@databricks/sdk-networking 0.1.0-dev.2 → 0.1.0-dev.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/src/v1/model.ts DELETED
@@ -1,4519 +0,0 @@
1
- // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
-
3
- import {Temporal} from '@js-temporal/polyfill';
4
- import {FieldMask} from '@databricks/sdk-core/wkt';
5
- import type {FieldMaskSchema} from '@databricks/sdk-core/wkt';
6
- import {z} from 'zod';
7
-
8
- export enum CustomerFacingVpcEndpointUseCase {
9
- WORKSPACE_ACCESS = 'WORKSPACE_ACCESS',
10
- DATAPLANE_RELAY_ACCESS = 'DATAPLANE_RELAY_ACCESS',
11
- /** General access, replaces WORKSPACE_ACCESS in customer-facing API. */
12
- GENERAL_ACCESS = 'GENERAL_ACCESS',
13
- }
14
-
15
- /**
16
- * The target resources that are supported by Network Connectivity Config.
17
- * Note: some egress types can support general types that are not defined in EgressResourceType.
18
- * E.g.: Azure private endpoint supports private link enabled Azure services.
19
- */
20
- export enum EgressResourceType {
21
- EGRESS_RESOURCE_TYPE_UNSPECIFIED = 'EGRESS_RESOURCE_TYPE_UNSPECIFIED',
22
- AZURE_BLOB_STORAGE = 'AZURE_BLOB_STORAGE',
23
- }
24
-
25
- export enum EndpointState {
26
- /** The endpoint is pending approval. */
27
- PENDING = 'PENDING',
28
- /** The endpoint has been approved and is ready for use. */
29
- APPROVED = 'APPROVED',
30
- /** The endpoint encountered some issues during setup. */
31
- FAILED = 'FAILED',
32
- /** The endpoint was once established but later disconnected. This endpoint doesn't provide connectivity. */
33
- DISCONNECTED = 'DISCONNECTED',
34
- }
35
-
36
- /**
37
- * Type of IP access list. Valid values are as follows and are case-sensitive:
38
- *
39
- * * `ALLOW`: An allow list. Include this IP or range.
40
- * * `BLOCK`: A block list. Exclude this IP or range. IP addresses in the block list are excluded even if they are included in an allow list.
41
- */
42
- export enum IpAccessListType {
43
- ALLOW = 'ALLOW',
44
- /** Blocks the associated CIDRs. */
45
- BLOCK = 'BLOCK',
46
- }
47
-
48
- export enum PrivateAccessLevel {
49
- /** Only specifically listed endpoints can access my workspace */
50
- ENDPOINT = 'ENDPOINT',
51
- /** Only endpoints in the same account can access my workspace */
52
- ACCOUNT = 'ACCOUNT',
53
- }
54
-
55
- export enum VpcStatus {
56
- VALID = 'VALID',
57
- BROKEN = 'BROKEN',
58
- UNATTACHED = 'UNATTACHED',
59
- /** Some optional tests are failing for this Vpc, see NetworkWarning for more information */
60
- WARNED = 'WARNED',
61
- }
62
-
63
- /**
64
- * Type of IP access list. Valid values are as follows and are case-sensitive:
65
- *
66
- * * `ALLOW`: An allow list. Include this IP or range.
67
- * * `BLOCK`: A block list. Exclude this IP or range. IP addresses in the block list are excluded even if they are included in an allow list.
68
- */
69
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
70
- export enum AccountIpAccessListType_IpAccessListType {
71
- /** Allows the associated CIDRs. */
72
- ALLOW = 'ALLOW',
73
- /** Blocks the associated CIDRs. */
74
- BLOCK = 'BLOCK',
75
- }
76
-
77
- /**
78
- * Qualifies the breadth of API access permitted by an ingress network policy rule.
79
- * API_SCOPE_QUALIFIER_READ narrows matching to read-only variants of the listed scopes;
80
- * API_SCOPE_QUALIFIER_ALL matches any scope. When unset, scopes match exactly as listed.
81
- */
82
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
83
- export enum CustomerFacingIngressNetworkPolicy_ApiScopeQualifier {
84
- /** Narrows matching to read-only variants of the listed scopes (e.g. GET/HEAD requests). */
85
- API_SCOPE_QUALIFIER_READ = 'API_SCOPE_QUALIFIER_READ',
86
- /** Matches any scope regardless of access level. */
87
- API_SCOPE_QUALIFIER_ALL = 'API_SCOPE_QUALIFIER_ALL',
88
- }
89
-
90
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
91
- export enum CustomerFacingIngressNetworkPolicy_Authentication_IdentityType {
92
- IDENTITY_TYPE_UNSPECIFIED = 'IDENTITY_TYPE_UNSPECIFIED',
93
- IDENTITY_TYPE_ALL_USERS = 'IDENTITY_TYPE_ALL_USERS',
94
- IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS = 'IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS',
95
- IDENTITY_TYPE_SELECTED_IDENTITIES = 'IDENTITY_TYPE_SELECTED_IDENTITIES',
96
- }
97
-
98
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
99
- export enum CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType {
100
- PRINCIPAL_TYPE_UNSPECIFIED = 'PRINCIPAL_TYPE_UNSPECIFIED',
101
- PRINCIPAL_TYPE_USER = 'PRINCIPAL_TYPE_USER',
102
- PRINCIPAL_TYPE_SERVICE_PRINCIPAL = 'PRINCIPAL_TYPE_SERVICE_PRINCIPAL',
103
- }
104
-
105
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
106
- export enum CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode {
107
- FULL_ACCESS = 'FULL_ACCESS',
108
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
109
- }
110
-
111
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
112
- export enum CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode {
113
- ALLOW_ALL_REGISTERED_ENDPOINTS = 'ALLOW_ALL_REGISTERED_ENDPOINTS',
114
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
115
- }
116
-
117
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
118
- export enum CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode {
119
- FULL_ACCESS = 'FULL_ACCESS',
120
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
121
- }
122
-
123
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
124
- export enum CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState {
125
- PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED = 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED',
126
- /** The endpoint has been approved and is ready to use in your serverless compute resources. */
127
- ESTABLISHED = 'ESTABLISHED',
128
- /** Connection was rejected by the private link resource owner. */
129
- REJECTED = 'REJECTED',
130
- /**
131
- * Connection was removed by the private link resource owner, the private endpoint becomes informative and should
132
- * be deleted for clean-up.
133
- */
134
- DISCONNECTED = 'DISCONNECTED',
135
- /** If the endpoint is created but not approved in 14 days, it is EXPIRED. */
136
- EXPIRED = 'EXPIRED',
137
- /** The endpoint has been created and pending approval. */
138
- PENDING = 'PENDING',
139
- /** The endpoint creation is in progress. */
140
- CREATING = 'CREATING',
141
- /** The endpoint creation failed. */
142
- CREATE_FAILED = 'CREATE_FAILED',
143
- }
144
-
145
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
146
- export enum CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState {
147
- PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED = 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED',
148
- /** The endpoint has been created and pending approval. */
149
- INIT = 'INIT',
150
- /** The endpoint has been approved and is ready to use in your serverless compute resources. */
151
- ESTABLISHED = 'ESTABLISHED',
152
- /** Connection was rejected by the private link resource owner. */
153
- REJECTED = 'REJECTED',
154
- /**
155
- * Connection was removed by the private link resource owner, the private endpoint becomes informative and should
156
- * be deleted for clean-up.
157
- */
158
- DISCONNECTED = 'DISCONNECTED',
159
- /** If the endpoint was created but not approved in 14 days, it will be EXPIRED. */
160
- EXPIRED = 'EXPIRED',
161
- /** The endpoint has been created and pending approval. */
162
- PENDING = 'PENDING',
163
- /** The endpoint creation is in progress. */
164
- CREATING = 'CREATING',
165
- /** The endpoint creation failed. */
166
- CREATE_FAILED = 'CREATE_FAILED',
167
- }
168
-
169
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
170
- export enum EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType {
171
- INTERNET_DESTINATION_TYPE_UNSPECIFIED = 'INTERNET_DESTINATION_TYPE_UNSPECIFIED',
172
- /** This is defined as `FQDN` in settings-policy/api/proto/messages.proto. Translation is done in accounts-lake-net-manager/src/util/NetworkPolicySettingUtil.scala. */
173
- DNS_NAME = 'DNS_NAME',
174
- }
175
-
176
- /** The values should match the list of workloads used in networkconfig.proto */
177
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
178
- export enum EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter {
179
- DRY_RUN_MODE_PRODUCT_FILTER_UNSPECIFIED = 'DRY_RUN_MODE_PRODUCT_FILTER_UNSPECIFIED',
180
- /** SQL Warehouse product */
181
- DBSQL = 'DBSQL',
182
- /** Machine Learning serving product */
183
- ML_SERVING = 'ML_SERVING',
184
- }
185
-
186
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
187
- export enum EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode {
188
- ENFORCEMENT_MODE_UNSPECIFIED = 'ENFORCEMENT_MODE_UNSPECIFIED',
189
- /** Blocks traffic that violates network policy. This is the default mode. */
190
- ENFORCED = 'ENFORCED',
191
- /** Logs violations without blocking traffic. Useful for testing policies before enforcement. */
192
- DRY_RUN = 'DRY_RUN',
193
- }
194
-
195
- /**
196
- * At which level can <Databricks> and <Databricks> managed compute access Internet.
197
- * FULL_ACCESS: <Databricks> can access Internet. No blocking rules will apply.
198
- * RESTRICTED_ACCESS: <Databricks> can only access explicitly allowed internet and storage destinations,
199
- * as well as UC connections and external locations.
200
- */
201
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
202
- export enum EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode {
203
- RESTRICTION_MODE_UNSPECIFIED = 'RESTRICTION_MODE_UNSPECIFIED',
204
- FULL_ACCESS = 'FULL_ACCESS',
205
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
206
- }
207
-
208
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
209
- export enum EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType {
210
- STORAGE_DESTINATION_TYPE_UNSPECIFIED = 'STORAGE_DESTINATION_TYPE_UNSPECIFIED',
211
- /**
212
- * AWS_S3 can be used both for direct AWS S3 access and for cross-cloud access from Azure and GCP
213
- * When used in an Azure/GCP context, this indicates cross-cloud access from Azure/GCP to the specified S3 bucket
214
- */
215
- AWS_S3 = 'AWS_S3',
216
- AZURE_STORAGE = 'AZURE_STORAGE',
217
- GOOGLE_CLOUD_STORAGE = 'GOOGLE_CLOUD_STORAGE',
218
- }
219
-
220
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
221
- export enum EndpointUseCase_EndpointUseCase {
222
- /** service-direct frontend private link connectivity. */
223
- SERVICE_DIRECT = 'SERVICE_DIRECT',
224
- }
225
-
226
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
227
- export enum NccPrivateEndpointRule_PrivateLinkConnectionState {
228
- PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED = 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED',
229
- /** The endpoint has been approved and is ready to use in your serverless compute resources. */
230
- ESTABLISHED = 'ESTABLISHED',
231
- /** Connection was rejected by the private link resource owner. */
232
- REJECTED = 'REJECTED',
233
- /**
234
- * Connection was removed by the private link resource owner, the private endpoint becomes informative and should
235
- * be deleted for clean-up.
236
- */
237
- DISCONNECTED = 'DISCONNECTED',
238
- /** If the endpoint was created but not approved in 14 days, it will be EXPIRED. */
239
- EXPIRED = 'EXPIRED',
240
- /** The endpoint has been created and pending approval. */
241
- PENDING = 'PENDING',
242
- /** The endpoint creation is in progress. */
243
- CREATING = 'CREATING',
244
- /** The endpoint creation failed. */
245
- CREATE_FAILED = 'CREATE_FAILED',
246
- }
247
-
248
- /** Definition of an IP Access list */
249
- export interface AccountIpAccessList {
250
- /** Universally unique identifier (UUID) of the IP access list. */
251
- listId?: string | undefined;
252
- /** Label for the IP access list. This **cannot** be empty. */
253
- label?: string | undefined;
254
- ipAddresses?: string[] | undefined;
255
- /** Total number of IP or CIDR values. */
256
- addressCount?: number | undefined;
257
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
258
- /** Creation timestamp in milliseconds. */
259
- createdAt?: bigint | undefined;
260
- /** The ID of the user that created this list. */
261
- createdBy?: bigint | undefined;
262
- /** Update timestamp in milliseconds. */
263
- updatedAt?: bigint | undefined;
264
- /** The ID of the user that last updated this list. */
265
- updatedBy?: bigint | undefined;
266
- /** Specifies whether this IP access list is enabled. */
267
- enabled?: boolean | undefined;
268
- }
269
-
270
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
271
- export interface AccountIpAccessListType {}
272
-
273
- export interface AccountNetworkPolicy {
274
- /** The unique identifier for the network policy. */
275
- networkPolicyId?: string | undefined;
276
- /** The associated account ID for this Network Policy object. */
277
- accountId?: string | undefined;
278
- /** The network policies applying for egress traffic. */
279
- egress?: EgressNetworkPolicy | undefined;
280
- /** The network policies applying for ingress traffic. */
281
- ingress?: CustomerFacingIngressNetworkPolicy | undefined;
282
- /**
283
- * The ingress policy for dry run mode. Dry run will always run even if the request
284
- * is allowed by the ingress policy. When this field is set, the policy will be evaluated
285
- * and emit logs only without blocking requests.
286
- */
287
- ingressDryRun?: CustomerFacingIngressNetworkPolicy | undefined;
288
- }
289
-
290
- export interface AzurePrivateEndpointInfo {
291
- /** The name of the Private Endpoint in the Azure subscription. */
292
- privateEndpointName?: string | undefined;
293
- /**
294
- * The GUID of the Private Endpoint resource in the Azure subscription.
295
- * This is assigned by Azure when the user sets up the Private Endpoint.
296
- */
297
- privateEndpointResourceGuid?: string | undefined;
298
- /** The full resource ID of the Private Endpoint. */
299
- privateEndpointResourceId?: string | undefined;
300
- /** The resource ID of the Databricks Private Link Service that this Private Endpoint connects to. */
301
- privateLinkServiceId?: string | undefined;
302
- }
303
-
304
- /** Details required to configure a block list or allow list. */
305
- export interface CreateAccountIpAccessListRequest {
306
- accountId?: string | undefined;
307
- label?: string | undefined;
308
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
309
- ipAddresses?: string[] | undefined;
310
- }
311
-
312
- /** An IP access list was successfully created. */
313
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
314
- export interface CreateAccountIpAccessListRequest_Response {
315
- ipAccessList?: AccountIpAccessList | undefined;
316
- }
317
-
318
- export interface CreateEndpointRequest {
319
- /**
320
- * The parent resource name of the account under which the endpoint is created.
321
- * Format: `accounts/{account_id}`.
322
- */
323
- parent?: string | undefined;
324
- endpoint?: Endpoint | undefined;
325
- }
326
-
327
- /** Details required to configure a block list or allow list. */
328
- export interface CreateIpAccessList {
329
- /** Label for the IP access list. This **cannot** be empty. */
330
- label?: string | undefined;
331
- listType?: IpAccessListType | undefined;
332
- ipAddresses?: string[] | undefined;
333
- }
334
-
335
- /** An IP access list was successfully created. */
336
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
337
- export interface CreateIpAccessList_Response {
338
- ipAccessList?: IpAccessList | undefined;
339
- }
340
-
341
- /** Properties of the new private endpoint rule. */
342
- export interface CreateNccPrivateEndpointRuleRequest {
343
- /** Your Network Connectivity Configuration ID. */
344
- networkConnectivityConfigId?: string | undefined;
345
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
346
- accountId?: string | undefined;
347
- privateEndpointRule?: CreatePrivateEndpointRule | undefined;
348
- }
349
-
350
- /** Properties of the new network connectivity configuration. */
351
- export interface CreateNetworkConnectivityConfigRequest {
352
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
353
- accountId?: string | undefined;
354
- networkConnectivityConfig?:
355
- | CreateNetworkConnectivityConfiguration
356
- | undefined;
357
- }
358
-
359
- /** Properties of the new network connectivity configuration. */
360
- export interface CreateNetworkConnectivityConfiguration {
361
- /** <Databricks> network connectivity configuration ID. */
362
- networkConnectivityConfigId?: string | undefined;
363
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
364
- accountId?: string | undefined;
365
- /**
366
- * The name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens,
367
- * and underscores. The length must be between 3 and 30 characters. The name must match the regular
368
- * expression ^[0-9a-zA-Z-_]{3,30}$
369
- */
370
- name?: string | undefined;
371
- /**
372
- * The region for the network connectivity configuration.
373
- * Only workspaces in the same region can be attached to the network connectivity configuration.
374
- */
375
- region?: string | undefined;
376
- /** The network connectivity rules that apply to network traffic from your serverless compute resources. */
377
- egressConfig?:
378
- | CustomerFacingNetworkConnectivityConfigEgressConfig
379
- | undefined;
380
- /** Time in epoch milliseconds when this object was updated. */
381
- updatedTime?: bigint | undefined;
382
- /** Time in epoch milliseconds when this object was created. */
383
- creationTime?: bigint | undefined;
384
- }
385
-
386
- export interface CreateNetworkPolicyRequest {
387
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
388
- accountId?: string | undefined;
389
- /** Network policy configuration details. */
390
- networkPolicy?: AccountNetworkPolicy | undefined;
391
- }
392
-
393
- export interface CreateNetworkRequest {
394
- accountId?: string | undefined;
395
- /** The human-readable name of the network configuration. */
396
- networkName?: string | undefined;
397
- /** The ID of the VPC associated with this network configuration. VPC IDs can be used in multiple networks. */
398
- vpcId?: string | undefined;
399
- /** IDs of at least two subnets associated with this network. Subnet IDs **cannot** be used in multiple network configurations. */
400
- subnetIds?: string[] | undefined;
401
- /** IDs of one to five security groups associated with this network. Security group IDs **cannot** be used in multiple network configurations. */
402
- securityGroupIds?: string[] | undefined;
403
- vpcEndpoints?: NetworkVpcEndpoints | undefined;
404
- gcpNetworkInfo?: GcpNetworkInfo | undefined;
405
- }
406
-
407
- export interface CreatePrivateAccessSettingsRequest {
408
- accountId?: string | undefined;
409
- /** The human-readable name of the private access settings object. */
410
- privateAccessSettingsName?: string | undefined;
411
- /** The AWS region for workspaces attached to this private access settings object. */
412
- region?: string | undefined;
413
- /** Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. */
414
- publicAccessEnabled?: boolean | undefined;
415
- /**
416
- * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object.
417
- * `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your <Databricks> account connect to your workspace.
418
- * `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids.
419
- */
420
- privateAccessLevel?: PrivateAccessLevel | undefined;
421
- /**
422
- * An array of Databricks VPC endpoint IDs. This is the <Databricks> ID returned when registering the VPC endpoint configuration in your <Databricks> account. This is not the ID of the VPC endpoint in AWS.
423
- * Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints registered in your <Databricks> account that can connect to your workspace over AWS PrivateLink.
424
- * Note: If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists.
425
- */
426
- allowedVpcEndpointIds?: string[] | undefined;
427
- }
428
-
429
- /**
430
- * Properties of the new private endpoint rule.
431
- * Note that you must approve the endpoint in Azure portal after initialization.
432
- */
433
- export interface CreatePrivateEndpointRule {
434
- /** The ID of a private endpoint rule. */
435
- ruleId?: string | undefined;
436
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
437
- networkConnectivityConfigId?: string | undefined;
438
- /**
439
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
440
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console
441
- * before they take effect.
442
- * The possible values are:
443
- * - PENDING: The endpoint has been created and pending approval.
444
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
445
- * - REJECTED: Connection was rejected by the private link resource owner.
446
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
447
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
448
- * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING.
449
- * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details.
450
- */
451
- connectionState?:
452
- | NccPrivateEndpointRule_PrivateLinkConnectionState
453
- | undefined;
454
- /**
455
- * Only used by private endpoints to customer-managed private endpoint services.
456
- *
457
- * Domain names of target private link service.
458
- * When updating this field, the full list of target domain_names must be specified.
459
- */
460
- domainNames?: string[] | undefined;
461
- /** Time in epoch milliseconds when this object was created. */
462
- creationTime?: bigint | undefined;
463
- /** Time in epoch milliseconds when this object was updated. */
464
- updatedTime?: bigint | undefined;
465
- /** Whether this private endpoint is deactivated. */
466
- deactivated?: boolean | undefined;
467
- /** Time in epoch milliseconds when this object was deactivated. */
468
- deactivatedAt?: bigint | undefined;
469
- errorMessage?: string | undefined;
470
- /** The Azure resource ID of the target resource. */
471
- resourceId?: string | undefined;
472
- /**
473
- * Not used by customer-managed private endpoint services.
474
- *
475
- * The sub-resource type (group ID) of the target resource.
476
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
477
- */
478
- groupId?: string | undefined;
479
- /** The name of the Azure private endpoint resource. */
480
- endpointName?: string | undefined;
481
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
482
- accountId?: string | undefined;
483
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
484
- endpointService?: string | undefined;
485
- /**
486
- * Only used by private endpoints towards AWS S3 service.
487
- *
488
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
489
- * The bucket names must be in the same region as the NCC/endpoint service.
490
- * When updating this field, we perform full update on this field. Please ensure a full list of desired
491
- * resource_names is provided.
492
- */
493
- resourceNames?: string[] | undefined;
494
- /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by <Databricks>. */
495
- vpcEndpointId?: string | undefined;
496
- /**
497
- * Update this field to activate/deactivate this private endpoint to allow egress access from
498
- * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3).
499
- */
500
- enabled?: boolean | undefined;
501
- endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined;
502
- }
503
-
504
- export interface CreateVpcEndpointRequest {
505
- accountId?: string | undefined;
506
- /** The human-readable name of the storage configuration. */
507
- vpcEndpointName?: string | undefined;
508
- /** The region in which this VPC endpoint object exists. */
509
- region?: string | undefined;
510
- /** The ID of the VPC endpoint object in AWS. */
511
- awsVpcEndpointId?: string | undefined;
512
- vpcEndpointInfo?:
513
- | {
514
- $case: 'gcpVpcEndpointInfo';
515
- /** The cloud info of this vpc endpoint. */
516
- gcpVpcEndpointInfo: CustomerFacingGcpVpcEndpointInfo;
517
- }
518
- | undefined;
519
- }
520
-
521
- export interface CustomerFacingGcpVpcEndpointInfo {
522
- pscConnectionId?: string | undefined;
523
- projectId?: string | undefined;
524
- pscEndpointName?: string | undefined;
525
- endpointRegion?: string | undefined;
526
- serviceAttachmentId?: string | undefined;
527
- }
528
-
529
- /**
530
- * This proto is under development.
531
- * The network policies applying for ingress traffic.
532
- * Any changes here should also be synced to estore/namespaces/lakehousenetworkmanager/latest.proto.
533
- */
534
- export interface CustomerFacingIngressNetworkPolicy {
535
- /**
536
- * The network policy restrictions for public access to the workspace.
537
- * Configures how public internet traffic is allowed or denied access.
538
- */
539
- publicAccess?: CustomerFacingIngressNetworkPolicy_PublicAccess | undefined;
540
- /**
541
- * The network policy restrictions for private access to the workspace.
542
- * Configures how registered private endpoints are allowed or denied access.
543
- */
544
- privateAccess?: CustomerFacingIngressNetworkPolicy_PrivateAccess | undefined;
545
- crossWorkspaceAccess?:
546
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess
547
- | undefined;
548
- }
549
-
550
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
551
- export interface CustomerFacingIngressNetworkPolicy_AccountApiDestination {
552
- scopes?: string[] | undefined;
553
- /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */
554
- scopeQualifier?:
555
- | CustomerFacingIngressNetworkPolicy_ApiScopeQualifier
556
- | undefined;
557
- }
558
-
559
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
560
- export interface CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination {
561
- /** Must be set to true. */
562
- allDestinations?: boolean | undefined;
563
- }
564
-
565
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
566
- export interface CustomerFacingIngressNetworkPolicy_AccountUiDestination {
567
- /** Must be set to true. */
568
- allDestinations?: boolean | undefined;
569
- }
570
-
571
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
572
- export interface CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination {
573
- /** Must be set to true. */
574
- allDestinations?: boolean | undefined;
575
- }
576
-
577
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
578
- export interface CustomerFacingIngressNetworkPolicy_Authentication {
579
- identityType?:
580
- | CustomerFacingIngressNetworkPolicy_Authentication_IdentityType
581
- | undefined;
582
- /** Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES. */
583
- identities?:
584
- | CustomerFacingIngressNetworkPolicy_AuthenticationIdentity[]
585
- | undefined;
586
- }
587
-
588
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
589
- export interface CustomerFacingIngressNetworkPolicy_AuthenticationIdentity {
590
- principalType?:
591
- | CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType
592
- | undefined;
593
- principalId?: bigint | undefined;
594
- }
595
-
596
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
597
- export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess {
598
- restrictionMode?:
599
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode
600
- | undefined;
601
- denyRules?:
602
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule[]
603
- | undefined;
604
- allowRules?:
605
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule[]
606
- | undefined;
607
- }
608
-
609
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
610
- export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule {
611
- origin?:
612
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin
613
- | undefined;
614
- destination?:
615
- | CustomerFacingIngressNetworkPolicy_RequestDestination
616
- | undefined;
617
- authentication?:
618
- | CustomerFacingIngressNetworkPolicy_Authentication
619
- | undefined;
620
- /** The label for this ingress rule. */
621
- label?: string | undefined;
622
- }
623
-
624
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
625
- export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin {
626
- source?:
627
- | {
628
- $case: 'allSourceWorkspaces';
629
- /** Matches all source workspaces. */
630
- allSourceWorkspaces: boolean;
631
- }
632
- | {
633
- $case: 'selectedWorkspaces';
634
- /** Specific source workspace IDs to match. */
635
- selectedWorkspaces: CustomerFacingIngressNetworkPolicy_WorkspaceIdList;
636
- }
637
- | undefined;
638
- }
639
-
640
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
641
- export interface CustomerFacingIngressNetworkPolicy_Endpoints {
642
- endpointIds?: string[] | undefined;
643
- }
644
-
645
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
646
- export interface CustomerFacingIngressNetworkPolicy_IpRanges {
647
- /** We only support IPv4 and IPv4 CIDR notation for now. */
648
- ipRanges?: string[] | undefined;
649
- }
650
-
651
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
652
- export interface CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination {
653
- /** Must be set to true. */
654
- allDestinations?: boolean | undefined;
655
- }
656
-
657
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
658
- export interface CustomerFacingIngressNetworkPolicy_PrivateAccess {
659
- restrictionMode?:
660
- | CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode
661
- | undefined;
662
- denyRules?:
663
- | CustomerFacingIngressNetworkPolicy_PrivateIngressRule[]
664
- | undefined;
665
- allowRules?:
666
- | CustomerFacingIngressNetworkPolicy_PrivateIngressRule[]
667
- | undefined;
668
- }
669
-
670
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
671
- export interface CustomerFacingIngressNetworkPolicy_PrivateIngressRule {
672
- origin?: CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin | undefined;
673
- destination?:
674
- | CustomerFacingIngressNetworkPolicy_RequestDestination
675
- | undefined;
676
- authentication?:
677
- | CustomerFacingIngressNetworkPolicy_Authentication
678
- | undefined;
679
- /** The label for this ingress rule. */
680
- label?: string | undefined;
681
- }
682
-
683
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
684
- export interface CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin {
685
- source?:
686
- | {
687
- $case: 'endpoints';
688
- endpoints: CustomerFacingIngressNetworkPolicy_Endpoints;
689
- }
690
- | {$case: 'allRegisteredEndpoints'; allRegisteredEndpoints: boolean}
691
- | {$case: 'azureWorkspacePrivateLink'; azureWorkspacePrivateLink: boolean}
692
- | {$case: 'allPrivateAccess'; allPrivateAccess: boolean}
693
- | undefined;
694
- }
695
-
696
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
697
- export interface CustomerFacingIngressNetworkPolicy_PublicAccess {
698
- restrictionMode?:
699
- | CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode
700
- | undefined;
701
- denyRules?:
702
- | CustomerFacingIngressNetworkPolicy_PublicIngressRule[]
703
- | undefined;
704
- allowRules?:
705
- | CustomerFacingIngressNetworkPolicy_PublicIngressRule[]
706
- | undefined;
707
- }
708
-
709
- /**
710
- * An ingress rule is enforced when a request satisfies all
711
- * specified attributes — including request origin, destination, and authentication.
712
- */
713
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
714
- export interface CustomerFacingIngressNetworkPolicy_PublicIngressRule {
715
- origin?: CustomerFacingIngressNetworkPolicy_PublicRequestOrigin | undefined;
716
- destination?:
717
- | CustomerFacingIngressNetworkPolicy_RequestDestination
718
- | undefined;
719
- authentication?:
720
- | CustomerFacingIngressNetworkPolicy_Authentication
721
- | undefined;
722
- /** The label for this ingress rule. */
723
- label?: string | undefined;
724
- }
725
-
726
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
727
- export interface CustomerFacingIngressNetworkPolicy_PublicRequestOrigin {
728
- source?:
729
- | {
730
- $case: 'allIpRanges';
731
- /** Matches all IPv4 and IPv6 ranges (both public and private). */
732
- allIpRanges: boolean;
733
- }
734
- | {
735
- $case: 'includedIpRanges';
736
- /** Will not allow IP ranges with private IPs. */
737
- includedIpRanges: CustomerFacingIngressNetworkPolicy_IpRanges;
738
- }
739
- | {
740
- $case: 'excludedIpRanges';
741
- /** Excluded means: all public IP ranges except this one. */
742
- excludedIpRanges: CustomerFacingIngressNetworkPolicy_IpRanges;
743
- }
744
- | undefined;
745
- }
746
-
747
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
748
- export interface CustomerFacingIngressNetworkPolicy_RequestDestination {
749
- /**
750
- * When true, match all destinations, no other destination fields can be set.
751
- * When not set or false, at least one specific destination must be provided.
752
- */
753
- allDestinations?: boolean | undefined;
754
- workspaceUi?:
755
- | CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination
756
- | undefined;
757
- workspaceApi?:
758
- | CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination
759
- | undefined;
760
- appsRuntime?:
761
- | CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination
762
- | undefined;
763
- lakebaseRuntime?:
764
- | CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination
765
- | undefined;
766
- accountUi?:
767
- | CustomerFacingIngressNetworkPolicy_AccountUiDestination
768
- | undefined;
769
- accountApi?:
770
- | CustomerFacingIngressNetworkPolicy_AccountApiDestination
771
- | undefined;
772
- accountDatabricksOne?:
773
- | CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination
774
- | undefined;
775
- }
776
-
777
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
778
- export interface CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination {
779
- scopes?: string[] | undefined;
780
- /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */
781
- scopeQualifier?:
782
- | CustomerFacingIngressNetworkPolicy_ApiScopeQualifier
783
- | undefined;
784
- }
785
-
786
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
787
- export interface CustomerFacingIngressNetworkPolicy_WorkspaceIdList {
788
- workspaceIds?: bigint[] | undefined;
789
- }
790
-
791
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
792
- export interface CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination {
793
- /** Must be set to true. */
794
- allDestinations?: boolean | undefined;
795
- }
796
-
797
- /** Properties of the new network connectivity configuration. */
798
- export interface CustomerFacingNetworkConnectivityConfig {
799
- /** <Databricks> network connectivity configuration ID. */
800
- networkConnectivityConfigId?: string | undefined;
801
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
802
- accountId?: string | undefined;
803
- /**
804
- * The name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens,
805
- * and underscores. The length must be between 3 and 30 characters. The name must match the regular
806
- * expression ^[0-9a-zA-Z-_]{3,30}$
807
- */
808
- name?: string | undefined;
809
- /**
810
- * The region for the network connectivity configuration.
811
- * Only workspaces in the same region can be attached to the network connectivity configuration.
812
- */
813
- region?: string | undefined;
814
- /** The network connectivity rules that apply to network traffic from your serverless compute resources. */
815
- egressConfig?:
816
- | CustomerFacingNetworkConnectivityConfigEgressConfig
817
- | undefined;
818
- /** Time in epoch milliseconds when this object was updated. */
819
- updatedTime?: bigint | undefined;
820
- /** Time in epoch milliseconds when this object was created. */
821
- creationTime?: bigint | undefined;
822
- }
823
-
824
- /**
825
- * Properties of the new private endpoint rule.
826
- * Note that for private endpoints towards a VPC endpoint service behind a customer-managed NLB,
827
- * you must approve the endpoint in AWS console after initialization.
828
- */
829
- export interface CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule {
830
- /** The ID of a private endpoint rule. */
831
- ruleId?: string | undefined;
832
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
833
- networkConnectivityConfigId?: string | undefined;
834
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
835
- accountId?: string | undefined;
836
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
837
- endpointService?: string | undefined;
838
- /**
839
- * Only used by private endpoints towards a VPC endpoint service for customer-managed VPC endpoint service.
840
- *
841
- * The target AWS resource FQDNs accessible via the VPC endpoint service.
842
- * When updating this field, we perform full update on this field. Please ensure a full list of desired domain_names is provided.
843
- */
844
- domainNames?: string[] | undefined;
845
- /**
846
- * Only used by private endpoints towards AWS S3 service.
847
- *
848
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
849
- * The bucket names must be in the same region as the NCC/endpoint service.
850
- * When updating this field, we perform full update on this field.
851
- * Please ensure a full list of desired resource_names is provided.
852
- */
853
- resourceNames?: string[] | undefined;
854
- /** The AWS VPC endpoint ID. You can use this ID to identify VPC endpoint created by <Databricks>. */
855
- vpcEndpointId?: string | undefined;
856
- /**
857
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
858
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the AWS console
859
- * before they take effect.
860
- * The possible values are:
861
- * - PENDING: The endpoint has been created and pending approval.
862
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
863
- * - REJECTED: Connection was rejected by the private link resource owner.
864
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
865
- * - EXPIRED: If the endpoint is created but not approved in 14 days, it is EXPIRED.
866
- */
867
- connectionState?:
868
- | CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState
869
- | undefined;
870
- /** Time in epoch milliseconds when this object was created. */
871
- creationTime?: bigint | undefined;
872
- /** Time in epoch milliseconds when this object was updated. */
873
- updatedTime?: bigint | undefined;
874
- /** Whether this private endpoint is deactivated. */
875
- deactivated?: boolean | undefined;
876
- /** Time in epoch milliseconds when this object was deactivated. */
877
- deactivatedAt?: bigint | undefined;
878
- /**
879
- * Only used by private endpoints towards an AWS S3 service.
880
- *
881
- * Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources.
882
- */
883
- enabled?: boolean | undefined;
884
- errorMessage?: string | undefined;
885
- }
886
-
887
- /**
888
- * Properties of the new private endpoint rule.
889
- * Note that you must approve the endpoint in Azure portal after initialization.
890
- */
891
- export interface CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule {
892
- /** The ID of a private endpoint rule. */
893
- ruleId?: string | undefined;
894
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
895
- networkConnectivityConfigId?: string | undefined;
896
- /** The Azure resource ID of the target resource. */
897
- resourceId?: string | undefined;
898
- /**
899
- * Only used by private endpoints to Azure first-party services.
900
- *
901
- * The sub-resource type (group ID) of the target resource.
902
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
903
- */
904
- groupId?: string | undefined;
905
- /** The name of the Azure private endpoint resource. */
906
- endpointName?: string | undefined;
907
- /**
908
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
909
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal
910
- * before they take effect.
911
- * The possible values are:
912
- * - INIT: (deprecated) The endpoint has been created and pending approval.
913
- * - PENDING: The endpoint has been created and pending approval.
914
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
915
- * - REJECTED: Connection was rejected by the private link resource owner.
916
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
917
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
918
- */
919
- connectionState?:
920
- | CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState
921
- | undefined;
922
- /** Time in epoch milliseconds when this object was created. */
923
- creationTime?: bigint | undefined;
924
- /** Time in epoch milliseconds when this object was updated. */
925
- updatedTime?: bigint | undefined;
926
- /** Whether this private endpoint is deactivated. */
927
- deactivated?: boolean | undefined;
928
- /** Time in epoch milliseconds when this object was deactivated. */
929
- deactivatedAt?: bigint | undefined;
930
- /**
931
- * Not used by customer-managed private endpoint services.
932
- *
933
- * Domain names of target private link service.
934
- * When updating this field, the full list of target domain_names must be specified.
935
- */
936
- domainNames?: string[] | undefined;
937
- errorMessage?: string | undefined;
938
- }
939
-
940
- export interface CustomerFacingNetworkConnectivityConfigEgressConfig {
941
- /**
942
- * The network connectivity rules that are applied by default without resource specific configurations.
943
- * You can find the stable network information of your serverless compute resources here.
944
- */
945
- defaultRules?: NetworkConnectivityConfigEgressConfig_DefaultRule | undefined;
946
- /** The network connectivity rules that configured for each destinations. These rules override default rules. */
947
- targetRules?:
948
- | CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule
949
- | undefined;
950
- }
951
-
952
- /** Target rule controls the egress rules that are dedicated to specific resources. */
953
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
954
- export interface CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule {
955
- azurePrivateEndpointRules?:
956
- | CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule[]
957
- | undefined;
958
- /** AWS private endpoint rule controls the AWS private endpoint based egress rules. */
959
- awsPrivateEndpointRules?:
960
- | CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule[]
961
- | undefined;
962
- }
963
-
964
- /** * */
965
- export interface CustomerFacingPrivateAccessSettings {
966
- /** <Databricks> private access settings ID. */
967
- privateAccessSettingsId?: string | undefined;
968
- /** The <Databricks> account ID that hosts the private access settings. */
969
- accountId?: string | undefined;
970
- /** The human-readable name of the private access settings object. */
971
- privateAccessSettingsName?: string | undefined;
972
- /** The AWS region for workspaces attached to this private access settings object. */
973
- region?: string | undefined;
974
- /** Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. */
975
- publicAccessEnabled?: boolean | undefined;
976
- /**
977
- * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object.
978
- * `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your <Databricks> account connect to your workspace.
979
- * `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids.
980
- */
981
- privateAccessLevel?: PrivateAccessLevel | undefined;
982
- /**
983
- * An array of Databricks VPC endpoint IDs. This is the <Databricks> ID that is returned when registering the VPC endpoint configuration in your <Databricks> account. This is not the ID of the VPC endpoint in AWS.
984
- * Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints that in your account that can connect to your workspace over AWS PrivateLink.
985
- * If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists.
986
- */
987
- allowedVpcEndpointIds?: string[] | undefined;
988
- }
989
-
990
- /** * */
991
- export interface CustomerFacingVpcEndpoint {
992
- /** Databricks VPC endpoint ID. This is the <Databricks>-specific name of the VPC endpoint. Do not confuse this with the `aws_vpc_endpoint_id`, which is the ID within AWS of the VPC endpoint. */
993
- vpcEndpointId?: string | undefined;
994
- /**
995
- * The <Databricks> account ID that hosts the VPC endpoint configuration.
996
- * TODO - This may signal an OpenAPI diff; it does not show up in the generated spec
997
- */
998
- accountId?: string | undefined;
999
- /** The human-readable name of the storage configuration. */
1000
- vpcEndpointName?: string | undefined;
1001
- /** The ID of the VPC endpoint object in AWS. */
1002
- awsVpcEndpointId?: string | undefined;
1003
- /** The ID of the <Databricks> [endpoint service](https://docs.aws.amazon.com/vpc/latest/privatelink/endpoint-service.html) that this VPC endpoint is connected to. For a list of endpoint service IDs for each supported AWS region, see the [Databricks PrivateLink documentation](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html). */
1004
- awsEndpointServiceId?: string | undefined;
1005
- /**
1006
- * This enumeration represents the type of Databricks VPC endpoint service that was used when creating this VPC endpoint.
1007
- * If the VPC endpoint connects to the <Databricks> control plane for either the front-end connection or the back-end REST API connection, the value is GENERAL_ACCESS.
1008
- * If the VPC endpoint connects to the <Databricks> workspace for the back-end secure cluster connectivity relay, the value is DATAPLANE_RELAY_ACCESS.
1009
- */
1010
- useCase?: CustomerFacingVpcEndpointUseCase | undefined;
1011
- /** The AWS region in which this VPC endpoint object exists. */
1012
- region?: string | undefined;
1013
- /** The AWS Account in which the VPC endpoint object exists. */
1014
- awsAccountId?: string | undefined;
1015
- /** The current state (such as `available` or `rejected`) of the VPC endpoint. Derived from AWS. For the full set of values, see [AWS DescribeVpcEndpoint documentation](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html). */
1016
- state?: string | undefined;
1017
- vpcEndpointInfo?:
1018
- | {
1019
- $case: 'gcpVpcEndpointInfo';
1020
- /**
1021
- * The cloud info of this vpc endpoint.
1022
- * Info for a GCP vpc endpoint.
1023
- */
1024
- gcpVpcEndpointInfo: CustomerFacingGcpVpcEndpointInfo;
1025
- }
1026
- | undefined;
1027
- }
1028
-
1029
- /** Next Id: 3 */
1030
- export interface DeleteAccountIpAccessListRequest {
1031
- accountId?: string | undefined;
1032
- /** The ID for the corresponding IP access list */
1033
- listId?: string | undefined;
1034
- }
1035
-
1036
- /** The IP access list was successfully deleted. */
1037
- // eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-object-type -- Proto-style nested message name.
1038
- export interface DeleteAccountIpAccessListRequest_Response {}
1039
-
1040
- export interface DeleteEndpointRequest {
1041
- name?: string | undefined;
1042
- }
1043
-
1044
- export interface DeleteIpAccessList {
1045
- /** The ID for the corresponding IP access list */
1046
- listId?: string | undefined;
1047
- }
1048
-
1049
- /** The IP access list was successfully deleted. */
1050
- // eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-object-type -- Proto-style nested message name.
1051
- export interface DeleteIpAccessList_Response {}
1052
-
1053
- /**
1054
- * Initiates deleting a private endpoint rule. If the connection state is PENDING or EXPIRED, the private endpoint is
1055
- * immediately deleted. Otherwise, the private endpoint is deactivated and will be deleted after one day of
1056
- * deactivation. When a private endpoint is deactivated, the deactivated field is set to true and the private endpoint
1057
- * is not available to your serverless compute resources.
1058
- */
1059
- export interface DeleteNccPrivateEndpointRuleRequest {
1060
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1061
- accountId?: string | undefined;
1062
- /** Your Network Connectvity Configuration ID. */
1063
- networkConnectivityConfigId?: string | undefined;
1064
- /** Your private endpoint rule ID. */
1065
- privateEndpointRuleId?: string | undefined;
1066
- }
1067
-
1068
- export interface DeleteNetworkConnectivityConfigRequest {
1069
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1070
- accountId?: string | undefined;
1071
- /** Your Network Connectivity Configuration ID. */
1072
- networkConnectivityConfigId?: string | undefined;
1073
- }
1074
-
1075
- export interface DeleteNetworkPolicyRequest {
1076
- /** The unique identifier of the network policy to delete. */
1077
- networkPolicyId?: string | undefined;
1078
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1079
- accountId?: string | undefined;
1080
- }
1081
-
1082
- export interface DeleteNetworkRequest {
1083
- /** Databricks Account API network configuration ID. */
1084
- networkId?: string | undefined;
1085
- accountId?: string | undefined;
1086
- }
1087
-
1088
- export interface DeletePrivateAccessSettingsRequest {
1089
- privateAccessSettingsId?: string | undefined;
1090
- accountId?: string | undefined;
1091
- }
1092
-
1093
- export interface DeleteVpcEndpointRequest {
1094
- vpcEndpointId?: string | undefined;
1095
- accountId?: string | undefined;
1096
- }
1097
-
1098
- /**
1099
- * The network policies applying for egress traffic.
1100
- * This message is used by the UI/REST API. We translate this message to the format expected by the
1101
- * dataplane in Lakehouse Network Manager (for the format expected by the dataplane, see networkconfig.textproto).
1102
- * This policy should be consistent with [[com.databricks.api.proto.settingspolicy.EgressNetworkPolicy]].
1103
- * Details see API-design: https://docs.google.com/document/d/1DKWO_FpZMCY4cF2O62LpwII1lx8gsnDGG-qgE3t3TOA/
1104
- */
1105
- export interface EgressNetworkPolicy {
1106
- /** The access policy enforced for egress traffic to the internet. */
1107
- networkAccess?: EgressNetworkPolicy_NetworkAccessPolicy | undefined;
1108
- }
1109
-
1110
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1111
- export interface EgressNetworkPolicy_NetworkAccessPolicy {
1112
- /** The restriction mode that controls how serverless workloads can access the internet. */
1113
- restrictionMode?:
1114
- | EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode
1115
- | undefined;
1116
- /** List of internet destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode. */
1117
- allowedInternetDestinations?:
1118
- | EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination[]
1119
- | undefined;
1120
- /** List of storage destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode. */
1121
- allowedStorageDestinations?:
1122
- | EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination[]
1123
- | undefined;
1124
- /** Optional. When policy_enforcement is not provided, we default to ENFORCE_MODE_ALL_SERVICES */
1125
- policyEnforcement?:
1126
- | EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement
1127
- | undefined;
1128
- /**
1129
- * List of internet destinations that serverless workloads are blocked from accessing.
1130
- * These destinations are enforced when restriction mode is RESTRICTED_ACCESS or DRY_RUN.
1131
- * Currently supports DNS_NAME type only; IP_RANGE support is planned.
1132
- */
1133
- blockedInternetDestinations?:
1134
- | EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination[]
1135
- | undefined;
1136
- }
1137
-
1138
- /**
1139
- * Users can specify accessible internet destinations when outbound access is restricted.
1140
- * We only support DNS_NAME (FQDN format) destinations for the time being.
1141
- * Going forward we may extend support to host names and IP addresses.
1142
- */
1143
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1144
- export interface EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination {
1145
- /** The internet destination to which access will be allowed. Format dependent on the destination type. */
1146
- destination?: string | undefined;
1147
- /** The type of internet destination. Currently only DNS_NAME is supported. */
1148
- internetDestinationType?:
1149
- | EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType
1150
- | undefined;
1151
- }
1152
-
1153
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1154
- export interface EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement {
1155
- /**
1156
- * The mode of policy enforcement. ENFORCED blocks traffic that violates policy,
1157
- * while DRY_RUN only logs violations without blocking. When not specified,
1158
- * defaults to ENFORCED.
1159
- */
1160
- enforcementMode?:
1161
- | EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode
1162
- | undefined;
1163
- /**
1164
- * When empty, it means dry run for all products.
1165
- * When non-empty, it means dry run for specific products and for the other products, they will run in enforced mode.
1166
- */
1167
- dryRunModeProductFilter?:
1168
- | EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter[]
1169
- | undefined;
1170
- }
1171
-
1172
- /** Users can specify accessible storage destinations. */
1173
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1174
- export interface EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination {
1175
- bucketName?: string | undefined;
1176
- region?: string | undefined;
1177
- /** The type of storage destination. */
1178
- storageDestinationType?:
1179
- | EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType
1180
- | undefined;
1181
- /** The Azure storage account name. */
1182
- azureStorageAccount?: string | undefined;
1183
- /** The Azure storage service type (blob, dfs, etc.). */
1184
- azureStorageService?: string | undefined;
1185
- }
1186
-
1187
- /** Endpoint represents a cloud networking resource in a user's cloud account and binds it to the <Databricks> account. */
1188
- export interface Endpoint {
1189
- /** The resource name of the endpoint, which uniquely identifies the endpoint. */
1190
- name?: string | undefined;
1191
- /** The unique identifier for this endpoint under the account. This field is a UUID generated by <Databricks>. */
1192
- endpointId?: string | undefined;
1193
- /** The Databricks Account in which the endpoint object exists. */
1194
- accountId?: string | undefined;
1195
- /**
1196
- * The human-readable display name of this endpoint.
1197
- * The input should conform to RFC-1034, which restricts to letters, numbers, and hyphens,
1198
- * with the first character a letter, the last a letter or a number, and a 63 character maximum.
1199
- */
1200
- displayName?: string | undefined;
1201
- /**
1202
- * The use case that determines the type of network connectivity this endpoint provides.
1203
- * This field is automatically determined based on the endpoint configuration and cloud-specific settings.
1204
- */
1205
- useCase?: EndpointUseCase_EndpointUseCase | undefined;
1206
- /** The cloud provider region where this endpoint is located. */
1207
- region?: string | undefined;
1208
- /** The state of the endpoint. The endpoint can only be used if the state is `APPROVED`. */
1209
- state?: EndpointState | undefined;
1210
- /**
1211
- * The cloud info of this endpoint.
1212
- * (-- For now it only supports Azure PL, but in future we can support other clouds and more use cases (e.g. public endpoint) --)
1213
- */
1214
- endpointInfo?:
1215
- | {
1216
- $case: 'azurePrivateEndpointInfo';
1217
- /** Info for an Azure private endpoint. */
1218
- azurePrivateEndpointInfo: AzurePrivateEndpointInfo;
1219
- }
1220
- | undefined;
1221
- /** The timestamp when the endpoint was created. The timestamp is in RFC 3339 format in UTC timezone. */
1222
- createTime?: Temporal.Instant | undefined;
1223
- }
1224
-
1225
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1226
- export interface EndpointUseCase {}
1227
-
1228
- export interface GcpEndpoint {
1229
- /** Output only. The URI of the created PSC endpoint. */
1230
- pscEndpointUri?: string | undefined;
1231
- /** Selects which target services this private endpoint reaches. */
1232
- targetServices?:
1233
- | {
1234
- $case: 'serviceAttachment';
1235
- /**
1236
- * The full url of the target service attachment.
1237
- * Example:
1238
- * projects/my-gcp-project/regions/us-east4/serviceAttachments/my-service-attachment
1239
- */
1240
- serviceAttachment: string;
1241
- }
1242
- | undefined;
1243
- }
1244
-
1245
- export interface GcpNetworkInfo {
1246
- /** The GCP project ID for network resources. This project is where the VPC and subnet resides. */
1247
- networkProjectId?: string | undefined;
1248
- /** The customer-provided VPC ID. */
1249
- vpcId?: string | undefined;
1250
- /**
1251
- * The customer-provided Subnet ID that will be available to Clusters in Workspaces using this
1252
- * Network.
1253
- */
1254
- subnetId?: string | undefined;
1255
- subnetRegion?: string | undefined;
1256
- /**
1257
- * Name of the secondary range within the subnet that will be used by GKE as Pod IP range.
1258
- * This is BYO VPC specific. DB VPC uses network.getGcpManagedNetworkConfig.getGkeClusterPodIpRange
1259
- */
1260
- podIpRangeName?: string | undefined;
1261
- /** Name of the secondary range within the subnet that will be used by GKE as Service IP range. */
1262
- serviceIpRangeName?: string | undefined;
1263
- }
1264
-
1265
- /** Next Id: 3 */
1266
- export interface GetAccountIpAccessListRequest {
1267
- accountId?: string | undefined;
1268
- /** The ID for the corresponding IP access list */
1269
- listId?: string | undefined;
1270
- }
1271
-
1272
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1273
- export interface GetAccountIpAccessListRequest_Response {
1274
- ipAccessList?: AccountIpAccessList | undefined;
1275
- }
1276
-
1277
- export interface GetEndpointRequest {
1278
- name?: string | undefined;
1279
- }
1280
-
1281
- export interface GetIpAccessList {
1282
- /** The ID for the corresponding IP access list */
1283
- listId?: string | undefined;
1284
- }
1285
-
1286
- /** An IP access list was successfully returned. */
1287
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1288
- export interface GetIpAccessList_Response {
1289
- ipAccessList?: IpAccessList | undefined;
1290
- }
1291
-
1292
- export interface GetNccPrivateEndpointRuleRequest {
1293
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1294
- accountId?: string | undefined;
1295
- /** Your Network Connectvity Configuration ID. */
1296
- networkConnectivityConfigId?: string | undefined;
1297
- /** Your private endpoint rule ID. */
1298
- privateEndpointRuleId?: string | undefined;
1299
- }
1300
-
1301
- /** ***************************** Public facing RPC requests and responses *****************************\// */
1302
- export interface GetNetworkConnectivityConfigRequest {
1303
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1304
- accountId?: string | undefined;
1305
- /** Your Network Connectivity Configuration ID. */
1306
- networkConnectivityConfigId?: string | undefined;
1307
- }
1308
-
1309
- export interface GetNetworkPolicyRequest {
1310
- /** The unique identifier of the network policy to retrieve. */
1311
- networkPolicyId?: string | undefined;
1312
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1313
- accountId?: string | undefined;
1314
- }
1315
-
1316
- export interface GetNetworkRequest {
1317
- /** Databricks Account API network configuration ID. */
1318
- networkId?: string | undefined;
1319
- accountId?: string | undefined;
1320
- }
1321
-
1322
- export interface GetPrivateAccessSettingsRequest {
1323
- privateAccessSettingsId?: string | undefined;
1324
- accountId?: string | undefined;
1325
- }
1326
-
1327
- export interface GetVpcEndpointRequest {
1328
- /** Databricks VPC endpoint ID. */
1329
- vpcEndpointId?: string | undefined;
1330
- accountId?: string | undefined;
1331
- }
1332
-
1333
- export interface GetWorkspaceNetworkOptionRequest {
1334
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1335
- accountId?: string | undefined;
1336
- /** The workspace ID. */
1337
- workspaceId?: bigint | undefined;
1338
- }
1339
-
1340
- /** Definition of an IP Access list */
1341
- export interface IpAccessList {
1342
- /** Universally unique identifier (UUID) of the IP access list. */
1343
- listId?: string | undefined;
1344
- /** Label for the IP access list. This **cannot** be empty. */
1345
- label?: string | undefined;
1346
- ipAddresses?: string[] | undefined;
1347
- /** Total number of IP or CIDR values. */
1348
- addressCount?: number | undefined;
1349
- listType?: IpAccessListType | undefined;
1350
- /** Creation timestamp in milliseconds. */
1351
- createdAt?: bigint | undefined;
1352
- /** User ID of the user who created this list. */
1353
- createdBy?: bigint | undefined;
1354
- /** Update timestamp in milliseconds. */
1355
- updatedAt?: bigint | undefined;
1356
- /** User ID of the user who updated this list. */
1357
- updatedBy?: bigint | undefined;
1358
- /** Specifies whether this IP access list is enabled. */
1359
- enabled?: boolean | undefined;
1360
- }
1361
-
1362
- /** Next Id: 2 */
1363
- export interface ListAccountIpAccessListsRequest {
1364
- accountId?: string | undefined;
1365
- }
1366
-
1367
- /** IP access lists were successfully returned. */
1368
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1369
- export interface ListAccountIpAccessListsRequest_Response {
1370
- ipAccessLists?: AccountIpAccessList[] | undefined;
1371
- }
1372
-
1373
- export interface ListEndpointsRequest {
1374
- /**
1375
- * The parent resource name of the account to list endpoints for.
1376
- * Format: `accounts/{account_id}`.
1377
- */
1378
- parent?: string | undefined;
1379
- pageToken?: string | undefined;
1380
- pageSize?: number | undefined;
1381
- }
1382
-
1383
- export interface ListEndpointsResponse {
1384
- items?: Endpoint[] | undefined;
1385
- nextPageToken?: string | undefined;
1386
- }
1387
-
1388
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1389
- export interface ListIpAccessLists {}
1390
-
1391
- /** IP access lists were successfully returned. */
1392
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1393
- export interface ListIpAccessLists_Response {
1394
- ipAccessLists?: IpAccessList[] | undefined;
1395
- }
1396
-
1397
- /** Gets an array of private endpoint rules. */
1398
- export interface ListNccPrivateEndpointRulesRequest {
1399
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1400
- accountId?: string | undefined;
1401
- /** Your Network Connectvity Configuration ID. */
1402
- networkConnectivityConfigId?: string | undefined;
1403
- /** Pagination token to go to next page based on previous query. */
1404
- pageToken?: string | undefined;
1405
- }
1406
-
1407
- /** The private endpoint rule list was successfully retrieved. */
1408
- export interface ListNccPrivateEndpointRulesResponse {
1409
- items?: NccPrivateEndpointRule[] | undefined;
1410
- /** A token that can be used to get the next page of results. If null, there are no more results to show. */
1411
- nextPageToken?: string | undefined;
1412
- }
1413
-
1414
- export interface ListNetworkConnectivityConfigsRequest {
1415
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1416
- accountId?: string | undefined;
1417
- /** Pagination token to go to next page based on previous query. */
1418
- pageToken?: string | undefined;
1419
- }
1420
-
1421
- /** The network connectivity configuration list was successfully retrieved. */
1422
- export interface ListNetworkConnectivityConfigsResponse {
1423
- items?: CustomerFacingNetworkConnectivityConfig[] | undefined;
1424
- /** A token that can be used to get the next page of results. If null, there are no more results to show. */
1425
- nextPageToken?: string | undefined;
1426
- }
1427
-
1428
- export interface ListNetworkPoliciesRequest {
1429
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1430
- accountId?: string | undefined;
1431
- /** Pagination token to go to next page based on previous query. */
1432
- pageToken?: string | undefined;
1433
- }
1434
-
1435
- export interface ListNetworkPoliciesResponse {
1436
- /** List of network policies. */
1437
- items?: AccountNetworkPolicy[] | undefined;
1438
- /** A token that can be used to get the next page of results. If null, there are no more results to show. */
1439
- nextPageToken?: string | undefined;
1440
- }
1441
-
1442
- export interface ListNetworkRequest {
1443
- accountId?: string | undefined;
1444
- }
1445
-
1446
- export interface ListNetworkResponse {
1447
- networks?: Network[] | undefined;
1448
- }
1449
-
1450
- export interface ListPrivateAccessSettingsRequest {
1451
- accountId?: string | undefined;
1452
- }
1453
-
1454
- export interface ListPrivateAccessSettingsResponse {
1455
- privateAccessSettings?: CustomerFacingPrivateAccessSettings[] | undefined;
1456
- }
1457
-
1458
- export interface ListVpcEndpointRequest {
1459
- accountId?: string | undefined;
1460
- }
1461
-
1462
- export interface ListVpcEndpointResponse {
1463
- vpcEndpoints?: CustomerFacingVpcEndpoint[] | undefined;
1464
- }
1465
-
1466
- /**
1467
- * Properties of the new private endpoint rule.
1468
- * Note that you must approve the endpoint in Azure portal after initialization.
1469
- */
1470
- export interface NccPrivateEndpointRule {
1471
- /** The ID of a private endpoint rule. */
1472
- ruleId?: string | undefined;
1473
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
1474
- networkConnectivityConfigId?: string | undefined;
1475
- /**
1476
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
1477
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console
1478
- * before they take effect.
1479
- * The possible values are:
1480
- * - PENDING: The endpoint has been created and pending approval.
1481
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
1482
- * - REJECTED: Connection was rejected by the private link resource owner.
1483
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
1484
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
1485
- * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING.
1486
- * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details.
1487
- */
1488
- connectionState?:
1489
- | NccPrivateEndpointRule_PrivateLinkConnectionState
1490
- | undefined;
1491
- /**
1492
- * Only used by private endpoints to customer-managed private endpoint services.
1493
- *
1494
- * Domain names of target private link service.
1495
- * When updating this field, the full list of target domain_names must be specified.
1496
- */
1497
- domainNames?: string[] | undefined;
1498
- /** Time in epoch milliseconds when this object was created. */
1499
- creationTime?: bigint | undefined;
1500
- /** Time in epoch milliseconds when this object was updated. */
1501
- updatedTime?: bigint | undefined;
1502
- /** Whether this private endpoint is deactivated. */
1503
- deactivated?: boolean | undefined;
1504
- /** Time in epoch milliseconds when this object was deactivated. */
1505
- deactivatedAt?: bigint | undefined;
1506
- errorMessage?: string | undefined;
1507
- /** The Azure resource ID of the target resource. */
1508
- resourceId?: string | undefined;
1509
- /**
1510
- * Not used by customer-managed private endpoint services.
1511
- *
1512
- * The sub-resource type (group ID) of the target resource.
1513
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
1514
- */
1515
- groupId?: string | undefined;
1516
- /** The name of the Azure private endpoint resource. */
1517
- endpointName?: string | undefined;
1518
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
1519
- accountId?: string | undefined;
1520
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
1521
- endpointService?: string | undefined;
1522
- /**
1523
- * Only used by private endpoints towards AWS S3 service.
1524
- *
1525
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
1526
- * The bucket names must be in the same region as the NCC/endpoint service.
1527
- * When updating this field, we perform full update on this field. Please ensure a full list of desired
1528
- * resource_names is provided.
1529
- */
1530
- resourceNames?: string[] | undefined;
1531
- /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by <Databricks>. */
1532
- vpcEndpointId?: string | undefined;
1533
- /**
1534
- * Update this field to activate/deactivate this private endpoint to allow egress access from
1535
- * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3).
1536
- */
1537
- enabled?: boolean | undefined;
1538
- endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined;
1539
- }
1540
-
1541
- export interface Network {
1542
- /** The <Databricks> network configuration ID. */
1543
- networkId?: string | undefined;
1544
- /** The <Databricks> account ID associated with this network configuration. */
1545
- accountId?: string | undefined;
1546
- /** Workspace ID associated with this network configuration. */
1547
- workspaceId?: bigint | undefined;
1548
- /** The ID of the VPC associated with this network configuration. VPC IDs can be used in multiple networks. */
1549
- vpcId?: string | undefined;
1550
- /** IDs of at least two subnets associated with this network. Subnet IDs **cannot** be used in multiple network configurations. */
1551
- subnetIds?: string[] | undefined;
1552
- /** IDs of one to five security groups associated with this network. Security group IDs **cannot** be used in multiple network configurations. */
1553
- securityGroupIds?: string[] | undefined;
1554
- vpcStatus?: VpcStatus | undefined;
1555
- /** Array of error messages about the network configuration. */
1556
- errorMessages?: NetworkHealth[] | undefined;
1557
- /** The human-readable name of the network configuration. */
1558
- networkName?: string | undefined;
1559
- /** Time in epoch milliseconds when the network was created. */
1560
- creationTime?: bigint | undefined;
1561
- /** Array of warning messages about the network configuration. */
1562
- warningMessages?: NetworkWarning[] | undefined;
1563
- vpcEndpoints?: NetworkVpcEndpoints | undefined;
1564
- networkInfo?:
1565
- | {$case: 'gcpNetworkInfo'; gcpNetworkInfo: GcpNetworkInfo}
1566
- | undefined;
1567
- }
1568
-
1569
- /**
1570
- * Egress network configurations. Provides network configurations for Databricks -> Customer
1571
- * traffic.
1572
- */
1573
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1574
- export interface NetworkConnectivityConfigEgressConfig {}
1575
-
1576
- /** Default rules don't have specific targets. */
1577
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1578
- export interface NetworkConnectivityConfigEgressConfig_DefaultRule {
1579
- azureServiceEndpointRule?:
1580
- | NetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRule
1581
- | undefined;
1582
- awsStableIpRule?:
1583
- | NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule
1584
- | undefined;
1585
- }
1586
-
1587
- /** The stable AWS IP CIDR blocks. You can use these to configure the firewall of your resources to allow traffic from your <Databricks> workspace. */
1588
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1589
- export interface NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule {
1590
- /** The list of stable IP CIDR blocks from which <Databricks> network traffic originates when accessing your resources. */
1591
- cidrBlocks?: string[] | undefined;
1592
- }
1593
-
1594
- /**
1595
- * The stable Azure service endpoints. You can configure the firewall of your Azure resources
1596
- * to allow traffic from your <Databricks> serverless compute resources.
1597
- */
1598
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1599
- export interface NetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRule {
1600
- /** The Azure region in which this service endpoint rule applies.. */
1601
- targetRegion?: string | undefined;
1602
- /** The Azure services to which this service endpoint rule applies to. */
1603
- targetServices?: EgressResourceType[] | undefined;
1604
- /** The list of subnets from which <Databricks> network traffic originates when accessing your Azure resources. */
1605
- subnets?: string[] | undefined;
1606
- }
1607
-
1608
- export interface NetworkHealth {
1609
- errorType?: string | undefined;
1610
- /** Details of the error. */
1611
- errorMessage?: string | undefined;
1612
- }
1613
-
1614
- export interface NetworkVpcEndpoints {
1615
- /** The VPC endpoint ID used by this network to access the Databricks REST API. */
1616
- restApi?: string[] | undefined;
1617
- /** The VPC endpoint ID used by this network to access the <Databricks> secure cluster connectivity relay. */
1618
- dataplaneRelay?: string[] | undefined;
1619
- }
1620
-
1621
- export interface NetworkWarning {
1622
- warningType?: string | undefined;
1623
- /** Details of the warning. */
1624
- warningMessage?: string | undefined;
1625
- }
1626
-
1627
- /** Details required to replace an IP access list. */
1628
- export interface ReplaceAccountIpAccessListRequest {
1629
- accountId?: string | undefined;
1630
- /** The ID for the corresponding IP access list */
1631
- listId?: string | undefined;
1632
- /** Label for the IP access list. This **cannot** be empty. */
1633
- label?: string | undefined;
1634
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
1635
- ipAddresses?: string[] | undefined;
1636
- /** Specifies whether this IP access list is enabled. */
1637
- enabled?: boolean | undefined;
1638
- }
1639
-
1640
- /** The IP access list was successfully replaced. */
1641
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1642
- export interface ReplaceAccountIpAccessListRequest_Response {
1643
- ipAccessList?: AccountIpAccessList | undefined;
1644
- }
1645
-
1646
- /** Details required to replace an IP access list. */
1647
- export interface ReplaceIpAccessList {
1648
- /** The ID for the corresponding IP access list */
1649
- listId?: string | undefined;
1650
- /** Label for the IP access list. This **cannot** be empty. */
1651
- label?: string | undefined;
1652
- listType?: IpAccessListType | undefined;
1653
- ipAddresses?: string[] | undefined;
1654
- /** Specifies whether this IP access list is enabled. */
1655
- enabled?: boolean | undefined;
1656
- }
1657
-
1658
- /** The IP access list was successfully replaced. */
1659
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1660
- export interface ReplaceIpAccessList_Response {
1661
- ipAccessList?: IpAccessList | undefined;
1662
- }
1663
-
1664
- /** Details required to update an IP access list. */
1665
- export interface UpdateAccountIpAccessListRequest {
1666
- accountId?: string | undefined;
1667
- /** The ID for the corresponding IP access list */
1668
- listId?: string | undefined;
1669
- /** Label for the IP access list. This **cannot** be empty. */
1670
- label?: string | undefined;
1671
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
1672
- ipAddresses?: string[] | undefined;
1673
- /** Specifies whether this IP access list is enabled. */
1674
- enabled?: boolean | undefined;
1675
- }
1676
-
1677
- /** The IP access list was successfully updated. */
1678
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1679
- export interface UpdateAccountIpAccessListRequest_Response {
1680
- ipAccessList?: AccountIpAccessList | undefined;
1681
- }
1682
-
1683
- /** Details required to update an IP access list. */
1684
- export interface UpdateIpAccessList {
1685
- /** The ID for the corresponding IP access list */
1686
- listId?: string | undefined;
1687
- /** Label for the IP access list. This **cannot** be empty. */
1688
- label?: string | undefined;
1689
- listType?: IpAccessListType | undefined;
1690
- ipAddresses?: string[] | undefined;
1691
- /** Specifies whether this IP access list is enabled. */
1692
- enabled?: boolean | undefined;
1693
- }
1694
-
1695
- /** The IP access list was successfully updated. */
1696
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1697
- export interface UpdateIpAccessList_Response {
1698
- ipAccessList?: IpAccessList | undefined;
1699
- }
1700
-
1701
- /** Your Network Connectivity Configuration ID. */
1702
- export interface UpdateNccPrivateEndpointRuleRequest {
1703
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
1704
- networkConnectivityConfigId?: string | undefined;
1705
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1706
- accountId?: string | undefined;
1707
- /** Your private endpoint rule ID. */
1708
- privateEndpointRuleId?: string | undefined;
1709
- privateEndpointRule?: UpdatePrivateEndpointRule | undefined;
1710
- updateMask?: FieldMask<UpdatePrivateEndpointRule> | undefined;
1711
- }
1712
-
1713
- export interface UpdateNetworkPolicyRequest {
1714
- /** The unique identifier for the network policy. */
1715
- networkPolicyId?: string | undefined;
1716
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1717
- accountId?: string | undefined;
1718
- /** Updated network policy configuration details. */
1719
- networkPolicy?: AccountNetworkPolicy | undefined;
1720
- }
1721
-
1722
- export interface UpdatePrivateAccessSettingsRequest {
1723
- /** Properties of the new private access settings object. */
1724
- customerFacingPrivateAccessSettings?:
1725
- | CustomerFacingPrivateAccessSettings
1726
- | undefined;
1727
- }
1728
-
1729
- /**
1730
- * Properties of the new private endpoint rule.
1731
- * Note that you must approve the endpoint in Azure portal after initialization.
1732
- */
1733
- export interface UpdatePrivateEndpointRule {
1734
- /** The ID of a private endpoint rule. */
1735
- ruleId?: string | undefined;
1736
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
1737
- networkConnectivityConfigId?: string | undefined;
1738
- /**
1739
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
1740
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console
1741
- * before they take effect.
1742
- * The possible values are:
1743
- * - PENDING: The endpoint has been created and pending approval.
1744
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
1745
- * - REJECTED: Connection was rejected by the private link resource owner.
1746
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
1747
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
1748
- * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING.
1749
- * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details.
1750
- */
1751
- connectionState?:
1752
- | NccPrivateEndpointRule_PrivateLinkConnectionState
1753
- | undefined;
1754
- /**
1755
- * Only used by private endpoints to customer-managed private endpoint services.
1756
- *
1757
- * Domain names of target private link service.
1758
- * When updating this field, the full list of target domain_names must be specified.
1759
- */
1760
- domainNames?: string[] | undefined;
1761
- /** Time in epoch milliseconds when this object was created. */
1762
- creationTime?: bigint | undefined;
1763
- /** Time in epoch milliseconds when this object was updated. */
1764
- updatedTime?: bigint | undefined;
1765
- /** Whether this private endpoint is deactivated. */
1766
- deactivated?: boolean | undefined;
1767
- /** Time in epoch milliseconds when this object was deactivated. */
1768
- deactivatedAt?: bigint | undefined;
1769
- errorMessage?: string | undefined;
1770
- /** The Azure resource ID of the target resource. */
1771
- resourceId?: string | undefined;
1772
- /**
1773
- * Not used by customer-managed private endpoint services.
1774
- *
1775
- * The sub-resource type (group ID) of the target resource.
1776
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
1777
- */
1778
- groupId?: string | undefined;
1779
- /** The name of the Azure private endpoint resource. */
1780
- endpointName?: string | undefined;
1781
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
1782
- accountId?: string | undefined;
1783
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
1784
- endpointService?: string | undefined;
1785
- /**
1786
- * Only used by private endpoints towards AWS S3 service.
1787
- *
1788
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
1789
- * The bucket names must be in the same region as the NCC/endpoint service.
1790
- * When updating this field, we perform full update on this field. Please ensure a full list of desired
1791
- * resource_names is provided.
1792
- */
1793
- resourceNames?: string[] | undefined;
1794
- /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by <Databricks>. */
1795
- vpcEndpointId?: string | undefined;
1796
- /**
1797
- * Update this field to activate/deactivate this private endpoint to allow egress access from
1798
- * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3).
1799
- */
1800
- enabled?: boolean | undefined;
1801
- endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined;
1802
- }
1803
-
1804
- export interface UpdateWorkspaceNetworkOptionRequest {
1805
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1806
- accountId?: string | undefined;
1807
- /** The workspace ID. */
1808
- workspaceId?: bigint | undefined;
1809
- /** The network option details for the workspace. */
1810
- workspaceNetworkOption?: WorkspaceNetworkOption | undefined;
1811
- }
1812
-
1813
- export interface WorkspaceNetworkOption {
1814
- /**
1815
- * The network policy ID to apply to the workspace. This controls the network access rules
1816
- * for all serverless compute resources in the workspace. Each workspace can only be
1817
- * linked to one policy at a time. If no policy is explicitly assigned,
1818
- * the workspace will use 'default-policy'.
1819
- */
1820
- networkPolicyId?: string | undefined;
1821
- /** The workspace ID. */
1822
- workspaceId?: bigint | undefined;
1823
- }
1824
-
1825
- export const unmarshalAccountIpAccessListSchema: z.ZodType<AccountIpAccessList> =
1826
- z
1827
- .object({
1828
- list_id: z.string().optional(),
1829
- label: z.string().optional(),
1830
- ip_addresses: z.array(z.string()).optional(),
1831
- address_count: z.number().optional(),
1832
- list_type: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
1833
- created_at: z
1834
- .union([z.number(), z.bigint()])
1835
- .transform(v => BigInt(v))
1836
- .optional(),
1837
- created_by: z
1838
- .union([z.number(), z.bigint()])
1839
- .transform(v => BigInt(v))
1840
- .optional(),
1841
- updated_at: z
1842
- .union([z.number(), z.bigint()])
1843
- .transform(v => BigInt(v))
1844
- .optional(),
1845
- updated_by: z
1846
- .union([z.number(), z.bigint()])
1847
- .transform(v => BigInt(v))
1848
- .optional(),
1849
- enabled: z.boolean().optional(),
1850
- })
1851
- .transform(d => ({
1852
- listId: d.list_id,
1853
- label: d.label,
1854
- ipAddresses: d.ip_addresses,
1855
- addressCount: d.address_count,
1856
- listType: d.list_type,
1857
- createdAt: d.created_at,
1858
- createdBy: d.created_by,
1859
- updatedAt: d.updated_at,
1860
- updatedBy: d.updated_by,
1861
- enabled: d.enabled,
1862
- }));
1863
-
1864
- export const unmarshalAccountNetworkPolicySchema: z.ZodType<AccountNetworkPolicy> =
1865
- z
1866
- .object({
1867
- network_policy_id: z.string().optional(),
1868
- account_id: z.string().optional(),
1869
- egress: z.lazy(() => unmarshalEgressNetworkPolicySchema).optional(),
1870
- ingress: z
1871
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicySchema)
1872
- .optional(),
1873
- ingress_dry_run: z
1874
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicySchema)
1875
- .optional(),
1876
- })
1877
- .transform(d => ({
1878
- networkPolicyId: d.network_policy_id,
1879
- accountId: d.account_id,
1880
- egress: d.egress,
1881
- ingress: d.ingress,
1882
- ingressDryRun: d.ingress_dry_run,
1883
- }));
1884
-
1885
- export const unmarshalAzurePrivateEndpointInfoSchema: z.ZodType<AzurePrivateEndpointInfo> =
1886
- z
1887
- .object({
1888
- private_endpoint_name: z.string().optional(),
1889
- private_endpoint_resource_guid: z.string().optional(),
1890
- private_endpoint_resource_id: z.string().optional(),
1891
- private_link_service_id: z.string().optional(),
1892
- })
1893
- .transform(d => ({
1894
- privateEndpointName: d.private_endpoint_name,
1895
- privateEndpointResourceGuid: d.private_endpoint_resource_guid,
1896
- privateEndpointResourceId: d.private_endpoint_resource_id,
1897
- privateLinkServiceId: d.private_link_service_id,
1898
- }));
1899
-
1900
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1901
- export const unmarshalCreateAccountIpAccessListRequest_ResponseSchema: z.ZodType<CreateAccountIpAccessListRequest_Response> =
1902
- z
1903
- .object({
1904
- ip_access_list: z
1905
- .lazy(() => unmarshalAccountIpAccessListSchema)
1906
- .optional(),
1907
- })
1908
- .transform(d => ({
1909
- ipAccessList: d.ip_access_list,
1910
- }));
1911
-
1912
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1913
- export const unmarshalCreateIpAccessList_ResponseSchema: z.ZodType<CreateIpAccessList_Response> =
1914
- z
1915
- .object({
1916
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
1917
- })
1918
- .transform(d => ({
1919
- ipAccessList: d.ip_access_list,
1920
- }));
1921
-
1922
- export const unmarshalCustomerFacingGcpVpcEndpointInfoSchema: z.ZodType<CustomerFacingGcpVpcEndpointInfo> =
1923
- z
1924
- .object({
1925
- psc_connection_id: z.string().optional(),
1926
- project_id: z.string().optional(),
1927
- psc_endpoint_name: z.string().optional(),
1928
- endpoint_region: z.string().optional(),
1929
- service_attachment_id: z.string().optional(),
1930
- })
1931
- .transform(d => ({
1932
- pscConnectionId: d.psc_connection_id,
1933
- projectId: d.project_id,
1934
- pscEndpointName: d.psc_endpoint_name,
1935
- endpointRegion: d.endpoint_region,
1936
- serviceAttachmentId: d.service_attachment_id,
1937
- }));
1938
-
1939
- export const unmarshalCustomerFacingIngressNetworkPolicySchema: z.ZodType<CustomerFacingIngressNetworkPolicy> =
1940
- z
1941
- .object({
1942
- public_access: z
1943
- .lazy(
1944
- () => unmarshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema
1945
- )
1946
- .optional(),
1947
- private_access: z
1948
- .lazy(
1949
- () => unmarshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema
1950
- )
1951
- .optional(),
1952
- cross_workspace_access: z
1953
- .lazy(
1954
- () =>
1955
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema
1956
- )
1957
- .optional(),
1958
- })
1959
- .transform(d => ({
1960
- publicAccess: d.public_access,
1961
- privateAccess: d.private_access,
1962
- crossWorkspaceAccess: d.cross_workspace_access,
1963
- }));
1964
-
1965
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1966
- export const unmarshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AccountApiDestination> =
1967
- z
1968
- .object({
1969
- scopes: z.array(z.string()).optional(),
1970
- scope_qualifier: z
1971
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
1972
- .optional(),
1973
- })
1974
- .transform(d => ({
1975
- scopes: d.scopes,
1976
- scopeQualifier: d.scope_qualifier,
1977
- }));
1978
-
1979
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1980
- export const unmarshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination> =
1981
- z
1982
- .object({
1983
- all_destinations: z.boolean().optional(),
1984
- })
1985
- .transform(d => ({
1986
- allDestinations: d.all_destinations,
1987
- }));
1988
-
1989
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1990
- export const unmarshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AccountUiDestination> =
1991
- z
1992
- .object({
1993
- all_destinations: z.boolean().optional(),
1994
- })
1995
- .transform(d => ({
1996
- allDestinations: d.all_destinations,
1997
- }));
1998
-
1999
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2000
- export const unmarshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination> =
2001
- z
2002
- .object({
2003
- all_destinations: z.boolean().optional(),
2004
- })
2005
- .transform(d => ({
2006
- allDestinations: d.all_destinations,
2007
- }));
2008
-
2009
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2010
- export const unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_Authentication> =
2011
- z
2012
- .object({
2013
- identity_type: z
2014
- .enum(CustomerFacingIngressNetworkPolicy_Authentication_IdentityType)
2015
- .optional(),
2016
- identities: z
2017
- .array(
2018
- z.lazy(
2019
- () =>
2020
- unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema
2021
- )
2022
- )
2023
- .optional(),
2024
- })
2025
- .transform(d => ({
2026
- identityType: d.identity_type,
2027
- identities: d.identities,
2028
- }));
2029
-
2030
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2031
- export const unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AuthenticationIdentity> =
2032
- z
2033
- .object({
2034
- principal_type: z
2035
- .enum(
2036
- CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType
2037
- )
2038
- .optional(),
2039
- principal_id: z
2040
- .union([z.number(), z.bigint()])
2041
- .transform(v => BigInt(v))
2042
- .optional(),
2043
- })
2044
- .transform(d => ({
2045
- principalType: d.principal_type,
2046
- principalId: d.principal_id,
2047
- }));
2048
-
2049
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2050
- export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess> =
2051
- z
2052
- .object({
2053
- restriction_mode: z
2054
- .enum(
2055
- CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode
2056
- )
2057
- .optional(),
2058
- deny_rules: z
2059
- .array(
2060
- z.lazy(
2061
- () =>
2062
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
2063
- )
2064
- )
2065
- .optional(),
2066
- allow_rules: z
2067
- .array(
2068
- z.lazy(
2069
- () =>
2070
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
2071
- )
2072
- )
2073
- .optional(),
2074
- })
2075
- .transform(d => ({
2076
- restrictionMode: d.restriction_mode,
2077
- denyRules: d.deny_rules,
2078
- allowRules: d.allow_rules,
2079
- }));
2080
-
2081
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2082
- export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule> =
2083
- z
2084
- .object({
2085
- origin: z
2086
- .lazy(
2087
- () =>
2088
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema
2089
- )
2090
- .optional(),
2091
- destination: z
2092
- .lazy(
2093
- () =>
2094
- unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
2095
- )
2096
- .optional(),
2097
- authentication: z
2098
- .lazy(
2099
- () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
2100
- )
2101
- .optional(),
2102
- label: z.string().optional(),
2103
- })
2104
- .transform(d => ({
2105
- origin: d.origin,
2106
- destination: d.destination,
2107
- authentication: d.authentication,
2108
- label: d.label,
2109
- }));
2110
-
2111
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2112
- export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin> =
2113
- z
2114
- .object({
2115
- all_source_workspaces: z.boolean().optional(),
2116
- selected_workspaces: z
2117
- .lazy(
2118
- () =>
2119
- unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema
2120
- )
2121
- .optional(),
2122
- })
2123
- .transform(d => ({
2124
- source:
2125
- d.all_source_workspaces !== undefined
2126
- ? {
2127
- $case: 'allSourceWorkspaces' as const,
2128
- allSourceWorkspaces: d.all_source_workspaces,
2129
- }
2130
- : d.selected_workspaces !== undefined
2131
- ? {
2132
- $case: 'selectedWorkspaces' as const,
2133
- selectedWorkspaces: d.selected_workspaces,
2134
- }
2135
- : undefined,
2136
- }));
2137
-
2138
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2139
- export const unmarshalCustomerFacingIngressNetworkPolicy_EndpointsSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_Endpoints> =
2140
- z
2141
- .object({
2142
- endpoint_ids: z.array(z.string()).optional(),
2143
- })
2144
- .transform(d => ({
2145
- endpointIds: d.endpoint_ids,
2146
- }));
2147
-
2148
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2149
- export const unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_IpRanges> =
2150
- z
2151
- .object({
2152
- ip_ranges: z.array(z.string()).optional(),
2153
- })
2154
- .transform(d => ({
2155
- ipRanges: d.ip_ranges,
2156
- }));
2157
-
2158
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2159
- export const unmarshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination> =
2160
- z
2161
- .object({
2162
- all_destinations: z.boolean().optional(),
2163
- })
2164
- .transform(d => ({
2165
- allDestinations: d.all_destinations,
2166
- }));
2167
-
2168
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2169
- export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PrivateAccess> =
2170
- z
2171
- .object({
2172
- restriction_mode: z
2173
- .enum(CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode)
2174
- .optional(),
2175
- deny_rules: z
2176
- .array(
2177
- z.lazy(
2178
- () =>
2179
- unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
2180
- )
2181
- )
2182
- .optional(),
2183
- allow_rules: z
2184
- .array(
2185
- z.lazy(
2186
- () =>
2187
- unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
2188
- )
2189
- )
2190
- .optional(),
2191
- })
2192
- .transform(d => ({
2193
- restrictionMode: d.restriction_mode,
2194
- denyRules: d.deny_rules,
2195
- allowRules: d.allow_rules,
2196
- }));
2197
-
2198
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2199
- export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PrivateIngressRule> =
2200
- z
2201
- .object({
2202
- origin: z
2203
- .lazy(
2204
- () =>
2205
- unmarshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema
2206
- )
2207
- .optional(),
2208
- destination: z
2209
- .lazy(
2210
- () =>
2211
- unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
2212
- )
2213
- .optional(),
2214
- authentication: z
2215
- .lazy(
2216
- () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
2217
- )
2218
- .optional(),
2219
- label: z.string().optional(),
2220
- })
2221
- .transform(d => ({
2222
- origin: d.origin,
2223
- destination: d.destination,
2224
- authentication: d.authentication,
2225
- label: d.label,
2226
- }));
2227
-
2228
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2229
- export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin> =
2230
- z
2231
- .object({
2232
- endpoints: z
2233
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_EndpointsSchema)
2234
- .optional(),
2235
- all_registered_endpoints: z.boolean().optional(),
2236
- azure_workspace_private_link: z.boolean().optional(),
2237
- all_private_access: z.boolean().optional(),
2238
- })
2239
- .transform(d => ({
2240
- source:
2241
- d.endpoints !== undefined
2242
- ? {$case: 'endpoints' as const, endpoints: d.endpoints}
2243
- : d.all_registered_endpoints !== undefined
2244
- ? {
2245
- $case: 'allRegisteredEndpoints' as const,
2246
- allRegisteredEndpoints: d.all_registered_endpoints,
2247
- }
2248
- : d.azure_workspace_private_link !== undefined
2249
- ? {
2250
- $case: 'azureWorkspacePrivateLink' as const,
2251
- azureWorkspacePrivateLink: d.azure_workspace_private_link,
2252
- }
2253
- : d.all_private_access !== undefined
2254
- ? {
2255
- $case: 'allPrivateAccess' as const,
2256
- allPrivateAccess: d.all_private_access,
2257
- }
2258
- : undefined,
2259
- }));
2260
-
2261
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2262
- export const unmarshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PublicAccess> =
2263
- z
2264
- .object({
2265
- restriction_mode: z
2266
- .enum(CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode)
2267
- .optional(),
2268
- deny_rules: z
2269
- .array(
2270
- z.lazy(
2271
- () =>
2272
- unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
2273
- )
2274
- )
2275
- .optional(),
2276
- allow_rules: z
2277
- .array(
2278
- z.lazy(
2279
- () =>
2280
- unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
2281
- )
2282
- )
2283
- .optional(),
2284
- })
2285
- .transform(d => ({
2286
- restrictionMode: d.restriction_mode,
2287
- denyRules: d.deny_rules,
2288
- allowRules: d.allow_rules,
2289
- }));
2290
-
2291
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2292
- export const unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PublicIngressRule> =
2293
- z
2294
- .object({
2295
- origin: z
2296
- .lazy(
2297
- () =>
2298
- unmarshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema
2299
- )
2300
- .optional(),
2301
- destination: z
2302
- .lazy(
2303
- () =>
2304
- unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
2305
- )
2306
- .optional(),
2307
- authentication: z
2308
- .lazy(
2309
- () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
2310
- )
2311
- .optional(),
2312
- label: z.string().optional(),
2313
- })
2314
- .transform(d => ({
2315
- origin: d.origin,
2316
- destination: d.destination,
2317
- authentication: d.authentication,
2318
- label: d.label,
2319
- }));
2320
-
2321
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2322
- export const unmarshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PublicRequestOrigin> =
2323
- z
2324
- .object({
2325
- all_ip_ranges: z.boolean().optional(),
2326
- included_ip_ranges: z
2327
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema)
2328
- .optional(),
2329
- excluded_ip_ranges: z
2330
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema)
2331
- .optional(),
2332
- })
2333
- .transform(d => ({
2334
- source:
2335
- d.all_ip_ranges !== undefined
2336
- ? {$case: 'allIpRanges' as const, allIpRanges: d.all_ip_ranges}
2337
- : d.included_ip_ranges !== undefined
2338
- ? {
2339
- $case: 'includedIpRanges' as const,
2340
- includedIpRanges: d.included_ip_ranges,
2341
- }
2342
- : d.excluded_ip_ranges !== undefined
2343
- ? {
2344
- $case: 'excludedIpRanges' as const,
2345
- excludedIpRanges: d.excluded_ip_ranges,
2346
- }
2347
- : undefined,
2348
- }));
2349
-
2350
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2351
- export const unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_RequestDestination> =
2352
- z
2353
- .object({
2354
- all_destinations: z.boolean().optional(),
2355
- workspace_ui: z
2356
- .lazy(
2357
- () =>
2358
- unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema
2359
- )
2360
- .optional(),
2361
- workspace_api: z
2362
- .lazy(
2363
- () =>
2364
- unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema
2365
- )
2366
- .optional(),
2367
- apps_runtime: z
2368
- .lazy(
2369
- () =>
2370
- unmarshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema
2371
- )
2372
- .optional(),
2373
- lakebase_runtime: z
2374
- .lazy(
2375
- () =>
2376
- unmarshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema
2377
- )
2378
- .optional(),
2379
- account_ui: z
2380
- .lazy(
2381
- () =>
2382
- unmarshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema
2383
- )
2384
- .optional(),
2385
- account_api: z
2386
- .lazy(
2387
- () =>
2388
- unmarshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema
2389
- )
2390
- .optional(),
2391
- account_databricks_one: z
2392
- .lazy(
2393
- () =>
2394
- unmarshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema
2395
- )
2396
- .optional(),
2397
- })
2398
- .transform(d => ({
2399
- allDestinations: d.all_destinations,
2400
- workspaceUi: d.workspace_ui,
2401
- workspaceApi: d.workspace_api,
2402
- appsRuntime: d.apps_runtime,
2403
- lakebaseRuntime: d.lakebase_runtime,
2404
- accountUi: d.account_ui,
2405
- accountApi: d.account_api,
2406
- accountDatabricksOne: d.account_databricks_one,
2407
- }));
2408
-
2409
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2410
- export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination> =
2411
- z
2412
- .object({
2413
- scopes: z.array(z.string()).optional(),
2414
- scope_qualifier: z
2415
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
2416
- .optional(),
2417
- })
2418
- .transform(d => ({
2419
- scopes: d.scopes,
2420
- scopeQualifier: d.scope_qualifier,
2421
- }));
2422
-
2423
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2424
- export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_WorkspaceIdList> =
2425
- z
2426
- .object({
2427
- workspace_ids: z
2428
- .array(z.union([z.number(), z.bigint()]).transform(v => BigInt(v)))
2429
- .optional(),
2430
- })
2431
- .transform(d => ({
2432
- workspaceIds: d.workspace_ids,
2433
- }));
2434
-
2435
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2436
- export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination> =
2437
- z
2438
- .object({
2439
- all_destinations: z.boolean().optional(),
2440
- })
2441
- .transform(d => ({
2442
- allDestinations: d.all_destinations,
2443
- }));
2444
-
2445
- export const unmarshalCustomerFacingNetworkConnectivityConfigSchema: z.ZodType<CustomerFacingNetworkConnectivityConfig> =
2446
- z
2447
- .object({
2448
- network_connectivity_config_id: z.string().optional(),
2449
- account_id: z.string().optional(),
2450
- name: z.string().optional(),
2451
- region: z.string().optional(),
2452
- egress_config: z
2453
- .lazy(
2454
- () =>
2455
- unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema
2456
- )
2457
- .optional(),
2458
- updated_time: z
2459
- .union([z.number(), z.bigint()])
2460
- .transform(v => BigInt(v))
2461
- .optional(),
2462
- creation_time: z
2463
- .union([z.number(), z.bigint()])
2464
- .transform(v => BigInt(v))
2465
- .optional(),
2466
- })
2467
- .transform(d => ({
2468
- networkConnectivityConfigId: d.network_connectivity_config_id,
2469
- accountId: d.account_id,
2470
- name: d.name,
2471
- region: d.region,
2472
- egressConfig: d.egress_config,
2473
- updatedTime: d.updated_time,
2474
- creationTime: d.creation_time,
2475
- }));
2476
-
2477
- export const unmarshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule> =
2478
- z
2479
- .object({
2480
- rule_id: z.string().optional(),
2481
- network_connectivity_config_id: z.string().optional(),
2482
- account_id: z.string().optional(),
2483
- endpoint_service: z.string().optional(),
2484
- domain_names: z.array(z.string()).optional(),
2485
- resource_names: z.array(z.string()).optional(),
2486
- vpc_endpoint_id: z.string().optional(),
2487
- connection_state: z
2488
- .enum(
2489
- CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState
2490
- )
2491
- .optional(),
2492
- creation_time: z
2493
- .union([z.number(), z.bigint()])
2494
- .transform(v => BigInt(v))
2495
- .optional(),
2496
- updated_time: z
2497
- .union([z.number(), z.bigint()])
2498
- .transform(v => BigInt(v))
2499
- .optional(),
2500
- deactivated: z.boolean().optional(),
2501
- deactivated_at: z
2502
- .union([z.number(), z.bigint()])
2503
- .transform(v => BigInt(v))
2504
- .optional(),
2505
- enabled: z.boolean().optional(),
2506
- error_message: z.string().optional(),
2507
- })
2508
- .transform(d => ({
2509
- ruleId: d.rule_id,
2510
- networkConnectivityConfigId: d.network_connectivity_config_id,
2511
- accountId: d.account_id,
2512
- endpointService: d.endpoint_service,
2513
- domainNames: d.domain_names,
2514
- resourceNames: d.resource_names,
2515
- vpcEndpointId: d.vpc_endpoint_id,
2516
- connectionState: d.connection_state,
2517
- creationTime: d.creation_time,
2518
- updatedTime: d.updated_time,
2519
- deactivated: d.deactivated,
2520
- deactivatedAt: d.deactivated_at,
2521
- enabled: d.enabled,
2522
- errorMessage: d.error_message,
2523
- }));
2524
-
2525
- export const unmarshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule> =
2526
- z
2527
- .object({
2528
- rule_id: z.string().optional(),
2529
- network_connectivity_config_id: z.string().optional(),
2530
- resource_id: z.string().optional(),
2531
- group_id: z.string().optional(),
2532
- endpoint_name: z.string().optional(),
2533
- connection_state: z
2534
- .enum(
2535
- CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState
2536
- )
2537
- .optional(),
2538
- creation_time: z
2539
- .union([z.number(), z.bigint()])
2540
- .transform(v => BigInt(v))
2541
- .optional(),
2542
- updated_time: z
2543
- .union([z.number(), z.bigint()])
2544
- .transform(v => BigInt(v))
2545
- .optional(),
2546
- deactivated: z.boolean().optional(),
2547
- deactivated_at: z
2548
- .union([z.number(), z.bigint()])
2549
- .transform(v => BigInt(v))
2550
- .optional(),
2551
- domain_names: z.array(z.string()).optional(),
2552
- error_message: z.string().optional(),
2553
- })
2554
- .transform(d => ({
2555
- ruleId: d.rule_id,
2556
- networkConnectivityConfigId: d.network_connectivity_config_id,
2557
- resourceId: d.resource_id,
2558
- groupId: d.group_id,
2559
- endpointName: d.endpoint_name,
2560
- connectionState: d.connection_state,
2561
- creationTime: d.creation_time,
2562
- updatedTime: d.updated_time,
2563
- deactivated: d.deactivated,
2564
- deactivatedAt: d.deactivated_at,
2565
- domainNames: d.domain_names,
2566
- errorMessage: d.error_message,
2567
- }));
2568
-
2569
- export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigEgressConfig> =
2570
- z
2571
- .object({
2572
- default_rules: z
2573
- .lazy(
2574
- () => unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema
2575
- )
2576
- .optional(),
2577
- target_rules: z
2578
- .lazy(
2579
- () =>
2580
- unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema
2581
- )
2582
- .optional(),
2583
- })
2584
- .transform(d => ({
2585
- defaultRules: d.default_rules,
2586
- targetRules: d.target_rules,
2587
- }));
2588
-
2589
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2590
- export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule> =
2591
- z
2592
- .object({
2593
- azure_private_endpoint_rules: z
2594
- .array(
2595
- z.lazy(
2596
- () =>
2597
- unmarshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema
2598
- )
2599
- )
2600
- .optional(),
2601
- aws_private_endpoint_rules: z
2602
- .array(
2603
- z.lazy(
2604
- () =>
2605
- unmarshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema
2606
- )
2607
- )
2608
- .optional(),
2609
- })
2610
- .transform(d => ({
2611
- azurePrivateEndpointRules: d.azure_private_endpoint_rules,
2612
- awsPrivateEndpointRules: d.aws_private_endpoint_rules,
2613
- }));
2614
-
2615
- export const unmarshalCustomerFacingPrivateAccessSettingsSchema: z.ZodType<CustomerFacingPrivateAccessSettings> =
2616
- z
2617
- .object({
2618
- private_access_settings_id: z.string().optional(),
2619
- account_id: z.string().optional(),
2620
- private_access_settings_name: z.string().optional(),
2621
- region: z.string().optional(),
2622
- public_access_enabled: z.boolean().optional(),
2623
- private_access_level: z.enum(PrivateAccessLevel).optional(),
2624
- allowed_vpc_endpoint_ids: z.array(z.string()).optional(),
2625
- })
2626
- .transform(d => ({
2627
- privateAccessSettingsId: d.private_access_settings_id,
2628
- accountId: d.account_id,
2629
- privateAccessSettingsName: d.private_access_settings_name,
2630
- region: d.region,
2631
- publicAccessEnabled: d.public_access_enabled,
2632
- privateAccessLevel: d.private_access_level,
2633
- allowedVpcEndpointIds: d.allowed_vpc_endpoint_ids,
2634
- }));
2635
-
2636
- export const unmarshalCustomerFacingVpcEndpointSchema: z.ZodType<CustomerFacingVpcEndpoint> =
2637
- z
2638
- .object({
2639
- vpc_endpoint_id: z.string().optional(),
2640
- account_id: z.string().optional(),
2641
- vpc_endpoint_name: z.string().optional(),
2642
- aws_vpc_endpoint_id: z.string().optional(),
2643
- aws_endpoint_service_id: z.string().optional(),
2644
- use_case: z.enum(CustomerFacingVpcEndpointUseCase).optional(),
2645
- region: z.string().optional(),
2646
- aws_account_id: z.string().optional(),
2647
- state: z.string().optional(),
2648
- gcp_vpc_endpoint_info: z
2649
- .lazy(() => unmarshalCustomerFacingGcpVpcEndpointInfoSchema)
2650
- .optional(),
2651
- })
2652
- .transform(d => ({
2653
- vpcEndpointId: d.vpc_endpoint_id,
2654
- accountId: d.account_id,
2655
- vpcEndpointName: d.vpc_endpoint_name,
2656
- awsVpcEndpointId: d.aws_vpc_endpoint_id,
2657
- awsEndpointServiceId: d.aws_endpoint_service_id,
2658
- useCase: d.use_case,
2659
- region: d.region,
2660
- awsAccountId: d.aws_account_id,
2661
- state: d.state,
2662
- vpcEndpointInfo:
2663
- d.gcp_vpc_endpoint_info !== undefined
2664
- ? {
2665
- $case: 'gcpVpcEndpointInfo' as const,
2666
- gcpVpcEndpointInfo: d.gcp_vpc_endpoint_info,
2667
- }
2668
- : undefined,
2669
- }));
2670
-
2671
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2672
- export const unmarshalDeleteAccountIpAccessListRequest_ResponseSchema: z.ZodType<DeleteAccountIpAccessListRequest_Response> =
2673
- z.object({});
2674
-
2675
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2676
- export const unmarshalDeleteIpAccessList_ResponseSchema: z.ZodType<DeleteIpAccessList_Response> =
2677
- z.object({});
2678
-
2679
- export const unmarshalEgressNetworkPolicySchema: z.ZodType<EgressNetworkPolicy> =
2680
- z
2681
- .object({
2682
- network_access: z
2683
- .lazy(() => unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema)
2684
- .optional(),
2685
- })
2686
- .transform(d => ({
2687
- networkAccess: d.network_access,
2688
- }));
2689
-
2690
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2691
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy> =
2692
- z
2693
- .object({
2694
- restriction_mode: z
2695
- .enum(EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode)
2696
- .optional(),
2697
- allowed_internet_destinations: z
2698
- .array(
2699
- z.lazy(
2700
- () =>
2701
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
2702
- )
2703
- )
2704
- .optional(),
2705
- allowed_storage_destinations: z
2706
- .array(
2707
- z.lazy(
2708
- () =>
2709
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema
2710
- )
2711
- )
2712
- .optional(),
2713
- policy_enforcement: z
2714
- .lazy(
2715
- () =>
2716
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema
2717
- )
2718
- .optional(),
2719
- blocked_internet_destinations: z
2720
- .array(
2721
- z.lazy(
2722
- () =>
2723
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
2724
- )
2725
- )
2726
- .optional(),
2727
- })
2728
- .transform(d => ({
2729
- restrictionMode: d.restriction_mode,
2730
- allowedInternetDestinations: d.allowed_internet_destinations,
2731
- allowedStorageDestinations: d.allowed_storage_destinations,
2732
- policyEnforcement: d.policy_enforcement,
2733
- blockedInternetDestinations: d.blocked_internet_destinations,
2734
- }));
2735
-
2736
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2737
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination> =
2738
- z
2739
- .object({
2740
- destination: z.string().optional(),
2741
- internet_destination_type: z
2742
- .enum(
2743
- EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType
2744
- )
2745
- .optional(),
2746
- })
2747
- .transform(d => ({
2748
- destination: d.destination,
2749
- internetDestinationType: d.internet_destination_type,
2750
- }));
2751
-
2752
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2753
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement> =
2754
- z
2755
- .object({
2756
- enforcement_mode: z
2757
- .enum(
2758
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode
2759
- )
2760
- .optional(),
2761
- dry_run_mode_product_filter: z
2762
- .array(
2763
- z.enum(
2764
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter
2765
- )
2766
- )
2767
- .optional(),
2768
- })
2769
- .transform(d => ({
2770
- enforcementMode: d.enforcement_mode,
2771
- dryRunModeProductFilter: d.dry_run_mode_product_filter,
2772
- }));
2773
-
2774
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2775
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination> =
2776
- z
2777
- .object({
2778
- bucket_name: z.string().optional(),
2779
- region: z.string().optional(),
2780
- storage_destination_type: z
2781
- .enum(
2782
- EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType
2783
- )
2784
- .optional(),
2785
- azure_storage_account: z.string().optional(),
2786
- azure_storage_service: z.string().optional(),
2787
- })
2788
- .transform(d => ({
2789
- bucketName: d.bucket_name,
2790
- region: d.region,
2791
- storageDestinationType: d.storage_destination_type,
2792
- azureStorageAccount: d.azure_storage_account,
2793
- azureStorageService: d.azure_storage_service,
2794
- }));
2795
-
2796
- export const unmarshalEndpointSchema: z.ZodType<Endpoint> = z
2797
- .object({
2798
- name: z.string().optional(),
2799
- endpoint_id: z.string().optional(),
2800
- account_id: z.string().optional(),
2801
- display_name: z.string().optional(),
2802
- use_case: z.enum(EndpointUseCase_EndpointUseCase).optional(),
2803
- region: z.string().optional(),
2804
- state: z.enum(EndpointState).optional(),
2805
- azure_private_endpoint_info: z
2806
- .lazy(() => unmarshalAzurePrivateEndpointInfoSchema)
2807
- .optional(),
2808
- create_time: z
2809
- .string()
2810
- .transform(s => Temporal.Instant.from(s))
2811
- .optional(),
2812
- })
2813
- .transform(d => ({
2814
- name: d.name,
2815
- endpointId: d.endpoint_id,
2816
- accountId: d.account_id,
2817
- displayName: d.display_name,
2818
- useCase: d.use_case,
2819
- region: d.region,
2820
- state: d.state,
2821
- endpointInfo:
2822
- d.azure_private_endpoint_info !== undefined
2823
- ? {
2824
- $case: 'azurePrivateEndpointInfo' as const,
2825
- azurePrivateEndpointInfo: d.azure_private_endpoint_info,
2826
- }
2827
- : undefined,
2828
- createTime: d.create_time,
2829
- }));
2830
-
2831
- export const unmarshalGcpEndpointSchema: z.ZodType<GcpEndpoint> = z
2832
- .object({
2833
- psc_endpoint_uri: z.string().optional(),
2834
- service_attachment: z.string().optional(),
2835
- })
2836
- .transform(d => ({
2837
- pscEndpointUri: d.psc_endpoint_uri,
2838
- targetServices:
2839
- d.service_attachment !== undefined
2840
- ? {
2841
- $case: 'serviceAttachment' as const,
2842
- serviceAttachment: d.service_attachment,
2843
- }
2844
- : undefined,
2845
- }));
2846
-
2847
- export const unmarshalGcpNetworkInfoSchema: z.ZodType<GcpNetworkInfo> = z
2848
- .object({
2849
- network_project_id: z.string().optional(),
2850
- vpc_id: z.string().optional(),
2851
- subnet_id: z.string().optional(),
2852
- subnet_region: z.string().optional(),
2853
- pod_ip_range_name: z.string().optional(),
2854
- service_ip_range_name: z.string().optional(),
2855
- })
2856
- .transform(d => ({
2857
- networkProjectId: d.network_project_id,
2858
- vpcId: d.vpc_id,
2859
- subnetId: d.subnet_id,
2860
- subnetRegion: d.subnet_region,
2861
- podIpRangeName: d.pod_ip_range_name,
2862
- serviceIpRangeName: d.service_ip_range_name,
2863
- }));
2864
-
2865
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2866
- export const unmarshalGetAccountIpAccessListRequest_ResponseSchema: z.ZodType<GetAccountIpAccessListRequest_Response> =
2867
- z
2868
- .object({
2869
- ip_access_list: z
2870
- .lazy(() => unmarshalAccountIpAccessListSchema)
2871
- .optional(),
2872
- })
2873
- .transform(d => ({
2874
- ipAccessList: d.ip_access_list,
2875
- }));
2876
-
2877
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2878
- export const unmarshalGetIpAccessList_ResponseSchema: z.ZodType<GetIpAccessList_Response> =
2879
- z
2880
- .object({
2881
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
2882
- })
2883
- .transform(d => ({
2884
- ipAccessList: d.ip_access_list,
2885
- }));
2886
-
2887
- export const unmarshalIpAccessListSchema: z.ZodType<IpAccessList> = z
2888
- .object({
2889
- list_id: z.string().optional(),
2890
- label: z.string().optional(),
2891
- ip_addresses: z.array(z.string()).optional(),
2892
- address_count: z.number().optional(),
2893
- list_type: z.enum(IpAccessListType).optional(),
2894
- created_at: z
2895
- .union([z.number(), z.bigint()])
2896
- .transform(v => BigInt(v))
2897
- .optional(),
2898
- created_by: z
2899
- .union([z.number(), z.bigint()])
2900
- .transform(v => BigInt(v))
2901
- .optional(),
2902
- updated_at: z
2903
- .union([z.number(), z.bigint()])
2904
- .transform(v => BigInt(v))
2905
- .optional(),
2906
- updated_by: z
2907
- .union([z.number(), z.bigint()])
2908
- .transform(v => BigInt(v))
2909
- .optional(),
2910
- enabled: z.boolean().optional(),
2911
- })
2912
- .transform(d => ({
2913
- listId: d.list_id,
2914
- label: d.label,
2915
- ipAddresses: d.ip_addresses,
2916
- addressCount: d.address_count,
2917
- listType: d.list_type,
2918
- createdAt: d.created_at,
2919
- createdBy: d.created_by,
2920
- updatedAt: d.updated_at,
2921
- updatedBy: d.updated_by,
2922
- enabled: d.enabled,
2923
- }));
2924
-
2925
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2926
- export const unmarshalListAccountIpAccessListsRequest_ResponseSchema: z.ZodType<ListAccountIpAccessListsRequest_Response> =
2927
- z
2928
- .object({
2929
- ip_access_lists: z
2930
- .array(z.lazy(() => unmarshalAccountIpAccessListSchema))
2931
- .optional(),
2932
- })
2933
- .transform(d => ({
2934
- ipAccessLists: d.ip_access_lists,
2935
- }));
2936
-
2937
- export const unmarshalListEndpointsResponseSchema: z.ZodType<ListEndpointsResponse> =
2938
- z
2939
- .object({
2940
- items: z.array(z.lazy(() => unmarshalEndpointSchema)).optional(),
2941
- next_page_token: z.string().optional(),
2942
- })
2943
- .transform(d => ({
2944
- items: d.items,
2945
- nextPageToken: d.next_page_token,
2946
- }));
2947
-
2948
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2949
- export const unmarshalListIpAccessLists_ResponseSchema: z.ZodType<ListIpAccessLists_Response> =
2950
- z
2951
- .object({
2952
- ip_access_lists: z
2953
- .array(z.lazy(() => unmarshalIpAccessListSchema))
2954
- .optional(),
2955
- })
2956
- .transform(d => ({
2957
- ipAccessLists: d.ip_access_lists,
2958
- }));
2959
-
2960
- export const unmarshalListNccPrivateEndpointRulesResponseSchema: z.ZodType<ListNccPrivateEndpointRulesResponse> =
2961
- z
2962
- .object({
2963
- items: z
2964
- .array(z.lazy(() => unmarshalNccPrivateEndpointRuleSchema))
2965
- .optional(),
2966
- next_page_token: z.string().optional(),
2967
- })
2968
- .transform(d => ({
2969
- items: d.items,
2970
- nextPageToken: d.next_page_token,
2971
- }));
2972
-
2973
- export const unmarshalListNetworkConnectivityConfigsResponseSchema: z.ZodType<ListNetworkConnectivityConfigsResponse> =
2974
- z
2975
- .object({
2976
- items: z
2977
- .array(
2978
- z.lazy(() => unmarshalCustomerFacingNetworkConnectivityConfigSchema)
2979
- )
2980
- .optional(),
2981
- next_page_token: z.string().optional(),
2982
- })
2983
- .transform(d => ({
2984
- items: d.items,
2985
- nextPageToken: d.next_page_token,
2986
- }));
2987
-
2988
- export const unmarshalListNetworkPoliciesResponseSchema: z.ZodType<ListNetworkPoliciesResponse> =
2989
- z
2990
- .object({
2991
- items: z
2992
- .array(z.lazy(() => unmarshalAccountNetworkPolicySchema))
2993
- .optional(),
2994
- next_page_token: z.string().optional(),
2995
- })
2996
- .transform(d => ({
2997
- items: d.items,
2998
- nextPageToken: d.next_page_token,
2999
- }));
3000
-
3001
- export const unmarshalNccPrivateEndpointRuleSchema: z.ZodType<NccPrivateEndpointRule> =
3002
- z
3003
- .object({
3004
- rule_id: z.string().optional(),
3005
- network_connectivity_config_id: z.string().optional(),
3006
- connection_state: z
3007
- .enum(NccPrivateEndpointRule_PrivateLinkConnectionState)
3008
- .optional(),
3009
- domain_names: z.array(z.string()).optional(),
3010
- creation_time: z
3011
- .union([z.number(), z.bigint()])
3012
- .transform(v => BigInt(v))
3013
- .optional(),
3014
- updated_time: z
3015
- .union([z.number(), z.bigint()])
3016
- .transform(v => BigInt(v))
3017
- .optional(),
3018
- deactivated: z.boolean().optional(),
3019
- deactivated_at: z
3020
- .union([z.number(), z.bigint()])
3021
- .transform(v => BigInt(v))
3022
- .optional(),
3023
- error_message: z.string().optional(),
3024
- resource_id: z.string().optional(),
3025
- group_id: z.string().optional(),
3026
- endpoint_name: z.string().optional(),
3027
- account_id: z.string().optional(),
3028
- endpoint_service: z.string().optional(),
3029
- resource_names: z.array(z.string()).optional(),
3030
- vpc_endpoint_id: z.string().optional(),
3031
- enabled: z.boolean().optional(),
3032
- gcp_endpoint: z.lazy(() => unmarshalGcpEndpointSchema).optional(),
3033
- })
3034
- .transform(d => ({
3035
- ruleId: d.rule_id,
3036
- networkConnectivityConfigId: d.network_connectivity_config_id,
3037
- connectionState: d.connection_state,
3038
- domainNames: d.domain_names,
3039
- creationTime: d.creation_time,
3040
- updatedTime: d.updated_time,
3041
- deactivated: d.deactivated,
3042
- deactivatedAt: d.deactivated_at,
3043
- errorMessage: d.error_message,
3044
- resourceId: d.resource_id,
3045
- groupId: d.group_id,
3046
- endpointName: d.endpoint_name,
3047
- accountId: d.account_id,
3048
- endpointService: d.endpoint_service,
3049
- resourceNames: d.resource_names,
3050
- vpcEndpointId: d.vpc_endpoint_id,
3051
- enabled: d.enabled,
3052
- endpoint:
3053
- d.gcp_endpoint !== undefined
3054
- ? {$case: 'gcpEndpoint' as const, gcpEndpoint: d.gcp_endpoint}
3055
- : undefined,
3056
- }));
3057
-
3058
- export const unmarshalNetworkSchema: z.ZodType<Network> = z
3059
- .object({
3060
- network_id: z.string().optional(),
3061
- account_id: z.string().optional(),
3062
- workspace_id: z
3063
- .union([z.number(), z.bigint()])
3064
- .transform(v => BigInt(v))
3065
- .optional(),
3066
- vpc_id: z.string().optional(),
3067
- subnet_ids: z.array(z.string()).optional(),
3068
- security_group_ids: z.array(z.string()).optional(),
3069
- vpc_status: z.enum(VpcStatus).optional(),
3070
- error_messages: z
3071
- .array(z.lazy(() => unmarshalNetworkHealthSchema))
3072
- .optional(),
3073
- network_name: z.string().optional(),
3074
- creation_time: z
3075
- .union([z.number(), z.bigint()])
3076
- .transform(v => BigInt(v))
3077
- .optional(),
3078
- warning_messages: z
3079
- .array(z.lazy(() => unmarshalNetworkWarningSchema))
3080
- .optional(),
3081
- vpc_endpoints: z.lazy(() => unmarshalNetworkVpcEndpointsSchema).optional(),
3082
- gcp_network_info: z.lazy(() => unmarshalGcpNetworkInfoSchema).optional(),
3083
- })
3084
- .transform(d => ({
3085
- networkId: d.network_id,
3086
- accountId: d.account_id,
3087
- workspaceId: d.workspace_id,
3088
- vpcId: d.vpc_id,
3089
- subnetIds: d.subnet_ids,
3090
- securityGroupIds: d.security_group_ids,
3091
- vpcStatus: d.vpc_status,
3092
- errorMessages: d.error_messages,
3093
- networkName: d.network_name,
3094
- creationTime: d.creation_time,
3095
- warningMessages: d.warning_messages,
3096
- vpcEndpoints: d.vpc_endpoints,
3097
- networkInfo:
3098
- d.gcp_network_info !== undefined
3099
- ? {$case: 'gcpNetworkInfo' as const, gcpNetworkInfo: d.gcp_network_info}
3100
- : undefined,
3101
- }));
3102
-
3103
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3104
- export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema: z.ZodType<NetworkConnectivityConfigEgressConfig_DefaultRule> =
3105
- z
3106
- .object({
3107
- azure_service_endpoint_rule: z
3108
- .lazy(
3109
- () =>
3110
- unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema
3111
- )
3112
- .optional(),
3113
- aws_stable_ip_rule: z
3114
- .lazy(
3115
- () =>
3116
- unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema
3117
- )
3118
- .optional(),
3119
- })
3120
- .transform(d => ({
3121
- azureServiceEndpointRule: d.azure_service_endpoint_rule,
3122
- awsStableIpRule: d.aws_stable_ip_rule,
3123
- }));
3124
-
3125
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3126
- export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema: z.ZodType<NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule> =
3127
- z
3128
- .object({
3129
- cidr_blocks: z.array(z.string()).optional(),
3130
- })
3131
- .transform(d => ({
3132
- cidrBlocks: d.cidr_blocks,
3133
- }));
3134
-
3135
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3136
- export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema: z.ZodType<NetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRule> =
3137
- z
3138
- .object({
3139
- target_region: z.string().optional(),
3140
- target_services: z.array(z.enum(EgressResourceType)).optional(),
3141
- subnets: z.array(z.string()).optional(),
3142
- })
3143
- .transform(d => ({
3144
- targetRegion: d.target_region,
3145
- targetServices: d.target_services,
3146
- subnets: d.subnets,
3147
- }));
3148
-
3149
- export const unmarshalNetworkHealthSchema: z.ZodType<NetworkHealth> = z
3150
- .object({
3151
- error_type: z.string().optional(),
3152
- error_message: z.string().optional(),
3153
- })
3154
- .transform(d => ({
3155
- errorType: d.error_type,
3156
- errorMessage: d.error_message,
3157
- }));
3158
-
3159
- export const unmarshalNetworkVpcEndpointsSchema: z.ZodType<NetworkVpcEndpoints> =
3160
- z
3161
- .object({
3162
- rest_api: z.array(z.string()).optional(),
3163
- dataplane_relay: z.array(z.string()).optional(),
3164
- })
3165
- .transform(d => ({
3166
- restApi: d.rest_api,
3167
- dataplaneRelay: d.dataplane_relay,
3168
- }));
3169
-
3170
- export const unmarshalNetworkWarningSchema: z.ZodType<NetworkWarning> = z
3171
- .object({
3172
- warning_type: z.string().optional(),
3173
- warning_message: z.string().optional(),
3174
- })
3175
- .transform(d => ({
3176
- warningType: d.warning_type,
3177
- warningMessage: d.warning_message,
3178
- }));
3179
-
3180
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3181
- export const unmarshalReplaceAccountIpAccessListRequest_ResponseSchema: z.ZodType<ReplaceAccountIpAccessListRequest_Response> =
3182
- z
3183
- .object({
3184
- ip_access_list: z
3185
- .lazy(() => unmarshalAccountIpAccessListSchema)
3186
- .optional(),
3187
- })
3188
- .transform(d => ({
3189
- ipAccessList: d.ip_access_list,
3190
- }));
3191
-
3192
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3193
- export const unmarshalReplaceIpAccessList_ResponseSchema: z.ZodType<ReplaceIpAccessList_Response> =
3194
- z
3195
- .object({
3196
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
3197
- })
3198
- .transform(d => ({
3199
- ipAccessList: d.ip_access_list,
3200
- }));
3201
-
3202
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3203
- export const unmarshalUpdateAccountIpAccessListRequest_ResponseSchema: z.ZodType<UpdateAccountIpAccessListRequest_Response> =
3204
- z
3205
- .object({
3206
- ip_access_list: z
3207
- .lazy(() => unmarshalAccountIpAccessListSchema)
3208
- .optional(),
3209
- })
3210
- .transform(d => ({
3211
- ipAccessList: d.ip_access_list,
3212
- }));
3213
-
3214
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3215
- export const unmarshalUpdateIpAccessList_ResponseSchema: z.ZodType<UpdateIpAccessList_Response> =
3216
- z
3217
- .object({
3218
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
3219
- })
3220
- .transform(d => ({
3221
- ipAccessList: d.ip_access_list,
3222
- }));
3223
-
3224
- export const unmarshalWorkspaceNetworkOptionSchema: z.ZodType<WorkspaceNetworkOption> =
3225
- z
3226
- .object({
3227
- network_policy_id: z.string().optional(),
3228
- workspace_id: z
3229
- .union([z.number(), z.bigint()])
3230
- .transform(v => BigInt(v))
3231
- .optional(),
3232
- })
3233
- .transform(d => ({
3234
- networkPolicyId: d.network_policy_id,
3235
- workspaceId: d.workspace_id,
3236
- }));
3237
-
3238
- export const marshalAccountNetworkPolicySchema: z.ZodType = z
3239
- .object({
3240
- networkPolicyId: z.string().optional(),
3241
- accountId: z.string().optional(),
3242
- egress: z.lazy(() => marshalEgressNetworkPolicySchema).optional(),
3243
- ingress: z
3244
- .lazy(() => marshalCustomerFacingIngressNetworkPolicySchema)
3245
- .optional(),
3246
- ingressDryRun: z
3247
- .lazy(() => marshalCustomerFacingIngressNetworkPolicySchema)
3248
- .optional(),
3249
- })
3250
- .transform(d => ({
3251
- network_policy_id: d.networkPolicyId,
3252
- account_id: d.accountId,
3253
- egress: d.egress,
3254
- ingress: d.ingress,
3255
- ingress_dry_run: d.ingressDryRun,
3256
- }));
3257
-
3258
- export const marshalAzurePrivateEndpointInfoSchema: z.ZodType = z
3259
- .object({
3260
- privateEndpointName: z.string().optional(),
3261
- privateEndpointResourceGuid: z.string().optional(),
3262
- privateEndpointResourceId: z.string().optional(),
3263
- privateLinkServiceId: z.string().optional(),
3264
- })
3265
- .transform(d => ({
3266
- private_endpoint_name: d.privateEndpointName,
3267
- private_endpoint_resource_guid: d.privateEndpointResourceGuid,
3268
- private_endpoint_resource_id: d.privateEndpointResourceId,
3269
- private_link_service_id: d.privateLinkServiceId,
3270
- }));
3271
-
3272
- export const marshalCreateAccountIpAccessListRequestSchema: z.ZodType = z
3273
- .object({
3274
- accountId: z.string().optional(),
3275
- label: z.string().optional(),
3276
- listType: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
3277
- ipAddresses: z.array(z.string()).optional(),
3278
- })
3279
- .transform(d => ({
3280
- account_id: d.accountId,
3281
- label: d.label,
3282
- list_type: d.listType,
3283
- ip_addresses: d.ipAddresses,
3284
- }));
3285
-
3286
- export const marshalCreateIpAccessListSchema: z.ZodType = z
3287
- .object({
3288
- label: z.string().optional(),
3289
- listType: z.enum(IpAccessListType).optional(),
3290
- ipAddresses: z.array(z.string()).optional(),
3291
- })
3292
- .transform(d => ({
3293
- label: d.label,
3294
- list_type: d.listType,
3295
- ip_addresses: d.ipAddresses,
3296
- }));
3297
-
3298
- export const marshalCreateNetworkConnectivityConfigurationSchema: z.ZodType = z
3299
- .object({
3300
- networkConnectivityConfigId: z.string().optional(),
3301
- accountId: z.string().optional(),
3302
- name: z.string().optional(),
3303
- region: z.string().optional(),
3304
- egressConfig: z
3305
- .lazy(
3306
- () => marshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema
3307
- )
3308
- .optional(),
3309
- updatedTime: z.bigint().optional(),
3310
- creationTime: z.bigint().optional(),
3311
- })
3312
- .transform(d => ({
3313
- network_connectivity_config_id: d.networkConnectivityConfigId,
3314
- account_id: d.accountId,
3315
- name: d.name,
3316
- region: d.region,
3317
- egress_config: d.egressConfig,
3318
- updated_time: d.updatedTime,
3319
- creation_time: d.creationTime,
3320
- }));
3321
-
3322
- export const marshalCreateNetworkRequestSchema: z.ZodType = z
3323
- .object({
3324
- accountId: z.string().optional(),
3325
- networkName: z.string().optional(),
3326
- vpcId: z.string().optional(),
3327
- subnetIds: z.array(z.string()).optional(),
3328
- securityGroupIds: z.array(z.string()).optional(),
3329
- vpcEndpoints: z.lazy(() => marshalNetworkVpcEndpointsSchema).optional(),
3330
- gcpNetworkInfo: z.lazy(() => marshalGcpNetworkInfoSchema).optional(),
3331
- })
3332
- .transform(d => ({
3333
- account_id: d.accountId,
3334
- network_name: d.networkName,
3335
- vpc_id: d.vpcId,
3336
- subnet_ids: d.subnetIds,
3337
- security_group_ids: d.securityGroupIds,
3338
- vpc_endpoints: d.vpcEndpoints,
3339
- gcp_network_info: d.gcpNetworkInfo,
3340
- }));
3341
-
3342
- export const marshalCreatePrivateAccessSettingsRequestSchema: z.ZodType = z
3343
- .object({
3344
- accountId: z.string().optional(),
3345
- privateAccessSettingsName: z.string().optional(),
3346
- region: z.string().optional(),
3347
- publicAccessEnabled: z.boolean().optional(),
3348
- privateAccessLevel: z.enum(PrivateAccessLevel).optional(),
3349
- allowedVpcEndpointIds: z.array(z.string()).optional(),
3350
- })
3351
- .transform(d => ({
3352
- account_id: d.accountId,
3353
- private_access_settings_name: d.privateAccessSettingsName,
3354
- region: d.region,
3355
- public_access_enabled: d.publicAccessEnabled,
3356
- private_access_level: d.privateAccessLevel,
3357
- allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds,
3358
- }));
3359
-
3360
- export const marshalCreatePrivateEndpointRuleSchema: z.ZodType = z
3361
- .object({
3362
- ruleId: z.string().optional(),
3363
- networkConnectivityConfigId: z.string().optional(),
3364
- connectionState: z
3365
- .enum(NccPrivateEndpointRule_PrivateLinkConnectionState)
3366
- .optional(),
3367
- domainNames: z.array(z.string()).optional(),
3368
- creationTime: z.bigint().optional(),
3369
- updatedTime: z.bigint().optional(),
3370
- deactivated: z.boolean().optional(),
3371
- deactivatedAt: z.bigint().optional(),
3372
- errorMessage: z.string().optional(),
3373
- resourceId: z.string().optional(),
3374
- groupId: z.string().optional(),
3375
- endpointName: z.string().optional(),
3376
- accountId: z.string().optional(),
3377
- endpointService: z.string().optional(),
3378
- resourceNames: z.array(z.string()).optional(),
3379
- vpcEndpointId: z.string().optional(),
3380
- enabled: z.boolean().optional(),
3381
- endpoint: z
3382
- .discriminatedUnion('$case', [
3383
- z.object({
3384
- $case: z.literal('gcpEndpoint'),
3385
- gcpEndpoint: z.lazy(() => marshalGcpEndpointSchema),
3386
- }),
3387
- ])
3388
- .optional(),
3389
- })
3390
- .transform(d => ({
3391
- rule_id: d.ruleId,
3392
- network_connectivity_config_id: d.networkConnectivityConfigId,
3393
- connection_state: d.connectionState,
3394
- domain_names: d.domainNames,
3395
- creation_time: d.creationTime,
3396
- updated_time: d.updatedTime,
3397
- deactivated: d.deactivated,
3398
- deactivated_at: d.deactivatedAt,
3399
- error_message: d.errorMessage,
3400
- resource_id: d.resourceId,
3401
- group_id: d.groupId,
3402
- endpoint_name: d.endpointName,
3403
- account_id: d.accountId,
3404
- endpoint_service: d.endpointService,
3405
- resource_names: d.resourceNames,
3406
- vpc_endpoint_id: d.vpcEndpointId,
3407
- enabled: d.enabled,
3408
- ...(d.endpoint?.$case === 'gcpEndpoint' && {
3409
- gcp_endpoint: d.endpoint.gcpEndpoint,
3410
- }),
3411
- }));
3412
-
3413
- export const marshalCreateVpcEndpointRequestSchema: z.ZodType = z
3414
- .object({
3415
- accountId: z.string().optional(),
3416
- vpcEndpointName: z.string().optional(),
3417
- region: z.string().optional(),
3418
- awsVpcEndpointId: z.string().optional(),
3419
- vpcEndpointInfo: z
3420
- .discriminatedUnion('$case', [
3421
- z.object({
3422
- $case: z.literal('gcpVpcEndpointInfo'),
3423
- gcpVpcEndpointInfo: z.lazy(
3424
- () => marshalCustomerFacingGcpVpcEndpointInfoSchema
3425
- ),
3426
- }),
3427
- ])
3428
- .optional(),
3429
- })
3430
- .transform(d => ({
3431
- account_id: d.accountId,
3432
- vpc_endpoint_name: d.vpcEndpointName,
3433
- region: d.region,
3434
- aws_vpc_endpoint_id: d.awsVpcEndpointId,
3435
- ...(d.vpcEndpointInfo?.$case === 'gcpVpcEndpointInfo' && {
3436
- gcp_vpc_endpoint_info: d.vpcEndpointInfo.gcpVpcEndpointInfo,
3437
- }),
3438
- }));
3439
-
3440
- export const marshalCustomerFacingGcpVpcEndpointInfoSchema: z.ZodType = z
3441
- .object({
3442
- pscConnectionId: z.string().optional(),
3443
- projectId: z.string().optional(),
3444
- pscEndpointName: z.string().optional(),
3445
- endpointRegion: z.string().optional(),
3446
- serviceAttachmentId: z.string().optional(),
3447
- })
3448
- .transform(d => ({
3449
- psc_connection_id: d.pscConnectionId,
3450
- project_id: d.projectId,
3451
- psc_endpoint_name: d.pscEndpointName,
3452
- endpoint_region: d.endpointRegion,
3453
- service_attachment_id: d.serviceAttachmentId,
3454
- }));
3455
-
3456
- export const marshalCustomerFacingIngressNetworkPolicySchema: z.ZodType = z
3457
- .object({
3458
- publicAccess: z
3459
- .lazy(() => marshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema)
3460
- .optional(),
3461
- privateAccess: z
3462
- .lazy(() => marshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema)
3463
- .optional(),
3464
- crossWorkspaceAccess: z
3465
- .lazy(
3466
- () =>
3467
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema
3468
- )
3469
- .optional(),
3470
- })
3471
- .transform(d => ({
3472
- public_access: d.publicAccess,
3473
- private_access: d.privateAccess,
3474
- cross_workspace_access: d.crossWorkspaceAccess,
3475
- }));
3476
-
3477
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3478
- export const marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType =
3479
- z
3480
- .object({
3481
- scopes: z.array(z.string()).optional(),
3482
- scopeQualifier: z
3483
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
3484
- .optional(),
3485
- })
3486
- .transform(d => ({
3487
- scopes: d.scopes,
3488
- scope_qualifier: d.scopeQualifier,
3489
- }));
3490
-
3491
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3492
- export const marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType =
3493
- z
3494
- .object({
3495
- allDestinations: z.boolean().optional(),
3496
- })
3497
- .transform(d => ({
3498
- all_destinations: d.allDestinations,
3499
- }));
3500
-
3501
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3502
- export const marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType =
3503
- z
3504
- .object({
3505
- allDestinations: z.boolean().optional(),
3506
- })
3507
- .transform(d => ({
3508
- all_destinations: d.allDestinations,
3509
- }));
3510
-
3511
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3512
- export const marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType =
3513
- z
3514
- .object({
3515
- allDestinations: z.boolean().optional(),
3516
- })
3517
- .transform(d => ({
3518
- all_destinations: d.allDestinations,
3519
- }));
3520
-
3521
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3522
- export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema: z.ZodType =
3523
- z
3524
- .object({
3525
- identityType: z
3526
- .enum(CustomerFacingIngressNetworkPolicy_Authentication_IdentityType)
3527
- .optional(),
3528
- identities: z
3529
- .array(
3530
- z.lazy(
3531
- () =>
3532
- marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema
3533
- )
3534
- )
3535
- .optional(),
3536
- })
3537
- .transform(d => ({
3538
- identity_type: d.identityType,
3539
- identities: d.identities,
3540
- }));
3541
-
3542
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3543
- export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType =
3544
- z
3545
- .object({
3546
- principalType: z
3547
- .enum(
3548
- CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType
3549
- )
3550
- .optional(),
3551
- principalId: z.bigint().optional(),
3552
- })
3553
- .transform(d => ({
3554
- principal_type: d.principalType,
3555
- principal_id: d.principalId,
3556
- }));
3557
-
3558
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3559
- export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType =
3560
- z
3561
- .object({
3562
- restrictionMode: z
3563
- .enum(
3564
- CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode
3565
- )
3566
- .optional(),
3567
- denyRules: z
3568
- .array(
3569
- z.lazy(
3570
- () =>
3571
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
3572
- )
3573
- )
3574
- .optional(),
3575
- allowRules: z
3576
- .array(
3577
- z.lazy(
3578
- () =>
3579
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
3580
- )
3581
- )
3582
- .optional(),
3583
- })
3584
- .transform(d => ({
3585
- restriction_mode: d.restrictionMode,
3586
- deny_rules: d.denyRules,
3587
- allow_rules: d.allowRules,
3588
- }));
3589
-
3590
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3591
- export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType =
3592
- z
3593
- .object({
3594
- origin: z
3595
- .lazy(
3596
- () =>
3597
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema
3598
- )
3599
- .optional(),
3600
- destination: z
3601
- .lazy(
3602
- () =>
3603
- marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
3604
- )
3605
- .optional(),
3606
- authentication: z
3607
- .lazy(
3608
- () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
3609
- )
3610
- .optional(),
3611
- label: z.string().optional(),
3612
- })
3613
- .transform(d => ({
3614
- origin: d.origin,
3615
- destination: d.destination,
3616
- authentication: d.authentication,
3617
- label: d.label,
3618
- }));
3619
-
3620
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3621
- export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType =
3622
- z
3623
- .object({
3624
- source: z
3625
- .discriminatedUnion('$case', [
3626
- z.object({
3627
- $case: z.literal('allSourceWorkspaces'),
3628
- allSourceWorkspaces: z.boolean(),
3629
- }),
3630
- z.object({
3631
- $case: z.literal('selectedWorkspaces'),
3632
- selectedWorkspaces: z.lazy(
3633
- () =>
3634
- marshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema
3635
- ),
3636
- }),
3637
- ])
3638
- .optional(),
3639
- })
3640
- .transform(d => ({
3641
- ...(d.source?.$case === 'allSourceWorkspaces' && {
3642
- all_source_workspaces: d.source.allSourceWorkspaces,
3643
- }),
3644
- ...(d.source?.$case === 'selectedWorkspaces' && {
3645
- selected_workspaces: d.source.selectedWorkspaces,
3646
- }),
3647
- }));
3648
-
3649
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3650
- export const marshalCustomerFacingIngressNetworkPolicy_EndpointsSchema: z.ZodType =
3651
- z
3652
- .object({
3653
- endpointIds: z.array(z.string()).optional(),
3654
- })
3655
- .transform(d => ({
3656
- endpoint_ids: d.endpointIds,
3657
- }));
3658
-
3659
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3660
- export const marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema: z.ZodType =
3661
- z
3662
- .object({
3663
- ipRanges: z.array(z.string()).optional(),
3664
- })
3665
- .transform(d => ({
3666
- ip_ranges: d.ipRanges,
3667
- }));
3668
-
3669
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3670
- export const marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType =
3671
- z
3672
- .object({
3673
- allDestinations: z.boolean().optional(),
3674
- })
3675
- .transform(d => ({
3676
- all_destinations: d.allDestinations,
3677
- }));
3678
-
3679
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3680
- export const marshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema: z.ZodType =
3681
- z
3682
- .object({
3683
- restrictionMode: z
3684
- .enum(CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode)
3685
- .optional(),
3686
- denyRules: z
3687
- .array(
3688
- z.lazy(
3689
- () =>
3690
- marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
3691
- )
3692
- )
3693
- .optional(),
3694
- allowRules: z
3695
- .array(
3696
- z.lazy(
3697
- () =>
3698
- marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
3699
- )
3700
- )
3701
- .optional(),
3702
- })
3703
- .transform(d => ({
3704
- restriction_mode: d.restrictionMode,
3705
- deny_rules: d.denyRules,
3706
- allow_rules: d.allowRules,
3707
- }));
3708
-
3709
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3710
- export const marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType =
3711
- z
3712
- .object({
3713
- origin: z
3714
- .lazy(
3715
- () =>
3716
- marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema
3717
- )
3718
- .optional(),
3719
- destination: z
3720
- .lazy(
3721
- () =>
3722
- marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
3723
- )
3724
- .optional(),
3725
- authentication: z
3726
- .lazy(
3727
- () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
3728
- )
3729
- .optional(),
3730
- label: z.string().optional(),
3731
- })
3732
- .transform(d => ({
3733
- origin: d.origin,
3734
- destination: d.destination,
3735
- authentication: d.authentication,
3736
- label: d.label,
3737
- }));
3738
-
3739
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3740
- export const marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType =
3741
- z
3742
- .object({
3743
- source: z
3744
- .discriminatedUnion('$case', [
3745
- z.object({
3746
- $case: z.literal('endpoints'),
3747
- endpoints: z.lazy(
3748
- () => marshalCustomerFacingIngressNetworkPolicy_EndpointsSchema
3749
- ),
3750
- }),
3751
- z.object({
3752
- $case: z.literal('allRegisteredEndpoints'),
3753
- allRegisteredEndpoints: z.boolean(),
3754
- }),
3755
- z.object({
3756
- $case: z.literal('azureWorkspacePrivateLink'),
3757
- azureWorkspacePrivateLink: z.boolean(),
3758
- }),
3759
- z.object({
3760
- $case: z.literal('allPrivateAccess'),
3761
- allPrivateAccess: z.boolean(),
3762
- }),
3763
- ])
3764
- .optional(),
3765
- })
3766
- .transform(d => ({
3767
- ...(d.source?.$case === 'endpoints' && {endpoints: d.source.endpoints}),
3768
- ...(d.source?.$case === 'allRegisteredEndpoints' && {
3769
- all_registered_endpoints: d.source.allRegisteredEndpoints,
3770
- }),
3771
- ...(d.source?.$case === 'azureWorkspacePrivateLink' && {
3772
- azure_workspace_private_link: d.source.azureWorkspacePrivateLink,
3773
- }),
3774
- ...(d.source?.$case === 'allPrivateAccess' && {
3775
- all_private_access: d.source.allPrivateAccess,
3776
- }),
3777
- }));
3778
-
3779
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3780
- export const marshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema: z.ZodType =
3781
- z
3782
- .object({
3783
- restrictionMode: z
3784
- .enum(CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode)
3785
- .optional(),
3786
- denyRules: z
3787
- .array(
3788
- z.lazy(
3789
- () =>
3790
- marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
3791
- )
3792
- )
3793
- .optional(),
3794
- allowRules: z
3795
- .array(
3796
- z.lazy(
3797
- () =>
3798
- marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
3799
- )
3800
- )
3801
- .optional(),
3802
- })
3803
- .transform(d => ({
3804
- restriction_mode: d.restrictionMode,
3805
- deny_rules: d.denyRules,
3806
- allow_rules: d.allowRules,
3807
- }));
3808
-
3809
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3810
- export const marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType =
3811
- z
3812
- .object({
3813
- origin: z
3814
- .lazy(
3815
- () =>
3816
- marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema
3817
- )
3818
- .optional(),
3819
- destination: z
3820
- .lazy(
3821
- () =>
3822
- marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
3823
- )
3824
- .optional(),
3825
- authentication: z
3826
- .lazy(
3827
- () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
3828
- )
3829
- .optional(),
3830
- label: z.string().optional(),
3831
- })
3832
- .transform(d => ({
3833
- origin: d.origin,
3834
- destination: d.destination,
3835
- authentication: d.authentication,
3836
- label: d.label,
3837
- }));
3838
-
3839
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3840
- export const marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType =
3841
- z
3842
- .object({
3843
- source: z
3844
- .discriminatedUnion('$case', [
3845
- z.object({$case: z.literal('allIpRanges'), allIpRanges: z.boolean()}),
3846
- z.object({
3847
- $case: z.literal('includedIpRanges'),
3848
- includedIpRanges: z.lazy(
3849
- () => marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema
3850
- ),
3851
- }),
3852
- z.object({
3853
- $case: z.literal('excludedIpRanges'),
3854
- excludedIpRanges: z.lazy(
3855
- () => marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema
3856
- ),
3857
- }),
3858
- ])
3859
- .optional(),
3860
- })
3861
- .transform(d => ({
3862
- ...(d.source?.$case === 'allIpRanges' && {
3863
- all_ip_ranges: d.source.allIpRanges,
3864
- }),
3865
- ...(d.source?.$case === 'includedIpRanges' && {
3866
- included_ip_ranges: d.source.includedIpRanges,
3867
- }),
3868
- ...(d.source?.$case === 'excludedIpRanges' && {
3869
- excluded_ip_ranges: d.source.excludedIpRanges,
3870
- }),
3871
- }));
3872
-
3873
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3874
- export const marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema: z.ZodType =
3875
- z
3876
- .object({
3877
- allDestinations: z.boolean().optional(),
3878
- workspaceUi: z
3879
- .lazy(
3880
- () =>
3881
- marshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema
3882
- )
3883
- .optional(),
3884
- workspaceApi: z
3885
- .lazy(
3886
- () =>
3887
- marshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema
3888
- )
3889
- .optional(),
3890
- appsRuntime: z
3891
- .lazy(
3892
- () =>
3893
- marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema
3894
- )
3895
- .optional(),
3896
- lakebaseRuntime: z
3897
- .lazy(
3898
- () =>
3899
- marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema
3900
- )
3901
- .optional(),
3902
- accountUi: z
3903
- .lazy(
3904
- () =>
3905
- marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema
3906
- )
3907
- .optional(),
3908
- accountApi: z
3909
- .lazy(
3910
- () =>
3911
- marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema
3912
- )
3913
- .optional(),
3914
- accountDatabricksOne: z
3915
- .lazy(
3916
- () =>
3917
- marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema
3918
- )
3919
- .optional(),
3920
- })
3921
- .transform(d => ({
3922
- all_destinations: d.allDestinations,
3923
- workspace_ui: d.workspaceUi,
3924
- workspace_api: d.workspaceApi,
3925
- apps_runtime: d.appsRuntime,
3926
- lakebase_runtime: d.lakebaseRuntime,
3927
- account_ui: d.accountUi,
3928
- account_api: d.accountApi,
3929
- account_databricks_one: d.accountDatabricksOne,
3930
- }));
3931
-
3932
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3933
- export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType =
3934
- z
3935
- .object({
3936
- scopes: z.array(z.string()).optional(),
3937
- scopeQualifier: z
3938
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
3939
- .optional(),
3940
- })
3941
- .transform(d => ({
3942
- scopes: d.scopes,
3943
- scope_qualifier: d.scopeQualifier,
3944
- }));
3945
-
3946
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3947
- export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType =
3948
- z
3949
- .object({
3950
- workspaceIds: z.array(z.bigint()).optional(),
3951
- })
3952
- .transform(d => ({
3953
- workspace_ids: d.workspaceIds,
3954
- }));
3955
-
3956
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3957
- export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType =
3958
- z
3959
- .object({
3960
- allDestinations: z.boolean().optional(),
3961
- })
3962
- .transform(d => ({
3963
- all_destinations: d.allDestinations,
3964
- }));
3965
-
3966
- export const marshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType =
3967
- z
3968
- .object({
3969
- ruleId: z.string().optional(),
3970
- networkConnectivityConfigId: z.string().optional(),
3971
- accountId: z.string().optional(),
3972
- endpointService: z.string().optional(),
3973
- domainNames: z.array(z.string()).optional(),
3974
- resourceNames: z.array(z.string()).optional(),
3975
- vpcEndpointId: z.string().optional(),
3976
- connectionState: z
3977
- .enum(
3978
- CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState
3979
- )
3980
- .optional(),
3981
- creationTime: z.bigint().optional(),
3982
- updatedTime: z.bigint().optional(),
3983
- deactivated: z.boolean().optional(),
3984
- deactivatedAt: z.bigint().optional(),
3985
- enabled: z.boolean().optional(),
3986
- errorMessage: z.string().optional(),
3987
- })
3988
- .transform(d => ({
3989
- rule_id: d.ruleId,
3990
- network_connectivity_config_id: d.networkConnectivityConfigId,
3991
- account_id: d.accountId,
3992
- endpoint_service: d.endpointService,
3993
- domain_names: d.domainNames,
3994
- resource_names: d.resourceNames,
3995
- vpc_endpoint_id: d.vpcEndpointId,
3996
- connection_state: d.connectionState,
3997
- creation_time: d.creationTime,
3998
- updated_time: d.updatedTime,
3999
- deactivated: d.deactivated,
4000
- deactivated_at: d.deactivatedAt,
4001
- enabled: d.enabled,
4002
- error_message: d.errorMessage,
4003
- }));
4004
-
4005
- export const marshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType =
4006
- z
4007
- .object({
4008
- ruleId: z.string().optional(),
4009
- networkConnectivityConfigId: z.string().optional(),
4010
- resourceId: z.string().optional(),
4011
- groupId: z.string().optional(),
4012
- endpointName: z.string().optional(),
4013
- connectionState: z
4014
- .enum(
4015
- CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState
4016
- )
4017
- .optional(),
4018
- creationTime: z.bigint().optional(),
4019
- updatedTime: z.bigint().optional(),
4020
- deactivated: z.boolean().optional(),
4021
- deactivatedAt: z.bigint().optional(),
4022
- domainNames: z.array(z.string()).optional(),
4023
- errorMessage: z.string().optional(),
4024
- })
4025
- .transform(d => ({
4026
- rule_id: d.ruleId,
4027
- network_connectivity_config_id: d.networkConnectivityConfigId,
4028
- resource_id: d.resourceId,
4029
- group_id: d.groupId,
4030
- endpoint_name: d.endpointName,
4031
- connection_state: d.connectionState,
4032
- creation_time: d.creationTime,
4033
- updated_time: d.updatedTime,
4034
- deactivated: d.deactivated,
4035
- deactivated_at: d.deactivatedAt,
4036
- domain_names: d.domainNames,
4037
- error_message: d.errorMessage,
4038
- }));
4039
-
4040
- export const marshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType =
4041
- z
4042
- .object({
4043
- defaultRules: z
4044
- .lazy(
4045
- () => marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema
4046
- )
4047
- .optional(),
4048
- targetRules: z
4049
- .lazy(
4050
- () =>
4051
- marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema
4052
- )
4053
- .optional(),
4054
- })
4055
- .transform(d => ({
4056
- default_rules: d.defaultRules,
4057
- target_rules: d.targetRules,
4058
- }));
4059
-
4060
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4061
- export const marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType =
4062
- z
4063
- .object({
4064
- azurePrivateEndpointRules: z
4065
- .array(
4066
- z.lazy(
4067
- () =>
4068
- marshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema
4069
- )
4070
- )
4071
- .optional(),
4072
- awsPrivateEndpointRules: z
4073
- .array(
4074
- z.lazy(
4075
- () =>
4076
- marshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema
4077
- )
4078
- )
4079
- .optional(),
4080
- })
4081
- .transform(d => ({
4082
- azure_private_endpoint_rules: d.azurePrivateEndpointRules,
4083
- aws_private_endpoint_rules: d.awsPrivateEndpointRules,
4084
- }));
4085
-
4086
- export const marshalCustomerFacingPrivateAccessSettingsSchema: z.ZodType = z
4087
- .object({
4088
- privateAccessSettingsId: z.string().optional(),
4089
- accountId: z.string().optional(),
4090
- privateAccessSettingsName: z.string().optional(),
4091
- region: z.string().optional(),
4092
- publicAccessEnabled: z.boolean().optional(),
4093
- privateAccessLevel: z.enum(PrivateAccessLevel).optional(),
4094
- allowedVpcEndpointIds: z.array(z.string()).optional(),
4095
- })
4096
- .transform(d => ({
4097
- private_access_settings_id: d.privateAccessSettingsId,
4098
- account_id: d.accountId,
4099
- private_access_settings_name: d.privateAccessSettingsName,
4100
- region: d.region,
4101
- public_access_enabled: d.publicAccessEnabled,
4102
- private_access_level: d.privateAccessLevel,
4103
- allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds,
4104
- }));
4105
-
4106
- export const marshalEgressNetworkPolicySchema: z.ZodType = z
4107
- .object({
4108
- networkAccess: z
4109
- .lazy(() => marshalEgressNetworkPolicy_NetworkAccessPolicySchema)
4110
- .optional(),
4111
- })
4112
- .transform(d => ({
4113
- network_access: d.networkAccess,
4114
- }));
4115
-
4116
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4117
- export const marshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType = z
4118
- .object({
4119
- restrictionMode: z
4120
- .enum(EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode)
4121
- .optional(),
4122
- allowedInternetDestinations: z
4123
- .array(
4124
- z.lazy(
4125
- () =>
4126
- marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
4127
- )
4128
- )
4129
- .optional(),
4130
- allowedStorageDestinations: z
4131
- .array(
4132
- z.lazy(
4133
- () =>
4134
- marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema
4135
- )
4136
- )
4137
- .optional(),
4138
- policyEnforcement: z
4139
- .lazy(
4140
- () =>
4141
- marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema
4142
- )
4143
- .optional(),
4144
- blockedInternetDestinations: z
4145
- .array(
4146
- z.lazy(
4147
- () =>
4148
- marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
4149
- )
4150
- )
4151
- .optional(),
4152
- })
4153
- .transform(d => ({
4154
- restriction_mode: d.restrictionMode,
4155
- allowed_internet_destinations: d.allowedInternetDestinations,
4156
- allowed_storage_destinations: d.allowedStorageDestinations,
4157
- policy_enforcement: d.policyEnforcement,
4158
- blocked_internet_destinations: d.blockedInternetDestinations,
4159
- }));
4160
-
4161
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4162
- export const marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType =
4163
- z
4164
- .object({
4165
- destination: z.string().optional(),
4166
- internetDestinationType: z
4167
- .enum(
4168
- EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType
4169
- )
4170
- .optional(),
4171
- })
4172
- .transform(d => ({
4173
- destination: d.destination,
4174
- internet_destination_type: d.internetDestinationType,
4175
- }));
4176
-
4177
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4178
- export const marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType =
4179
- z
4180
- .object({
4181
- enforcementMode: z
4182
- .enum(
4183
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode
4184
- )
4185
- .optional(),
4186
- dryRunModeProductFilter: z
4187
- .array(
4188
- z.enum(
4189
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter
4190
- )
4191
- )
4192
- .optional(),
4193
- })
4194
- .transform(d => ({
4195
- enforcement_mode: d.enforcementMode,
4196
- dry_run_mode_product_filter: d.dryRunModeProductFilter,
4197
- }));
4198
-
4199
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4200
- export const marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType =
4201
- z
4202
- .object({
4203
- bucketName: z.string().optional(),
4204
- region: z.string().optional(),
4205
- storageDestinationType: z
4206
- .enum(
4207
- EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType
4208
- )
4209
- .optional(),
4210
- azureStorageAccount: z.string().optional(),
4211
- azureStorageService: z.string().optional(),
4212
- })
4213
- .transform(d => ({
4214
- bucket_name: d.bucketName,
4215
- region: d.region,
4216
- storage_destination_type: d.storageDestinationType,
4217
- azure_storage_account: d.azureStorageAccount,
4218
- azure_storage_service: d.azureStorageService,
4219
- }));
4220
-
4221
- export const marshalEndpointSchema: z.ZodType = z
4222
- .object({
4223
- name: z.string().optional(),
4224
- endpointId: z.string().optional(),
4225
- accountId: z.string().optional(),
4226
- displayName: z.string().optional(),
4227
- useCase: z.enum(EndpointUseCase_EndpointUseCase).optional(),
4228
- region: z.string().optional(),
4229
- state: z.enum(EndpointState).optional(),
4230
- endpointInfo: z
4231
- .discriminatedUnion('$case', [
4232
- z.object({
4233
- $case: z.literal('azurePrivateEndpointInfo'),
4234
- azurePrivateEndpointInfo: z.lazy(
4235
- () => marshalAzurePrivateEndpointInfoSchema
4236
- ),
4237
- }),
4238
- ])
4239
- .optional(),
4240
- createTime: z
4241
- .any()
4242
- .transform((d: Temporal.Instant) => d.toString())
4243
- .optional(),
4244
- })
4245
- .transform(d => ({
4246
- name: d.name,
4247
- endpoint_id: d.endpointId,
4248
- account_id: d.accountId,
4249
- display_name: d.displayName,
4250
- use_case: d.useCase,
4251
- region: d.region,
4252
- state: d.state,
4253
- ...(d.endpointInfo?.$case === 'azurePrivateEndpointInfo' && {
4254
- azure_private_endpoint_info: d.endpointInfo.azurePrivateEndpointInfo,
4255
- }),
4256
- create_time: d.createTime,
4257
- }));
4258
-
4259
- export const marshalGcpEndpointSchema: z.ZodType = z
4260
- .object({
4261
- pscEndpointUri: z.string().optional(),
4262
- targetServices: z
4263
- .discriminatedUnion('$case', [
4264
- z.object({
4265
- $case: z.literal('serviceAttachment'),
4266
- serviceAttachment: z.string(),
4267
- }),
4268
- ])
4269
- .optional(),
4270
- })
4271
- .transform(d => ({
4272
- psc_endpoint_uri: d.pscEndpointUri,
4273
- ...(d.targetServices?.$case === 'serviceAttachment' && {
4274
- service_attachment: d.targetServices.serviceAttachment,
4275
- }),
4276
- }));
4277
-
4278
- export const marshalGcpNetworkInfoSchema: z.ZodType = z
4279
- .object({
4280
- networkProjectId: z.string().optional(),
4281
- vpcId: z.string().optional(),
4282
- subnetId: z.string().optional(),
4283
- subnetRegion: z.string().optional(),
4284
- podIpRangeName: z.string().optional(),
4285
- serviceIpRangeName: z.string().optional(),
4286
- })
4287
- .transform(d => ({
4288
- network_project_id: d.networkProjectId,
4289
- vpc_id: d.vpcId,
4290
- subnet_id: d.subnetId,
4291
- subnet_region: d.subnetRegion,
4292
- pod_ip_range_name: d.podIpRangeName,
4293
- service_ip_range_name: d.serviceIpRangeName,
4294
- }));
4295
-
4296
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4297
- export const marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema: z.ZodType =
4298
- z
4299
- .object({
4300
- azureServiceEndpointRule: z
4301
- .lazy(
4302
- () =>
4303
- marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema
4304
- )
4305
- .optional(),
4306
- awsStableIpRule: z
4307
- .lazy(
4308
- () =>
4309
- marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema
4310
- )
4311
- .optional(),
4312
- })
4313
- .transform(d => ({
4314
- azure_service_endpoint_rule: d.azureServiceEndpointRule,
4315
- aws_stable_ip_rule: d.awsStableIpRule,
4316
- }));
4317
-
4318
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4319
- export const marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema: z.ZodType =
4320
- z
4321
- .object({
4322
- cidrBlocks: z.array(z.string()).optional(),
4323
- })
4324
- .transform(d => ({
4325
- cidr_blocks: d.cidrBlocks,
4326
- }));
4327
-
4328
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4329
- export const marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema: z.ZodType =
4330
- z
4331
- .object({
4332
- targetRegion: z.string().optional(),
4333
- targetServices: z.array(z.enum(EgressResourceType)).optional(),
4334
- subnets: z.array(z.string()).optional(),
4335
- })
4336
- .transform(d => ({
4337
- target_region: d.targetRegion,
4338
- target_services: d.targetServices,
4339
- subnets: d.subnets,
4340
- }));
4341
-
4342
- export const marshalNetworkVpcEndpointsSchema: z.ZodType = z
4343
- .object({
4344
- restApi: z.array(z.string()).optional(),
4345
- dataplaneRelay: z.array(z.string()).optional(),
4346
- })
4347
- .transform(d => ({
4348
- rest_api: d.restApi,
4349
- dataplane_relay: d.dataplaneRelay,
4350
- }));
4351
-
4352
- export const marshalReplaceAccountIpAccessListRequestSchema: z.ZodType = z
4353
- .object({
4354
- accountId: z.string().optional(),
4355
- listId: z.string().optional(),
4356
- label: z.string().optional(),
4357
- listType: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
4358
- ipAddresses: z.array(z.string()).optional(),
4359
- enabled: z.boolean().optional(),
4360
- })
4361
- .transform(d => ({
4362
- account_id: d.accountId,
4363
- list_id: d.listId,
4364
- label: d.label,
4365
- list_type: d.listType,
4366
- ip_addresses: d.ipAddresses,
4367
- enabled: d.enabled,
4368
- }));
4369
-
4370
- export const marshalReplaceIpAccessListSchema: z.ZodType = z
4371
- .object({
4372
- listId: z.string().optional(),
4373
- label: z.string().optional(),
4374
- listType: z.enum(IpAccessListType).optional(),
4375
- ipAddresses: z.array(z.string()).optional(),
4376
- enabled: z.boolean().optional(),
4377
- })
4378
- .transform(d => ({
4379
- list_id: d.listId,
4380
- label: d.label,
4381
- list_type: d.listType,
4382
- ip_addresses: d.ipAddresses,
4383
- enabled: d.enabled,
4384
- }));
4385
-
4386
- export const marshalUpdateAccountIpAccessListRequestSchema: z.ZodType = z
4387
- .object({
4388
- accountId: z.string().optional(),
4389
- listId: z.string().optional(),
4390
- label: z.string().optional(),
4391
- listType: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
4392
- ipAddresses: z.array(z.string()).optional(),
4393
- enabled: z.boolean().optional(),
4394
- })
4395
- .transform(d => ({
4396
- account_id: d.accountId,
4397
- list_id: d.listId,
4398
- label: d.label,
4399
- list_type: d.listType,
4400
- ip_addresses: d.ipAddresses,
4401
- enabled: d.enabled,
4402
- }));
4403
-
4404
- export const marshalUpdateIpAccessListSchema: z.ZodType = z
4405
- .object({
4406
- listId: z.string().optional(),
4407
- label: z.string().optional(),
4408
- listType: z.enum(IpAccessListType).optional(),
4409
- ipAddresses: z.array(z.string()).optional(),
4410
- enabled: z.boolean().optional(),
4411
- })
4412
- .transform(d => ({
4413
- list_id: d.listId,
4414
- label: d.label,
4415
- list_type: d.listType,
4416
- ip_addresses: d.ipAddresses,
4417
- enabled: d.enabled,
4418
- }));
4419
-
4420
- export const marshalUpdatePrivateEndpointRuleSchema: z.ZodType = z
4421
- .object({
4422
- ruleId: z.string().optional(),
4423
- networkConnectivityConfigId: z.string().optional(),
4424
- connectionState: z
4425
- .enum(NccPrivateEndpointRule_PrivateLinkConnectionState)
4426
- .optional(),
4427
- domainNames: z.array(z.string()).optional(),
4428
- creationTime: z.bigint().optional(),
4429
- updatedTime: z.bigint().optional(),
4430
- deactivated: z.boolean().optional(),
4431
- deactivatedAt: z.bigint().optional(),
4432
- errorMessage: z.string().optional(),
4433
- resourceId: z.string().optional(),
4434
- groupId: z.string().optional(),
4435
- endpointName: z.string().optional(),
4436
- accountId: z.string().optional(),
4437
- endpointService: z.string().optional(),
4438
- resourceNames: z.array(z.string()).optional(),
4439
- vpcEndpointId: z.string().optional(),
4440
- enabled: z.boolean().optional(),
4441
- endpoint: z
4442
- .discriminatedUnion('$case', [
4443
- z.object({
4444
- $case: z.literal('gcpEndpoint'),
4445
- gcpEndpoint: z.lazy(() => marshalGcpEndpointSchema),
4446
- }),
4447
- ])
4448
- .optional(),
4449
- })
4450
- .transform(d => ({
4451
- rule_id: d.ruleId,
4452
- network_connectivity_config_id: d.networkConnectivityConfigId,
4453
- connection_state: d.connectionState,
4454
- domain_names: d.domainNames,
4455
- creation_time: d.creationTime,
4456
- updated_time: d.updatedTime,
4457
- deactivated: d.deactivated,
4458
- deactivated_at: d.deactivatedAt,
4459
- error_message: d.errorMessage,
4460
- resource_id: d.resourceId,
4461
- group_id: d.groupId,
4462
- endpoint_name: d.endpointName,
4463
- account_id: d.accountId,
4464
- endpoint_service: d.endpointService,
4465
- resource_names: d.resourceNames,
4466
- vpc_endpoint_id: d.vpcEndpointId,
4467
- enabled: d.enabled,
4468
- ...(d.endpoint?.$case === 'gcpEndpoint' && {
4469
- gcp_endpoint: d.endpoint.gcpEndpoint,
4470
- }),
4471
- }));
4472
-
4473
- export const marshalWorkspaceNetworkOptionSchema: z.ZodType = z
4474
- .object({
4475
- networkPolicyId: z.string().optional(),
4476
- workspaceId: z.bigint().optional(),
4477
- })
4478
- .transform(d => ({
4479
- network_policy_id: d.networkPolicyId,
4480
- workspace_id: d.workspaceId,
4481
- }));
4482
-
4483
- const gcpEndpointFieldMaskSchema: FieldMaskSchema = {
4484
- pscEndpointUri: {wire: 'psc_endpoint_uri'},
4485
- serviceAttachment: {wire: 'service_attachment'},
4486
- };
4487
-
4488
- const updatePrivateEndpointRuleFieldMaskSchema: FieldMaskSchema = {
4489
- accountId: {wire: 'account_id'},
4490
- connectionState: {wire: 'connection_state'},
4491
- creationTime: {wire: 'creation_time'},
4492
- deactivated: {wire: 'deactivated'},
4493
- deactivatedAt: {wire: 'deactivated_at'},
4494
- domainNames: {wire: 'domain_names'},
4495
- enabled: {wire: 'enabled'},
4496
- endpointName: {wire: 'endpoint_name'},
4497
- endpointService: {wire: 'endpoint_service'},
4498
- errorMessage: {wire: 'error_message'},
4499
- gcpEndpoint: {
4500
- wire: 'gcp_endpoint',
4501
- children: () => gcpEndpointFieldMaskSchema,
4502
- },
4503
- groupId: {wire: 'group_id'},
4504
- networkConnectivityConfigId: {wire: 'network_connectivity_config_id'},
4505
- resourceId: {wire: 'resource_id'},
4506
- resourceNames: {wire: 'resource_names'},
4507
- ruleId: {wire: 'rule_id'},
4508
- updatedTime: {wire: 'updated_time'},
4509
- vpcEndpointId: {wire: 'vpc_endpoint_id'},
4510
- };
4511
-
4512
- export function updatePrivateEndpointRuleFieldMask(
4513
- ...paths: string[]
4514
- ): FieldMask<UpdatePrivateEndpointRule> {
4515
- return FieldMask.build<UpdatePrivateEndpointRule>(
4516
- paths,
4517
- updatePrivateEndpointRuleFieldMaskSchema
4518
- );
4519
- }