|
1669
|
+
@extra_params = args[:extra_params] if args.key?(:extra_params)
|
1670
|
+
@group_prefix = args[:group_prefix] if args.key?(:group_prefix)
|
1671
|
+
@groups_claim = args[:groups_claim] if args.key?(:groups_claim)
|
1672
|
+
@issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri)
|
1673
|
+
@kubectl_redirect_uri = args[:kubectl_redirect_uri] if args.key?(:kubectl_redirect_uri)
|
1674
|
+
@scopes = args[:scopes] if args.key?(:scopes)
|
1675
|
+
@user_claim = args[:user_claim] if args.key?(:user_claim)
|
1676
|
+
@user_prefix = args[:user_prefix] if args.key?(:user_prefix)
|
1677
|
+
end
|
1678
|
+
end
|
1679
|
+
|
1680
|
+
# KubernetesMetadata provides informational metadata for Memberships
|
1681
|
+
# representing Kubernetes clusters.
|
1682
|
+
class KubernetesMetadata
|
1683
|
+
include Google::Apis::Core::Hashable
|
1684
|
+
|
1685
|
+
# Output only. Kubernetes API server version string as reported by `/version`.
|
1686
|
+
# Corresponds to the JSON property `kubernetesApiServerVersion`
|
1687
|
+
# @return [String]
|
1688
|
+
attr_accessor :kubernetes_api_server_version
|
1689
|
+
|
1690
|
+
# Output only. The total memory capacity as reported by the sum of all
|
1691
|
+
# Kubernetes nodes resources, defined in MB.
|
1692
|
+
# Corresponds to the JSON property `memoryMb`
|
1693
|
+
# @return [Fixnum]
|
1694
|
+
attr_accessor :memory_mb
|
1695
|
+
|
1696
|
+
# Output only. Node count as reported by Kubernetes nodes resources.
|
1697
|
+
# Corresponds to the JSON property `nodeCount`
|
1698
|
+
# @return [Fixnum]
|
1699
|
+
attr_accessor :node_count
|
1700
|
+
|
1701
|
+
# Output only. Node providerID as reported by the first node in the list of
|
1702
|
+
# nodes on the Kubernetes endpoint. On Kubernetes platforms that support zero-
|
1703
|
+
# node clusters (like GKE-on-GCP), the node_count will be zero and the
|
1704
|
+
# node_provider_id will be empty.
|
1705
|
+
# Corresponds to the JSON property `nodeProviderId`
|
1706
|
+
# @return [String]
|
1707
|
+
attr_accessor :node_provider_id
|
1708
|
+
|
1709
|
+
# Output only. The time at which these details were last updated. This
|
1710
|
+
# update_time is different from the Membership-level update_time since
|
1711
|
+
# EndpointDetails are updated internally for API consumers.
|
1712
|
+
# Corresponds to the JSON property `updateTime`
|
1713
|
+
# @return [String]
|
1714
|
+
attr_accessor :update_time
|
1715
|
+
|
1716
|
+
# Output only. vCPU count as reported by Kubernetes nodes resources.
|
1717
|
+
# Corresponds to the JSON property `vcpuCount`
|
1718
|
+
# @return [Fixnum]
|
1719
|
+
attr_accessor :vcpu_count
|
1720
|
+
|
1721
|
+
def initialize(**args)
|
1722
|
+
update!(**args)
|
1723
|
+
end
|
1724
|
+
|
1725
|
+
# Update properties of this object
|
1726
|
+
def update!(**args)
|
1727
|
+
@kubernetes_api_server_version = args[:kubernetes_api_server_version] if args.key?(:kubernetes_api_server_version)
|
1728
|
+
@memory_mb = args[:memory_mb] if args.key?(:memory_mb)
|
1729
|
+
@node_count = args[:node_count] if args.key?(:node_count)
|
1730
|
+
@node_provider_id = args[:node_provider_id] if args.key?(:node_provider_id)
|
1731
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
1732
|
+
@vcpu_count = args[:vcpu_count] if args.key?(:vcpu_count)
|
1733
|
+
end
|
1734
|
+
end
|
1735
|
+
|
1736
|
+
# Response message for the `GkeHub.ListAdminClusterMemberships` method.
|
1737
|
+
class ListAdminClusterMembershipsResponse
|
1738
|
+
include Google::Apis::Core::Hashable
|
1739
|
+
|
1740
|
+
# The list of matching Memberships of admin clusters.
|
1741
|
+
# Corresponds to the JSON property `adminClusterMemberships`
|
1742
|
+
# @return [Array<Google::Apis::GkehubV1alpha::Membership>]
|
1743
|
+
attr_accessor :admin_cluster_memberships
|
1744
|
+
|
1745
|
+
# A token to request the next page of resources from the `
|
1746
|
+
# ListAdminClusterMemberships` method. The value of an empty string means that
|
1747
|
+
# there are no more resources to return.
|
1748
|
+
# Corresponds to the JSON property `nextPageToken`
|
1749
|
+
# @return [String]
|
1750
|
+
attr_accessor :next_page_token
|
1751
|
+
|
1752
|
+
# List of locations that could not be reached while fetching this list.
|
1753
|
+
# Corresponds to the JSON property `unreachable`
|
1754
|
+
# @return [Array<String>]
|
1755
|
+
attr_accessor :unreachable
|
1756
|
+
|
1757
|
+
def initialize(**args)
|
1758
|
+
update!(**args)
|
1759
|
+
end
|
1760
|
+
|
1761
|
+
# Update properties of this object
|
1762
|
+
def update!(**args)
|
1763
|
+
@admin_cluster_memberships = args[:admin_cluster_memberships] if args.key?(:admin_cluster_memberships)
|
1764
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
1765
|
+
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
1766
|
+
end
|
1767
|
+
end
|
1768
|
+
|
1354
1769
|
# Response message for the `GkeHub.ListFeatures` method.
|
1355
1770
|
class ListFeaturesResponse
|
1356
1771
|
include Google::Apis::Core::Hashable
|
@@ -1402,6 +1817,39 @@ module Google
|
|
1402
1817
|
end
|
1403
1818
|
end
|
1404
1819
|
|
1820
|
+
# Response message for the `GkeHub.ListMemberships` method.
|
1821
|
+
class ListMembershipsResponse
|
1822
|
+
include Google::Apis::Core::Hashable
|
1823
|
+
|
1824
|
+
# A token to request the next page of resources from the `ListMemberships`
|
1825
|
+
# method. The value of an empty string means that there are no more resources to
|
1826
|
+
# return.
|
1827
|
+
# Corresponds to the JSON property `nextPageToken`
|
1828
|
+
# @return [String]
|
1829
|
+
attr_accessor :next_page_token
|
1830
|
+
|
1831
|
+
# The list of matching Memberships.
|
1832
|
+
# Corresponds to the JSON property `resources`
|
1833
|
+
# @return [Array<Google::Apis::GkehubV1alpha::Membership>]
|
1834
|
+
attr_accessor :resources
|
1835
|
+
|
1836
|
+
# List of locations that could not be reached while fetching this list.
|
1837
|
+
# Corresponds to the JSON property `unreachable`
|
1838
|
+
# @return [Array<String>]
|
1839
|
+
attr_accessor :unreachable
|
1840
|
+
|
1841
|
+
def initialize(**args)
|
1842
|
+
update!(**args)
|
1843
|
+
end
|
1844
|
+
|
1845
|
+
# Update properties of this object
|
1846
|
+
def update!(**args)
|
1847
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
1848
|
+
@resources = args[:resources] if args.key?(:resources)
|
1849
|
+
@unreachable = args[:unreachable] if args.key?(:unreachable)
|
1850
|
+
end
|
1851
|
+
end
|
1852
|
+
|
1405
1853
|
# The response message for Operations.ListOperations.
|
1406
1854
|
class ListOperationsResponse
|
1407
1855
|
include Google::Apis::Core::Hashable
|
@@ -1474,6 +1922,148 @@ module Google
|
|
1474
1922
|
end
|
1475
1923
|
end
|
1476
1924
|
|
1925
|
+
# Membership contains information about a member cluster.
|
1926
|
+
class Membership
|
1927
|
+
include Google::Apis::Core::Hashable
|
1928
|
+
|
1929
|
+
# Authority encodes how Google will recognize identities from this Membership.
|
1930
|
+
# See the workload identity documentation for more details: https://cloud.google.
|
1931
|
+
# com/kubernetes-engine/docs/how-to/workload-identity
|
1932
|
+
# Corresponds to the JSON property `authority`
|
1933
|
+
# @return [Google::Apis::GkehubV1alpha::Authority]
|
1934
|
+
attr_accessor :authority
|
1935
|
+
|
1936
|
+
# Output only. When the Membership was created.
|
1937
|
+
# Corresponds to the JSON property `createTime`
|
1938
|
+
# @return [String]
|
1939
|
+
attr_accessor :create_time
|
1940
|
+
|
1941
|
+
# Output only. When the Membership was deleted.
|
1942
|
+
# Corresponds to the JSON property `deleteTime`
|
1943
|
+
# @return [String]
|
1944
|
+
attr_accessor :delete_time
|
1945
|
+
|
1946
|
+
# Output only. Description of this membership, limited to 63 characters. Must
|
1947
|
+
# match the regex: `a-zA-Z0-9*` This field is present for legacy purposes.
|
1948
|
+
# Corresponds to the JSON property `description`
|
1949
|
+
# @return [String]
|
1950
|
+
attr_accessor :description
|
1951
|
+
|
1952
|
+
# MembershipEndpoint contains information needed to contact a Kubernetes API,
|
1953
|
+
# endpoint and any additional Kubernetes metadata.
|
1954
|
+
# Corresponds to the JSON property `endpoint`
|
1955
|
+
# @return [Google::Apis::GkehubV1alpha::MembershipEndpoint]
|
1956
|
+
attr_accessor :endpoint
|
1957
|
+
|
1958
|
+
# Optional. An externally-generated and managed ID for this Membership. This ID
|
1959
|
+
# may be modified after creation, but this is not recommended. The ID must match
|
1960
|
+
# the regex: `a-zA-Z0-9*` If this Membership represents a Kubernetes cluster,
|
1961
|
+
# this value should be set to the UID of the `kube-system` namespace object.
|
1962
|
+
# Corresponds to the JSON property `externalId`
|
1963
|
+
# @return [String]
|
1964
|
+
attr_accessor :external_id
|
1965
|
+
|
1966
|
+
# Optional. GCP labels for this membership.
|
1967
|
+
# Corresponds to the JSON property `labels`
|
1968
|
+
# @return [Hash<String,String>]
|
1969
|
+
attr_accessor :labels
|
1970
|
+
|
1971
|
+
# Output only. For clusters using Connect, the timestamp of the most recent
|
1972
|
+
# connection established with Google Cloud. This time is updated every several
|
1973
|
+
# minutes, not continuously. For clusters that do not use GKE Connect, or that
|
1974
|
+
# have never connected successfully, this field will be unset.
|
1975
|
+
# Corresponds to the JSON property `lastConnectionTime`
|
1976
|
+
# @return [String]
|
1977
|
+
attr_accessor :last_connection_time
|
1978
|
+
|
1979
|
+
# Output only. The full, unique name of this Membership resource in the format `
|
1980
|
+
# projects/*/locations/*/memberships/`membership_id``, set during creation. `
|
1981
|
+
# membership_id` must be a valid RFC 1123 compliant DNS label: 1. At most 63
|
1982
|
+
# characters in length 2. It must consist of lower case alphanumeric characters
|
1983
|
+
# or `-` 3. It must start and end with an alphanumeric character Which can be
|
1984
|
+
# expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`, with a maximum length
|
1985
|
+
# of 63 characters.
|
1986
|
+
# Corresponds to the JSON property `name`
|
1987
|
+
# @return [String]
|
1988
|
+
attr_accessor :name
|
1989
|
+
|
1990
|
+
# MembershipState describes the state of a Membership resource.
|
1991
|
+
# Corresponds to the JSON property `state`
|
1992
|
+
# @return [Google::Apis::GkehubV1alpha::MembershipState]
|
1993
|
+
attr_accessor :state
|
1994
|
+
|
1995
|
+
# Output only. Google-generated UUID for this resource. This is unique across
|
1996
|
+
# all Membership resources. If a Membership resource is deleted and another
|
1997
|
+
# resource with the same name is created, it gets a different unique_id.
|
1998
|
+
# Corresponds to the JSON property `uniqueId`
|
1999
|
+
# @return [String]
|
2000
|
+
attr_accessor :unique_id
|
2001
|
+
|
2002
|
+
# Output only. When the Membership was last updated.
|
2003
|
+
# Corresponds to the JSON property `updateTime`
|
2004
|
+
# @return [String]
|
2005
|
+
attr_accessor :update_time
|
2006
|
+
|
2007
|
+
def initialize(**args)
|
2008
|
+
update!(**args)
|
2009
|
+
end
|
2010
|
+
|
2011
|
+
# Update properties of this object
|
2012
|
+
def update!(**args)
|
2013
|
+
@authority = args[:authority] if args.key?(:authority)
|
2014
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
2015
|
+
@delete_time = args[:delete_time] if args.key?(:delete_time)
|
2016
|
+
@description = args[:description] if args.key?(:description)
|
2017
|
+
@endpoint = args[:endpoint] if args.key?(:endpoint)
|
2018
|
+
@external_id = args[:external_id] if args.key?(:external_id)
|
2019
|
+
@labels = args[:labels] if args.key?(:labels)
|
2020
|
+
@last_connection_time = args[:last_connection_time] if args.key?(:last_connection_time)
|
2021
|
+
@name = args[:name] if args.key?(:name)
|
2022
|
+
@state = args[:state] if args.key?(:state)
|
2023
|
+
@unique_id = args[:unique_id] if args.key?(:unique_id)
|
2024
|
+
@update_time = args[:update_time] if args.key?(:update_time)
|
2025
|
+
end
|
2026
|
+
end
|
2027
|
+
|
2028
|
+
# MembershipEndpoint contains information needed to contact a Kubernetes API,
|
2029
|
+
# endpoint and any additional Kubernetes metadata.
|
2030
|
+
class MembershipEndpoint
|
2031
|
+
include Google::Apis::Core::Hashable
|
2032
|
+
|
2033
|
+
# GkeCluster contains information specific to GKE clusters.
|
2034
|
+
# Corresponds to the JSON property `gkeCluster`
|
2035
|
+
# @return [Google::Apis::GkehubV1alpha::GkeCluster]
|
2036
|
+
attr_accessor :gke_cluster
|
2037
|
+
|
2038
|
+
# KubernetesMetadata provides informational metadata for Memberships
|
2039
|
+
# representing Kubernetes clusters.
|
2040
|
+
# Corresponds to the JSON property `kubernetesMetadata`
|
2041
|
+
# @return [Google::Apis::GkehubV1alpha::KubernetesMetadata]
|
2042
|
+
attr_accessor :kubernetes_metadata
|
2043
|
+
|
2044
|
+
# MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
|
2045
|
+
# Corresponds to the JSON property `multiCloudCluster`
|
2046
|
+
# @return [Google::Apis::GkehubV1alpha::MultiCloudCluster]
|
2047
|
+
attr_accessor :multi_cloud_cluster
|
2048
|
+
|
2049
|
+
# OnPremCluster contains information specific to GKE On-Prem clusters.
|
2050
|
+
# Corresponds to the JSON property `onPremCluster`
|
2051
|
+
# @return [Google::Apis::GkehubV1alpha::OnPremCluster]
|
2052
|
+
attr_accessor :on_prem_cluster
|
2053
|
+
|
2054
|
+
def initialize(**args)
|
2055
|
+
update!(**args)
|
2056
|
+
end
|
2057
|
+
|
2058
|
+
# Update properties of this object
|
2059
|
+
def update!(**args)
|
2060
|
+
@gke_cluster = args[:gke_cluster] if args.key?(:gke_cluster)
|
2061
|
+
@kubernetes_metadata = args[:kubernetes_metadata] if args.key?(:kubernetes_metadata)
|
2062
|
+
@multi_cloud_cluster = args[:multi_cloud_cluster] if args.key?(:multi_cloud_cluster)
|
2063
|
+
@on_prem_cluster = args[:on_prem_cluster] if args.key?(:on_prem_cluster)
|
2064
|
+
end
|
2065
|
+
end
|
2066
|
+
|
1477
2067
|
# MembershipFeatureSpec contains configuration information for a single
|
1478
2068
|
# Membership.
|
1479
2069
|
class MembershipFeatureSpec
|
@@ -1485,6 +2075,16 @@ module Google
|
|
1485
2075
|
# @return [Google::Apis::GkehubV1alpha::ConfigManagementMembershipSpec]
|
1486
2076
|
attr_accessor :configmanagement
|
1487
2077
|
|
2078
|
+
# **Anthos Identity Service**: Configuration for a single Membership.
|
2079
|
+
# Corresponds to the JSON property `identityservice`
|
2080
|
+
# @return [Google::Apis::GkehubV1alpha::IdentityServiceMembershipSpec]
|
2081
|
+
attr_accessor :identityservice
|
2082
|
+
|
2083
|
+
# **Service Mesh**: Spec for a single Membership for the servicemesh feature
|
2084
|
+
# Corresponds to the JSON property `mesh`
|
2085
|
+
# @return [Google::Apis::GkehubV1alpha::ServiceMeshMembershipSpec]
|
2086
|
+
attr_accessor :mesh
|
2087
|
+
|
1488
2088
|
def initialize(**args)
|
1489
2089
|
update!(**args)
|
1490
2090
|
end
|
@@ -1492,6 +2092,8 @@ module Google
|
|
1492
2092
|
# Update properties of this object
|
1493
2093
|
def update!(**args)
|
1494
2094
|
@configmanagement = args[:configmanagement] if args.key?(:configmanagement)
|
2095
|
+
@identityservice = args[:identityservice] if args.key?(:identityservice)
|
2096
|
+
@mesh = args[:mesh] if args.key?(:mesh)
|
1495
2097
|
end
|
1496
2098
|
end
|
1497
2099
|
|
@@ -1505,6 +2107,11 @@ module Google
|
|
1505
2107
|
# @return [Google::Apis::GkehubV1alpha::ConfigManagementMembershipState]
|
1506
2108
|
attr_accessor :configmanagement
|
1507
2109
|
|
2110
|
+
# **Anthos Identity Service**: State for a single Membership.
|
2111
|
+
# Corresponds to the JSON property `identityservice`
|
2112
|
+
# @return [Google::Apis::GkehubV1alpha::IdentityServiceMembershipState]
|
2113
|
+
attr_accessor :identityservice
|
2114
|
+
|
1508
2115
|
# **Metering**: Per-Membership Feature State.
|
1509
2116
|
# Corresponds to the JSON property `metering`
|
1510
2117
|
# @return [Google::Apis::GkehubV1alpha::MeteringMembershipState]
|
@@ -1530,12 +2137,32 @@ module Google
|
|
1530
2137
|
# Update properties of this object
|
1531
2138
|
def update!(**args)
|
1532
2139
|
@configmanagement = args[:configmanagement] if args.key?(:configmanagement)
|
2140
|
+
@identityservice = args[:identityservice] if args.key?(:identityservice)
|
1533
2141
|
@metering = args[:metering] if args.key?(:metering)
|
1534
2142
|
@servicemesh = args[:servicemesh] if args.key?(:servicemesh)
|
1535
2143
|
@state = args[:state] if args.key?(:state)
|
1536
2144
|
end
|
1537
2145
|
end
|
1538
2146
|
|
2147
|
+
# MembershipState describes the state of a Membership resource.
|
2148
|
+
class MembershipState
|
2149
|
+
include Google::Apis::Core::Hashable
|
2150
|
+
|
2151
|
+
# Output only. The current state of the Membership resource.
|
2152
|
+
# Corresponds to the JSON property `code`
|
2153
|
+
# @return [String]
|
2154
|
+
attr_accessor :code
|
2155
|
+
|
2156
|
+
def initialize(**args)
|
2157
|
+
update!(**args)
|
2158
|
+
end
|
2159
|
+
|
2160
|
+
# Update properties of this object
|
2161
|
+
def update!(**args)
|
2162
|
+
@code = args[:code] if args.key?(:code)
|
2163
|
+
end
|
2164
|
+
end
|
2165
|
+
|
1539
2166
|
# **Metering**: Per-Membership Feature State.
|
1540
2167
|
class MeteringMembershipState
|
1541
2168
|
include Google::Apis::Core::Hashable
|
@@ -1563,6 +2190,36 @@ module Google
|
|
1563
2190
|
end
|
1564
2191
|
end
|
1565
2192
|
|
2193
|
+
# MultiCloudCluster contains information specific to GKE Multi-Cloud clusters.
|
2194
|
+
class MultiCloudCluster
|
2195
|
+
include Google::Apis::Core::Hashable
|
2196
|
+
|
2197
|
+
# Output only. If cluster_missing is set then it denotes that API(gkemulticloud.
|
2198
|
+
# googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
|
2199
|
+
# Corresponds to the JSON property `clusterMissing`
|
2200
|
+
# @return [Boolean]
|
2201
|
+
attr_accessor :cluster_missing
|
2202
|
+
alias_method :cluster_missing?, :cluster_missing
|
2203
|
+
|
2204
|
+
# Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For
|
2205
|
+
# example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-
|
2206
|
+
# a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/
|
2207
|
+
# locations/us-west1-a/azureClusters/my-cluster
|
2208
|
+
# Corresponds to the JSON property `resourceLink`
|
2209
|
+
# @return [String]
|
2210
|
+
attr_accessor :resource_link
|
2211
|
+
|
2212
|
+
def initialize(**args)
|
2213
|
+
update!(**args)
|
2214
|
+
end
|
2215
|
+
|
2216
|
+
# Update properties of this object
|
2217
|
+
def update!(**args)
|
2218
|
+
@cluster_missing = args[:cluster_missing] if args.key?(:cluster_missing)
|
2219
|
+
@resource_link = args[:resource_link] if args.key?(:resource_link)
|
2220
|
+
end
|
2221
|
+
end
|
2222
|
+
|
1566
2223
|
# **Multi-cluster Ingress**: The configuration for the MultiClusterIngress
|
1567
2224
|
# feature.
|
1568
2225
|
class MultiClusterIngressFeatureSpec
|
@@ -1591,6 +2248,43 @@ module Google
|
|
1591
2248
|
end
|
1592
2249
|
end
|
1593
2250
|
|
2251
|
+
# OnPremCluster contains information specific to GKE On-Prem clusters.
|
2252
|
+
class OnPremCluster
|
2253
|
+
include Google::Apis::Core::Hashable
|
2254
|
+
|
2255
|
+
# Immutable. Whether the cluster is an admin cluster.
|
2256
|
+
# Corresponds to the JSON property `adminCluster`
|
2257
|
+
# @return [Boolean]
|
2258
|
+
attr_accessor :admin_cluster
|
2259
|
+
alias_method :admin_cluster?, :admin_cluster
|
2260
|
+
|
2261
|
+
# Output only. If cluster_missing is set then it denotes that API(gkeonprem.
|
2262
|
+
# googleapis.com) resource for this GKE On-Prem cluster no longer exists.
|
2263
|
+
# Corresponds to the JSON property `clusterMissing`
|
2264
|
+
# @return [Boolean]
|
2265
|
+
attr_accessor :cluster_missing
|
2266
|
+
alias_method :cluster_missing?, :cluster_missing
|
2267
|
+
|
2268
|
+
# Immutable. Self-link of the GCP resource for the GKE On-Prem cluster. For
|
2269
|
+
# example: //gkeonprem.googleapis.com/projects/my-project/locations/us-west1-a/
|
2270
|
+
# vmwareClusters/my-cluster //gkeonprem.googleapis.com/projects/my-project/
|
2271
|
+
# locations/us-west1-a/bareMetalClusters/my-cluster
|
2272
|
+
# Corresponds to the JSON property `resourceLink`
|
2273
|
+
# @return [String]
|
2274
|
+
attr_accessor :resource_link
|
2275
|
+
|
2276
|
+
def initialize(**args)
|
2277
|
+
update!(**args)
|
2278
|
+
end
|
2279
|
+
|
2280
|
+
# Update properties of this object
|
2281
|
+
def update!(**args)
|
2282
|
+
@admin_cluster = args[:admin_cluster] if args.key?(:admin_cluster)
|
2283
|
+
@cluster_missing = args[:cluster_missing] if args.key?(:cluster_missing)
|
2284
|
+
@resource_link = args[:resource_link] if args.key?(:resource_link)
|
2285
|
+
end
|
2286
|
+
end
|
2287
|
+
|
1594
2288
|
# This resource represents a long-running operation that is the result of a
|
1595
2289
|
# network API call.
|
1596
2290
|
class Operation
|
@@ -1714,31 +2408,31 @@ module Google
|
|
1714
2408
|
|
1715
2409
|
# An Identity and Access Management (IAM) policy, which specifies access
|
1716
2410
|
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1717
|
-
# A `binding` binds one or more `members
|
1718
|
-
# user accounts, service accounts, Google groups, and domains (
|
1719
|
-
# A `role` is a named list of permissions; each `role` can be
|
1720
|
-
# role or a user-created custom role. For some types of Google
|
1721
|
-
# a `binding` can also specify a `condition`, which is a
|
1722
|
-
# allows access to a resource only if the expression
|
1723
|
-
# condition can add constraints based on attributes of
|
1724
|
-
# or both. To learn which resources support
|
1725
|
-
# see the [IAM documentation](https://cloud.
|
1726
|
-
# resource-policies). **JSON example:** ` "
|
1727
|
-
# resourcemanager.organizationAdmin", "members": [
|
1728
|
-
# group:admins@example.com", "domain:google.com", "
|
1729
|
-
# appspot.gserviceaccount.com" ] `, ` "role": "
|
1730
|
-
# organizationViewer", "members": [ "user:eve@example.com"
|
1731
|
-
# title": "expirable access", "description": "Does not grant
|
1732
|
-
# 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1733
|
-
# ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1734
|
-
# members: - user:mike@example.com - group:admins@example.com -
|
1735
|
-
# com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1736
|
-
# resourcemanager.organizationAdmin - members: - user:eve@example.
|
1737
|
-
# roles/resourcemanager.organizationViewer condition: title: expirable
|
1738
|
-
# description: Does not grant access after Sep 2020 expression: request.
|
1739
|
-
# timestamp('2020-10-01T00:00:00.000Z')
|
1740
|
-
# description of IAM and its features, see the [IAM documentation](https://
|
1741
|
-
# google.com/iam/docs/).
|
2411
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
2412
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
2413
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
2414
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
2415
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
2416
|
+
# logical expression that allows access to a resource only if the expression
|
2417
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
2418
|
+
# the request, the resource, or both. To learn which resources support
|
2419
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
2420
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
2421
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
2422
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
2423
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
2424
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
2425
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
2426
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
2427
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
2428
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
2429
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
2430
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
2431
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
2432
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
2433
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
2434
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
2435
|
+
# cloud.google.com/iam/docs/).
|
1742
2436
|
class Policy
|
1743
2437
|
include Google::Apis::Core::Hashable
|
1744
2438
|
|
@@ -1747,9 +2441,14 @@ module Google
|
|
1747
2441
|
# @return [Array<Google::Apis::GkehubV1alpha::AuditConfig>]
|
1748
2442
|
attr_accessor :audit_configs
|
1749
2443
|
|
1750
|
-
# Associates a list of `members
|
1751
|
-
# condition` that determines how and when the `bindings` are applied.
|
1752
|
-
# the `bindings` must contain at least one
|
2444
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
2445
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
2446
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
2447
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
2448
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
2449
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
2450
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
2451
|
+
# principals to the `bindings` in the `Policy`.
|
1753
2452
|
# Corresponds to the JSON property `bindings`
|
1754
2453
|
# @return [Array<Google::Apis::GkehubV1alpha::Binding>]
|
1755
2454
|
attr_accessor :bindings
|
@@ -1904,6 +2603,19 @@ module Google
|
|
1904
2603
|
end
|
1905
2604
|
end
|
1906
2605
|
|
2606
|
+
# **Service Mesh**: Spec for a single Membership for the servicemesh feature
|
2607
|
+
class ServiceMeshMembershipSpec
|
2608
|
+
include Google::Apis::Core::Hashable
|
2609
|
+
|
2610
|
+
def initialize(**args)
|
2611
|
+
update!(**args)
|
2612
|
+
end
|
2613
|
+
|
2614
|
+
# Update properties of this object
|
2615
|
+
def update!(**args)
|
2616
|
+
end
|
2617
|
+
end
|
2618
|
+
|
1907
2619
|
# **Service Mesh**: State for a single Membership, as analyzed by the Service
|
1908
2620
|
# Mesh Hub Controller.
|
1909
2621
|
class ServiceMeshMembershipState
|
@@ -1963,31 +2675,31 @@ module Google
|
|
1963
2675
|
|
1964
2676
|
# An Identity and Access Management (IAM) policy, which specifies access
|
1965
2677
|
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1966
|
-
# A `binding` binds one or more `members
|
1967
|
-
# user accounts, service accounts, Google groups, and domains (
|
1968
|
-
# A `role` is a named list of permissions; each `role` can be
|
1969
|
-
# role or a user-created custom role. For some types of Google
|
1970
|
-
# a `binding` can also specify a `condition`, which is a
|
1971
|
-
# allows access to a resource only if the expression
|
1972
|
-
# condition can add constraints based on attributes of
|
1973
|
-
# or both. To learn which resources support
|
1974
|
-
# see the [IAM documentation](https://cloud.
|
1975
|
-
# resource-policies). **JSON example:** ` "
|
1976
|
-
# resourcemanager.organizationAdmin", "members": [
|
1977
|
-
# group:admins@example.com", "domain:google.com", "
|
1978
|
-
# appspot.gserviceaccount.com" ] `, ` "role": "
|
1979
|
-
# organizationViewer", "members": [ "user:eve@example.com"
|
1980
|
-
# title": "expirable access", "description": "Does not grant
|
1981
|
-
# 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1982
|
-
# ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1983
|
-
# members: - user:mike@example.com - group:admins@example.com -
|
1984
|
-
# com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1985
|
-
# resourcemanager.organizationAdmin - members: - user:eve@example.
|
1986
|
-
# roles/resourcemanager.organizationViewer condition: title: expirable
|
1987
|
-
# description: Does not grant access after Sep 2020 expression: request.
|
1988
|
-
# timestamp('2020-10-01T00:00:00.000Z')
|
1989
|
-
# description of IAM and its features, see the [IAM documentation](https://
|
1990
|
-
# google.com/iam/docs/).
|
2678
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
2679
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
2680
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
2681
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
2682
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
2683
|
+
# logical expression that allows access to a resource only if the expression
|
2684
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
2685
|
+
# the request, the resource, or both. To learn which resources support
|
2686
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
2687
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
2688
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
2689
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
2690
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
2691
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
2692
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
2693
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
2694
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
2695
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
2696
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
2697
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
2698
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
2699
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
2700
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
2701
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
2702
|
+
# cloud.google.com/iam/docs/).
|
1991
2703
|
# Corresponds to the JSON property `policy`
|
1992
2704
|
# @return [Google::Apis::GkehubV1alpha::Policy]
|
1993
2705
|
attr_accessor :policy
|
@@ -2049,6 +2761,32 @@ module Google
|
|
2049
2761
|
@permissions = args[:permissions] if args.key?(:permissions)
|
2050
2762
|
end
|
2051
2763
|
end
|
2764
|
+
|
2765
|
+
# TypeMeta is the type information needed for content unmarshalling of
|
2766
|
+
# Kubernetes resources in the manifest.
|
2767
|
+
class TypeMeta
|
2768
|
+
include Google::Apis::Core::Hashable
|
2769
|
+
|
2770
|
+
# APIVersion of the resource (e.g. v1).
|
2771
|
+
# Corresponds to the JSON property `apiVersion`
|
2772
|
+
# @return [String]
|
2773
|
+
attr_accessor :api_version
|
2774
|
+
|
2775
|
+
# Kind of the resource (e.g. Deployment).
|
2776
|
+
# Corresponds to the JSON property `kind`
|
2777
|
+
# @return [String]
|
2778
|
+
attr_accessor :kind
|
2779
|
+
|
2780
|
+
def initialize(**args)
|
2781
|
+
update!(**args)
|
2782
|
+
end
|
2783
|
+
|
2784
|
+
# Update properties of this object
|
2785
|
+
def update!(**args)
|
2786
|
+
@api_version = args[:api_version] if args.key?(:api_version)
|
2787
|
+
@kind = args[:kind] if args.key?(:kind)
|
2788
|
+
end
|
2789
|
+
end
|
2052
2790
|
end
|
2053
2791
|
end
|
2054
2792
|
end
|