google-apis-gkehub_v1beta 0.38.0 → 0.40.0

data/lib/google/apis/gkehub_v1beta/classes.rb

@@ -217,22 +217,22 @@ module Google
         # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
         # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
         # email address that represents a Google group. For example, `admins@example.com`
-        # . * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
-        # identifier) representing a user that has been recently deleted. For example, `
-        # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
-        # value reverts to `user:`emailid`` and the recovered user retains the role in
-        # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
-        # address (plus unique identifier) representing a service account that has been
-        # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
+        # . * `domain:`domain``: The G Suite domain (primary) that represents all the
+        # users of that domain. For example, `google.com` or `example.com`. * `deleted:
+        # user:`emailid`?uid=`uniqueid``: An email address (plus unique identifier)
+        # representing a user that has been recently deleted. For example, `alice@
+        # example.com?uid=123456789012345678901`. If the user is recovered, this value
+        # reverts to `user:`emailid`` and the recovered user retains the role in the
+        # binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email address
+        # (plus unique identifier) representing a service account that has been recently
+        # deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
         # 123456789012345678901`. If the service account is undeleted, this value
         # reverts to `serviceAccount:`emailid`` and the undeleted service account
         # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
         # An email address (plus unique identifier) representing a Google group that has
         # been recently deleted. For example, `admins@example.com?uid=
         # 123456789012345678901`. If the group is recovered, this value reverts to `
-        # group:`emailid`` and the recovered group retains the role in the binding. * `
-        # domain:`domain``: The G Suite domain (primary) that represents all the users
-        # of that domain. For example, `google.com` or `example.com`.
+        # group:`emailid`` and the recovered group retains the role in the binding.
         # Corresponds to the JSON property `members`
         # @return [Array<String>]
         attr_accessor :members
@@ -1170,6 +1170,25 @@ module Google
         end
       end
       
+      # State for the migration of PolicyController from ACM -> PoCo Hub.
+      class ConfigManagementPolicyControllerMigration
+        include Google::Apis::Core::Hashable
+      
+        # Stage of the migration.
+        # Corresponds to the JSON property `stage`
+        # @return [String]
+        attr_accessor :stage
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @stage = args[:stage] if args.key?(:stage)
+        end
+      end
+      
       # PolicyControllerMonitoring specifies the backends Policy Controller should
       # export metrics to. For example, to specify metrics should be exported to Cloud
       # Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"]
@@ -1201,6 +1220,11 @@ module Google
         # @return [Google::Apis::GkehubV1beta::ConfigManagementGatekeeperDeploymentState]
         attr_accessor :deployment_state
       
+        # State for the migration of PolicyController from ACM -> PoCo Hub.
+        # Corresponds to the JSON property `migration`
+        # @return [Google::Apis::GkehubV1beta::ConfigManagementPolicyControllerMigration]
+        attr_accessor :migration
+      
         # The build version of Gatekeeper Policy Controller is using.
         # Corresponds to the JSON property `version`
         # @return [Google::Apis::GkehubV1beta::ConfigManagementPolicyControllerVersion]
@@ -1213,6 +1237,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @deployment_state = args[:deployment_state] if args.key?(:deployment_state)
+          @migration = args[:migration] if args.key?(:migration)
           @version = args[:version] if args.key?(:version)
         end
       end
@@ -1990,6 +2015,59 @@ module Google
         end
       end
       
+      # List of MembershipBindings.
+      class ListMembershipBindingsResponse
+        include Google::Apis::Core::Hashable
+      
+        # The list of membership_bindings
+        # Corresponds to the JSON property `membershipBindings`
+        # @return [Array<Google::Apis::GkehubV1beta::MembershipBinding>]
+        attr_accessor :membership_bindings
+      
+        # A token to request the next page of resources from the `ListMembershipBindings`
+        # method. The value of an empty string means that there are no more resources
+        # to return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @membership_bindings = args[:membership_bindings] if args.key?(:membership_bindings)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      
+      # List of fleet namespaces.
+      class ListNamespacesResponse
+        include Google::Apis::Core::Hashable
+      
+        # The list of fleet namespaces
+        # Corresponds to the JSON property `namespaces`
+        # @return [Array<Google::Apis::GkehubV1beta::Namespace>]
+        attr_accessor :namespaces
+      
+        # A token to request the next page of resources from the `ListNamespaces` method.
+        # The value of an empty string means that there are no more resources to return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @namespaces = args[:namespaces] if args.key?(:namespaces)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      
       # The response message for Operations.ListOperations.
       class ListOperationsResponse
         include Google::Apis::Core::Hashable
@@ -2015,6 +2093,59 @@ module Google
         end
       end
       
+      # List of RBACRoleBindings.
+      class ListRbacRoleBindingsResponse
+        include Google::Apis::Core::Hashable
+      
+        # A token to request the next page of resources from the `ListRBACRoleBindings`
+        # method. The value of an empty string means that there are no more resources to
+        # return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # The list of RBACRoleBindings
+        # Corresponds to the JSON property `rbacrolebindings`
+        # @return [Array<Google::Apis::GkehubV1beta::RbacRoleBinding>]
+        attr_accessor :rbacrolebindings
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @rbacrolebindings = args[:rbacrolebindings] if args.key?(:rbacrolebindings)
+        end
+      end
+      
+      # List of Scopes.
+      class ListScopesResponse
+        include Google::Apis::Core::Hashable
+      
+        # A token to request the next page of resources from the `ListScopes` method.
+        # The value of an empty string means that there are no more resources to return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # The list of Scopes
+        # Corresponds to the JSON property `scopes`
+        # @return [Array<Google::Apis::GkehubV1beta::Scope>]
+        attr_accessor :scopes
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @scopes = args[:scopes] if args.key?(:scopes)
+        end
+      end
+      
       # A resource that represents Google Cloud Platform location.
       class Location
         include Google::Apis::Core::Hashable
@@ -2062,6 +2193,92 @@ module Google
         end
       end
       
+      # MembershipBinding is a subresource of a Membership, representing what Fleet
+      # Scopes (or other, future Fleet resources) a Membership is bound to.
+      class MembershipBinding
+        include Google::Apis::Core::Hashable
+      
+        # Output only. When the membership binding was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # Output only. When the membership binding was deleted.
+        # Corresponds to the JSON property `deleteTime`
+        # @return [String]
+        attr_accessor :delete_time
+      
+        # Whether the membershipbinding is Fleet-wide; true means that this Membership
+        # should be bound to all Namespaces in this entire Fleet.
+        # Corresponds to the JSON property `fleet`
+        # @return [Boolean]
+        attr_accessor :fleet
+        alias_method :fleet?, :fleet
+      
+        # The resource name for the membershipbinding itself `projects/`project`/
+        # locations/`location`/memberships/`membership`/bindings/`membershipbinding``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # A Workspace resource name in the format `projects/*/locations/*/scopes/*`.
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+      
+        # MembershipBindingLifecycleState describes the state of a Binding resource.
+        # Corresponds to the JSON property `state`
+        # @return [Google::Apis::GkehubV1beta::MembershipBindingLifecycleState]
+        attr_accessor :state
+      
+        # Output only. Google-generated UUID for this resource. This is unique across
+        # all membershipbinding resources. If a membershipbinding resource is deleted
+        # and another resource with the same name is created, it gets a different uid.
+        # Corresponds to the JSON property `uid`
+        # @return [String]
+        attr_accessor :uid
+      
+        # Output only. When the membership binding was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @delete_time = args[:delete_time] if args.key?(:delete_time)
+          @fleet = args[:fleet] if args.key?(:fleet)
+          @name = args[:name] if args.key?(:name)
+          @scope = args[:scope] if args.key?(:scope)
+          @state = args[:state] if args.key?(:state)
+          @uid = args[:uid] if args.key?(:uid)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
+      # MembershipBindingLifecycleState describes the state of a Binding resource.
+      class MembershipBindingLifecycleState
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The current state of the MembershipBinding resource.
+        # Corresponds to the JSON property `code`
+        # @return [String]
+        attr_accessor :code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @code = args[:code] if args.key?(:code)
+        end
+      end
+      
       # MembershipFeatureSpec contains configuration information for a single
       # Membership.
       class MembershipFeatureSpec
@@ -2274,6 +2491,83 @@ module Google
         end
       end
       
+      # Namespace represents a namespace across the Fleet
+      class Namespace
+        include Google::Apis::Core::Hashable
+      
+        # Output only. When the namespace was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # Output only. When the namespace was deleted.
+        # Corresponds to the JSON property `deleteTime`
+        # @return [String]
+        attr_accessor :delete_time
+      
+        # The resource name for the namespace `projects/`project`/locations/`location`/
+        # namespaces/`namespace``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Required. Scope associated with the namespace
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+      
+        # NamespaceLifecycleState describes the state of a Namespace resource.
+        # Corresponds to the JSON property `state`
+        # @return [Google::Apis::GkehubV1beta::NamespaceLifecycleState]
+        attr_accessor :state
+      
+        # Output only. Google-generated UUID for this resource. This is unique across
+        # all namespace resources. If a namespace resource is deleted and another
+        # resource with the same name is created, it gets a different uid.
+        # Corresponds to the JSON property `uid`
+        # @return [String]
+        attr_accessor :uid
+      
+        # Output only. When the namespace was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @delete_time = args[:delete_time] if args.key?(:delete_time)
+          @name = args[:name] if args.key?(:name)
+          @scope = args[:scope] if args.key?(:scope)
+          @state = args[:state] if args.key?(:state)
+          @uid = args[:uid] if args.key?(:uid)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
+      # NamespaceLifecycleState describes the state of a Namespace resource.
+      class NamespaceLifecycleState
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The current state of the Namespace resource.
+        # Corresponds to the JSON property `code`
+        # @return [String]
+        attr_accessor :code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @code = args[:code] if args.key?(:code)
+        end
+      end
+      
       # This resource represents a long-running operation that is the result of a
       # network API call.
       class Operation
@@ -2526,6 +2820,17 @@ module Google
         # @return [Fixnum]
         attr_accessor :audit_interval_seconds
       
+        # The maximum number of audit violations to be stored in a constraint. If not
+        # set, the internal default (currently 20) will be used.
+        # Corresponds to the JSON property `constraintViolationLimit`
+        # @return [Fixnum]
+        attr_accessor :constraint_violation_limit
+      
+        # Map of deployment configs to deployments (“admission”, “audit”, “mutation”).
+        # Corresponds to the JSON property `deploymentConfigs`
+        # @return [Hash<String,Google::Apis::GkehubV1beta::PolicyControllerPolicyControllerDeploymentConfig>]
+        attr_accessor :deployment_configs
+      
         # The set of namespaces that are excluded from Policy Controller checks.
         # Namespaces do not need to currently exist on the cluster.
         # Corresponds to the JSON property `exemptableNamespaces`
@@ -2584,6 +2889,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @audit_interval_seconds = args[:audit_interval_seconds] if args.key?(:audit_interval_seconds)
+          @constraint_violation_limit = args[:constraint_violation_limit] if args.key?(:constraint_violation_limit)
+          @deployment_configs = args[:deployment_configs] if args.key?(:deployment_configs)
           @exemptable_namespaces = args[:exemptable_namespaces] if args.key?(:exemptable_namespaces)
           @install_spec = args[:install_spec] if args.key?(:install_spec)
           @log_denies_enabled = args[:log_denies_enabled] if args.key?(:log_denies_enabled)
@@ -2724,6 +3031,94 @@ module Google
         end
       end
       
+      # Deployment-specific configuration.
+      class PolicyControllerPolicyControllerDeploymentConfig
+        include Google::Apis::Core::Hashable
+      
+        # ResourceRequirements describes the compute resource requirements.
+        # Corresponds to the JSON property `containerResources`
+        # @return [Google::Apis::GkehubV1beta::PolicyControllerResourceRequirements]
+        attr_accessor :container_resources
+      
+        # Pod anti-affinity enablement.
+        # Corresponds to the JSON property `podAntiAffinity`
+        # @return [Boolean]
+        attr_accessor :pod_anti_affinity
+        alias_method :pod_anti_affinity?, :pod_anti_affinity
+      
+        # Pod tolerations of node taints.
+        # Corresponds to the JSON property `podTolerations`
+        # @return [Array<Google::Apis::GkehubV1beta::PolicyControllerToleration>]
+        attr_accessor :pod_tolerations
+      
+        # Pod replica count.
+        # Corresponds to the JSON property `replicaCount`
+        # @return [Fixnum]
+        attr_accessor :replica_count
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @container_resources = args[:container_resources] if args.key?(:container_resources)
+          @pod_anti_affinity = args[:pod_anti_affinity] if args.key?(:pod_anti_affinity)
+          @pod_tolerations = args[:pod_tolerations] if args.key?(:pod_tolerations)
+          @replica_count = args[:replica_count] if args.key?(:replica_count)
+        end
+      end
+      
+      # ResourceList contains container resource requirements.
+      class PolicyControllerResourceList
+        include Google::Apis::Core::Hashable
+      
+        # CPU requirement expressed in Kubernetes resource units.
+        # Corresponds to the JSON property `cpu`
+        # @return [String]
+        attr_accessor :cpu
+      
+        # Memory requirement expressed in Kubernetes resource units.
+        # Corresponds to the JSON property `memory`
+        # @return [String]
+        attr_accessor :memory
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @cpu = args[:cpu] if args.key?(:cpu)
+          @memory = args[:memory] if args.key?(:memory)
+        end
+      end
+      
+      # ResourceRequirements describes the compute resource requirements.
+      class PolicyControllerResourceRequirements
+        include Google::Apis::Core::Hashable
+      
+        # ResourceList contains container resource requirements.
+        # Corresponds to the JSON property `limits`
+        # @return [Google::Apis::GkehubV1beta::PolicyControllerResourceList]
+        attr_accessor :limits
+      
+        # ResourceList contains container resource requirements.
+        # Corresponds to the JSON property `requests`
+        # @return [Google::Apis::GkehubV1beta::PolicyControllerResourceList]
+        attr_accessor :requests
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @limits = args[:limits] if args.key?(:limits)
+          @requests = args[:requests] if args.key?(:requests)
+        end
+      end
+      
       # The config specifying which default library templates to install.
       class PolicyControllerTemplateLibraryConfig
         include Google::Apis::Core::Hashable
@@ -2744,6 +3139,206 @@ module Google
         end
       end
       
+      # Toleration of a node taint.
+      class PolicyControllerToleration
+        include Google::Apis::Core::Hashable
+      
+        # Matches a taint effect.
+        # Corresponds to the JSON property `effect`
+        # @return [String]
+        attr_accessor :effect
+      
+        # Matches a taint key (not necessarily unique).
+        # Corresponds to the JSON property `key`
+        # @return [String]
+        attr_accessor :key
+      
+        # Matches a taint operator.
+        # Corresponds to the JSON property `operator`
+        # @return [String]
+        attr_accessor :operator
+      
+        # Matches a taint value.
+        # Corresponds to the JSON property `value`
+        # @return [String]
+        attr_accessor :value
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @effect = args[:effect] if args.key?(:effect)
+          @key = args[:key] if args.key?(:key)
+          @operator = args[:operator] if args.key?(:operator)
+          @value = args[:value] if args.key?(:value)
+        end
+      end
+      
+      # RBACRoleBinding represents a rbacrolebinding across the Fleet
+      class RbacRoleBinding
+        include Google::Apis::Core::Hashable
+      
+        # Output only. When the rbacrolebinding was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # Output only. When the rbacrolebinding was deleted.
+        # Corresponds to the JSON property `deleteTime`
+        # @return [String]
+        attr_accessor :delete_time
+      
+        # group is the group, as seen by the kubernetes cluster.
+        # Corresponds to the JSON property `group`
+        # @return [String]
+        attr_accessor :group
+      
+        # The resource name for the rbacrolebinding `projects/`project`/locations/`
+        # location`/namespaces/`namespace`/rbacrolebindings/`rbacrolebinding``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # Role is the type for Kubernetes roles
+        # Corresponds to the JSON property `role`
+        # @return [Google::Apis::GkehubV1beta::Role]
+        attr_accessor :role
+      
+        # RBACRoleBindingLifecycleState describes the state of a RbacRoleBinding
+        # resource.
+        # Corresponds to the JSON property `state`
+        # @return [Google::Apis::GkehubV1beta::RbacRoleBindingLifecycleState]
+        attr_accessor :state
+      
+        # Output only. Google-generated UUID for this resource. This is unique across
+        # all rbacrolebinding resources. If a rbacrolebinding resource is deleted and
+        # another resource with the same name is created, it gets a different uid.
+        # Corresponds to the JSON property `uid`
+        # @return [String]
+        attr_accessor :uid
+      
+        # Output only. When the rbacrolebinding was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        # user is the name of the user as seen by the kubernetes cluster, example "alice"
+        # or "alice@domain.tld"
+        # Corresponds to the JSON property `user`
+        # @return [String]
+        attr_accessor :user
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @delete_time = args[:delete_time] if args.key?(:delete_time)
+          @group = args[:group] if args.key?(:group)
+          @name = args[:name] if args.key?(:name)
+          @role = args[:role] if args.key?(:role)
+          @state = args[:state] if args.key?(:state)
+          @uid = args[:uid] if args.key?(:uid)
+          @update_time = args[:update_time] if args.key?(:update_time)
+          @user = args[:user] if args.key?(:user)
+        end
+      end
+      
+      # RBACRoleBindingLifecycleState describes the state of a RbacRoleBinding
+      # resource.
+      class RbacRoleBindingLifecycleState
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The current state of the rbacrolebinding resource.
+        # Corresponds to the JSON property `code`
+        # @return [String]
+        attr_accessor :code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @code = args[:code] if args.key?(:code)
+        end
+      end
+      
+      # Role is the type for Kubernetes roles
+      class Role
+        include Google::Apis::Core::Hashable
+      
+        # predefined_role is the Kubernetes default role to use
+        # Corresponds to the JSON property `predefinedRole`
+        # @return [String]
+        attr_accessor :predefined_role
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @predefined_role = args[:predefined_role] if args.key?(:predefined_role)
+        end
+      end
+      
+      # Scope represents a Scope in a Fleet.
+      class Scope
+        include Google::Apis::Core::Hashable
+      
+        # Output only. When the scope was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # Output only. When the scope was deleted.
+        # Corresponds to the JSON property `deleteTime`
+        # @return [String]
+        attr_accessor :delete_time
+      
+        # The resource name for the scope `projects/`project`/locations/`location`/
+        # scopes/`scope``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # ScopeLifecycleState describes the state of a Scope resource.
+        # Corresponds to the JSON property `state`
+        # @return [Google::Apis::GkehubV1beta::ScopeLifecycleState]
+        attr_accessor :state
+      
+        # Output only. Google-generated UUID for this resource. This is unique across
+        # all scope resources. If a scope resource is deleted and another resource with
+        # the same name is created, it gets a different uid.
+        # Corresponds to the JSON property `uid`
+        # @return [String]
+        attr_accessor :uid
+      
+        # Output only. When the scope was last updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @delete_time = args[:delete_time] if args.key?(:delete_time)
+          @name = args[:name] if args.key?(:name)
+          @state = args[:state] if args.key?(:state)
+          @uid = args[:uid] if args.key?(:uid)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
       # ScopeFeatureSpec contains feature specs for a fleet scope.
       class ScopeFeatureSpec
         include Google::Apis::Core::Hashable
@@ -2778,6 +3373,25 @@ module Google
         end
       end
       
+      # ScopeLifecycleState describes the state of a Scope resource.
+      class ScopeLifecycleState
+        include Google::Apis::Core::Hashable
+      
+        # Output only. The current state of the scope resource.
+        # Corresponds to the JSON property `code`
+        # @return [String]
+        attr_accessor :code
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @code = args[:code] if args.key?(:code)
+        end
+      end
+      
       # Status of control plane management.
       class ServiceMeshControlPlaneManagement
         include Google::Apis::Core::Hashable