@databricks/sdk-networking 0.1.0-dev.3 → 0.1.0-dev.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/src/v1/model.ts DELETED
@@ -1,4501 +0,0 @@
1
- // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
-
3
- import {Temporal} from '@js-temporal/polyfill';
4
- import {FieldMask} from '@databricks/sdk-core/wkt';
5
- import type {FieldMaskSchema} from '@databricks/sdk-core/wkt';
6
- import {z} from 'zod';
7
-
8
- export enum CustomerFacingVpcEndpointUseCase {
9
- WORKSPACE_ACCESS = 'WORKSPACE_ACCESS',
10
- DATAPLANE_RELAY_ACCESS = 'DATAPLANE_RELAY_ACCESS',
11
- /** General access, replaces WORKSPACE_ACCESS in customer-facing API. */
12
- GENERAL_ACCESS = 'GENERAL_ACCESS',
13
- }
14
-
15
- /**
16
- * The target resources that are supported by Network Connectivity Config.
17
- * Note: some egress types can support general types that are not defined in EgressResourceType.
18
- * E.g.: Azure private endpoint supports private link enabled Azure services.
19
- */
20
- export enum EgressResourceType {
21
- EGRESS_RESOURCE_TYPE_UNSPECIFIED = 'EGRESS_RESOURCE_TYPE_UNSPECIFIED',
22
- AZURE_BLOB_STORAGE = 'AZURE_BLOB_STORAGE',
23
- }
24
-
25
- export enum EndpointState {
26
- /** The endpoint is pending approval. */
27
- PENDING = 'PENDING',
28
- /** The endpoint has been approved and is ready for use. */
29
- APPROVED = 'APPROVED',
30
- /** The endpoint encountered some issues during setup. */
31
- FAILED = 'FAILED',
32
- /** The endpoint was once established but later disconnected. This endpoint doesn't provide connectivity. */
33
- DISCONNECTED = 'DISCONNECTED',
34
- }
35
-
36
- /**
37
- * Type of IP access list. Valid values are as follows and are case-sensitive:
38
- *
39
- * * `ALLOW`: An allow list. Include this IP or range.
40
- * * `BLOCK`: A block list. Exclude this IP or range. IP addresses in the block list are excluded even if they are included in an allow list.
41
- */
42
- export enum IpAccessListType {
43
- ALLOW = 'ALLOW',
44
- /** Blocks the associated CIDRs. */
45
- BLOCK = 'BLOCK',
46
- }
47
-
48
- export enum PrivateAccessLevel {
49
- /** Only specifically listed endpoints can access my workspace */
50
- ENDPOINT = 'ENDPOINT',
51
- /** Only endpoints in the same account can access my workspace */
52
- ACCOUNT = 'ACCOUNT',
53
- }
54
-
55
- export enum VpcStatus {
56
- VALID = 'VALID',
57
- BROKEN = 'BROKEN',
58
- UNATTACHED = 'UNATTACHED',
59
- /** Some optional tests are failing for this Vpc, see NetworkWarning for more information */
60
- WARNED = 'WARNED',
61
- }
62
-
63
- /**
64
- * Type of IP access list. Valid values are as follows and are case-sensitive:
65
- *
66
- * * `ALLOW`: An allow list. Include this IP or range.
67
- * * `BLOCK`: A block list. Exclude this IP or range. IP addresses in the block list are excluded even if they are included in an allow list.
68
- */
69
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
70
- export enum AccountIpAccessListType_IpAccessListType {
71
- /** Allows the associated CIDRs. */
72
- ALLOW = 'ALLOW',
73
- /** Blocks the associated CIDRs. */
74
- BLOCK = 'BLOCK',
75
- }
76
-
77
- /**
78
- * Qualifies the breadth of API access permitted by an ingress network policy rule.
79
- * API_SCOPE_QUALIFIER_READ narrows matching to read-only variants of the listed scopes;
80
- * API_SCOPE_QUALIFIER_ALL matches any scope. When unset, scopes match exactly as listed.
81
- */
82
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
83
- export enum CustomerFacingIngressNetworkPolicy_ApiScopeQualifier {
84
- /** Narrows matching to read-only variants of the listed scopes (e.g. GET/HEAD requests). */
85
- API_SCOPE_QUALIFIER_READ = 'API_SCOPE_QUALIFIER_READ',
86
- /** Matches any scope regardless of access level. */
87
- API_SCOPE_QUALIFIER_ALL = 'API_SCOPE_QUALIFIER_ALL',
88
- }
89
-
90
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
91
- export enum CustomerFacingIngressNetworkPolicy_Authentication_IdentityType {
92
- IDENTITY_TYPE_UNSPECIFIED = 'IDENTITY_TYPE_UNSPECIFIED',
93
- IDENTITY_TYPE_ALL_USERS = 'IDENTITY_TYPE_ALL_USERS',
94
- IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS = 'IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS',
95
- IDENTITY_TYPE_SELECTED_IDENTITIES = 'IDENTITY_TYPE_SELECTED_IDENTITIES',
96
- }
97
-
98
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
99
- export enum CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType {
100
- PRINCIPAL_TYPE_UNSPECIFIED = 'PRINCIPAL_TYPE_UNSPECIFIED',
101
- PRINCIPAL_TYPE_USER = 'PRINCIPAL_TYPE_USER',
102
- PRINCIPAL_TYPE_SERVICE_PRINCIPAL = 'PRINCIPAL_TYPE_SERVICE_PRINCIPAL',
103
- }
104
-
105
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
106
- export enum CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode {
107
- FULL_ACCESS = 'FULL_ACCESS',
108
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
109
- }
110
-
111
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
112
- export enum CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode {
113
- ALLOW_ALL_REGISTERED_ENDPOINTS = 'ALLOW_ALL_REGISTERED_ENDPOINTS',
114
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
115
- }
116
-
117
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
118
- export enum CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode {
119
- FULL_ACCESS = 'FULL_ACCESS',
120
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
121
- }
122
-
123
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
124
- export enum CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState {
125
- PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED = 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED',
126
- /** The endpoint has been approved and is ready to use in your serverless compute resources. */
127
- ESTABLISHED = 'ESTABLISHED',
128
- /** Connection was rejected by the private link resource owner. */
129
- REJECTED = 'REJECTED',
130
- /**
131
- * Connection was removed by the private link resource owner, the private endpoint becomes informative and should
132
- * be deleted for clean-up.
133
- */
134
- DISCONNECTED = 'DISCONNECTED',
135
- /** If the endpoint is created but not approved in 14 days, it is EXPIRED. */
136
- EXPIRED = 'EXPIRED',
137
- /** The endpoint has been created and pending approval. */
138
- PENDING = 'PENDING',
139
- /** The endpoint creation is in progress. */
140
- CREATING = 'CREATING',
141
- /** The endpoint creation failed. */
142
- CREATE_FAILED = 'CREATE_FAILED',
143
- }
144
-
145
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
146
- export enum CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState {
147
- PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED = 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED',
148
- /** The endpoint has been created and pending approval. */
149
- INIT = 'INIT',
150
- /** The endpoint has been approved and is ready to use in your serverless compute resources. */
151
- ESTABLISHED = 'ESTABLISHED',
152
- /** Connection was rejected by the private link resource owner. */
153
- REJECTED = 'REJECTED',
154
- /**
155
- * Connection was removed by the private link resource owner, the private endpoint becomes informative and should
156
- * be deleted for clean-up.
157
- */
158
- DISCONNECTED = 'DISCONNECTED',
159
- /** If the endpoint was created but not approved in 14 days, it will be EXPIRED. */
160
- EXPIRED = 'EXPIRED',
161
- /** The endpoint has been created and pending approval. */
162
- PENDING = 'PENDING',
163
- /** The endpoint creation is in progress. */
164
- CREATING = 'CREATING',
165
- /** The endpoint creation failed. */
166
- CREATE_FAILED = 'CREATE_FAILED',
167
- }
168
-
169
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
170
- export enum EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType {
171
- INTERNET_DESTINATION_TYPE_UNSPECIFIED = 'INTERNET_DESTINATION_TYPE_UNSPECIFIED',
172
- /** This is defined as `FQDN` in settings-policy/api/proto/messages.proto. Translation is done in accounts-lake-net-manager/src/util/NetworkPolicySettingUtil.scala. */
173
- DNS_NAME = 'DNS_NAME',
174
- }
175
-
176
- /** The values should match the list of workloads used in networkconfig.proto */
177
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
178
- export enum EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter {
179
- DRY_RUN_MODE_PRODUCT_FILTER_UNSPECIFIED = 'DRY_RUN_MODE_PRODUCT_FILTER_UNSPECIFIED',
180
- /** SQL Warehouse product */
181
- DBSQL = 'DBSQL',
182
- /** Machine Learning serving product */
183
- ML_SERVING = 'ML_SERVING',
184
- }
185
-
186
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
187
- export enum EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode {
188
- ENFORCEMENT_MODE_UNSPECIFIED = 'ENFORCEMENT_MODE_UNSPECIFIED',
189
- /** Blocks traffic that violates network policy. This is the default mode. */
190
- ENFORCED = 'ENFORCED',
191
- /** Logs violations without blocking traffic. Useful for testing policies before enforcement. */
192
- DRY_RUN = 'DRY_RUN',
193
- }
194
-
195
- /**
196
- * At which level can <Databricks> and <Databricks> managed compute access Internet.
197
- * FULL_ACCESS: <Databricks> can access Internet. No blocking rules will apply.
198
- * RESTRICTED_ACCESS: <Databricks> can only access explicitly allowed internet and storage destinations,
199
- * as well as UC connections and external locations.
200
- */
201
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
202
- export enum EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode {
203
- RESTRICTION_MODE_UNSPECIFIED = 'RESTRICTION_MODE_UNSPECIFIED',
204
- FULL_ACCESS = 'FULL_ACCESS',
205
- RESTRICTED_ACCESS = 'RESTRICTED_ACCESS',
206
- }
207
-
208
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
209
- export enum EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType {
210
- STORAGE_DESTINATION_TYPE_UNSPECIFIED = 'STORAGE_DESTINATION_TYPE_UNSPECIFIED',
211
- /**
212
- * AWS_S3 can be used both for direct AWS S3 access and for cross-cloud access from Azure and GCP
213
- * When used in an Azure/GCP context, this indicates cross-cloud access from Azure/GCP to the specified S3 bucket
214
- */
215
- AWS_S3 = 'AWS_S3',
216
- AZURE_STORAGE = 'AZURE_STORAGE',
217
- GOOGLE_CLOUD_STORAGE = 'GOOGLE_CLOUD_STORAGE',
218
- }
219
-
220
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
221
- export enum EndpointUseCase_EndpointUseCase {
222
- /** service-direct frontend private link connectivity. */
223
- SERVICE_DIRECT = 'SERVICE_DIRECT',
224
- }
225
-
226
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
227
- export enum NccPrivateEndpointRule_PrivateLinkConnectionState {
228
- PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED = 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED',
229
- /** The endpoint has been approved and is ready to use in your serverless compute resources. */
230
- ESTABLISHED = 'ESTABLISHED',
231
- /** Connection was rejected by the private link resource owner. */
232
- REJECTED = 'REJECTED',
233
- /**
234
- * Connection was removed by the private link resource owner, the private endpoint becomes informative and should
235
- * be deleted for clean-up.
236
- */
237
- DISCONNECTED = 'DISCONNECTED',
238
- /** If the endpoint was created but not approved in 14 days, it will be EXPIRED. */
239
- EXPIRED = 'EXPIRED',
240
- /** The endpoint has been created and pending approval. */
241
- PENDING = 'PENDING',
242
- /** The endpoint creation is in progress. */
243
- CREATING = 'CREATING',
244
- /** The endpoint creation failed. */
245
- CREATE_FAILED = 'CREATE_FAILED',
246
- }
247
-
248
- /** Definition of an IP Access list */
249
- export interface AccountIpAccessList {
250
- /** Universally unique identifier (UUID) of the IP access list. */
251
- listId?: string | undefined;
252
- /** Label for the IP access list. This **cannot** be empty. */
253
- label?: string | undefined;
254
- ipAddresses?: string[] | undefined;
255
- /** Total number of IP or CIDR values. */
256
- addressCount?: number | undefined;
257
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
258
- /** Creation timestamp in milliseconds. */
259
- createdAt?: bigint | undefined;
260
- /** The ID of the user that created this list. */
261
- createdBy?: bigint | undefined;
262
- /** Update timestamp in milliseconds. */
263
- updatedAt?: bigint | undefined;
264
- /** The ID of the user that last updated this list. */
265
- updatedBy?: bigint | undefined;
266
- /** Specifies whether this IP access list is enabled. */
267
- enabled?: boolean | undefined;
268
- }
269
-
270
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
271
- export interface AccountIpAccessListType {}
272
-
273
- export interface AccountNetworkPolicy {
274
- /** The unique identifier for the network policy. */
275
- networkPolicyId?: string | undefined;
276
- /** The associated account ID for this Network Policy object. */
277
- accountId?: string | undefined;
278
- /** The network policies applying for egress traffic. */
279
- egress?: EgressNetworkPolicy | undefined;
280
- /** The network policies applying for ingress traffic. */
281
- ingress?: CustomerFacingIngressNetworkPolicy | undefined;
282
- /**
283
- * The ingress policy for dry run mode. Dry run will always run even if the request
284
- * is allowed by the ingress policy. When this field is set, the policy will be evaluated
285
- * and emit logs only without blocking requests.
286
- */
287
- ingressDryRun?: CustomerFacingIngressNetworkPolicy | undefined;
288
- }
289
-
290
- export interface AzurePrivateEndpointInfo {
291
- /** The name of the Private Endpoint in the Azure subscription. */
292
- privateEndpointName?: string | undefined;
293
- /**
294
- * The GUID of the Private Endpoint resource in the Azure subscription.
295
- * This is assigned by Azure when the user sets up the Private Endpoint.
296
- */
297
- privateEndpointResourceGuid?: string | undefined;
298
- /** The full resource ID of the Private Endpoint. */
299
- privateEndpointResourceId?: string | undefined;
300
- /** The resource ID of the Databricks Private Link Service that this Private Endpoint connects to. */
301
- privateLinkServiceId?: string | undefined;
302
- }
303
-
304
- /** Details required to configure a block list or allow list. */
305
- export interface CreateAccountIpAccessListRequest {
306
- accountId?: string | undefined;
307
- label?: string | undefined;
308
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
309
- ipAddresses?: string[] | undefined;
310
- }
311
-
312
- /** An IP access list was successfully created. */
313
- export interface CreateAccountIpAccessListResponse {
314
- ipAccessList?: AccountIpAccessList | undefined;
315
- }
316
-
317
- export interface CreateEndpointRequest {
318
- /**
319
- * The parent resource name of the account under which the endpoint is created.
320
- * Format: `accounts/{account_id}`.
321
- */
322
- parent?: string | undefined;
323
- endpoint?: Endpoint | undefined;
324
- }
325
-
326
- /** Details required to configure a block list or allow list. */
327
- export interface CreateIpAccessList {
328
- /** Label for the IP access list. This **cannot** be empty. */
329
- label?: string | undefined;
330
- listType?: IpAccessListType | undefined;
331
- ipAddresses?: string[] | undefined;
332
- }
333
-
334
- /** An IP access list was successfully created. */
335
- export interface CreateIpAccessListResponse {
336
- ipAccessList?: IpAccessList | undefined;
337
- }
338
-
339
- /** Properties of the new private endpoint rule. */
340
- export interface CreateNccPrivateEndpointRuleRequest {
341
- /** Your Network Connectivity Configuration ID. */
342
- networkConnectivityConfigId?: string | undefined;
343
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
344
- accountId?: string | undefined;
345
- privateEndpointRule?: CreatePrivateEndpointRule | undefined;
346
- }
347
-
348
- /** Properties of the new network connectivity configuration. */
349
- export interface CreateNetworkConnectivityConfigRequest {
350
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
351
- accountId?: string | undefined;
352
- networkConnectivityConfig?:
353
- | CreateNetworkConnectivityConfiguration
354
- | undefined;
355
- }
356
-
357
- /** Properties of the new network connectivity configuration. */
358
- export interface CreateNetworkConnectivityConfiguration {
359
- /** <Databricks> network connectivity configuration ID. */
360
- networkConnectivityConfigId?: string | undefined;
361
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
362
- accountId?: string | undefined;
363
- /**
364
- * The name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens,
365
- * and underscores. The length must be between 3 and 30 characters. The name must match the regular
366
- * expression ^[0-9a-zA-Z-_]{3,30}$
367
- */
368
- name?: string | undefined;
369
- /**
370
- * The region for the network connectivity configuration.
371
- * Only workspaces in the same region can be attached to the network connectivity configuration.
372
- */
373
- region?: string | undefined;
374
- /** The network connectivity rules that apply to network traffic from your serverless compute resources. */
375
- egressConfig?:
376
- | CustomerFacingNetworkConnectivityConfigEgressConfig
377
- | undefined;
378
- /** Time in epoch milliseconds when this object was updated. */
379
- updatedTime?: bigint | undefined;
380
- /** Time in epoch milliseconds when this object was created. */
381
- creationTime?: bigint | undefined;
382
- }
383
-
384
- export interface CreateNetworkPolicyRequest {
385
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
386
- accountId?: string | undefined;
387
- /** Network policy configuration details. */
388
- networkPolicy?: AccountNetworkPolicy | undefined;
389
- }
390
-
391
- export interface CreateNetworkRequest {
392
- accountId?: string | undefined;
393
- /** The human-readable name of the network configuration. */
394
- networkName?: string | undefined;
395
- /** The ID of the VPC associated with this network configuration. VPC IDs can be used in multiple networks. */
396
- vpcId?: string | undefined;
397
- /** IDs of at least two subnets associated with this network. Subnet IDs **cannot** be used in multiple network configurations. */
398
- subnetIds?: string[] | undefined;
399
- /** IDs of one to five security groups associated with this network. Security group IDs **cannot** be used in multiple network configurations. */
400
- securityGroupIds?: string[] | undefined;
401
- vpcEndpoints?: NetworkVpcEndpoints | undefined;
402
- gcpNetworkInfo?: GcpNetworkInfo | undefined;
403
- }
404
-
405
- export interface CreatePrivateAccessSettingsRequest {
406
- accountId?: string | undefined;
407
- /** The human-readable name of the private access settings object. */
408
- privateAccessSettingsName?: string | undefined;
409
- /** The AWS region for workspaces attached to this private access settings object. */
410
- region?: string | undefined;
411
- /** Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. */
412
- publicAccessEnabled?: boolean | undefined;
413
- /**
414
- * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object.
415
- * `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your <Databricks> account connect to your workspace.
416
- * `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids.
417
- */
418
- privateAccessLevel?: PrivateAccessLevel | undefined;
419
- /**
420
- * An array of Databricks VPC endpoint IDs. This is the <Databricks> ID returned when registering the VPC endpoint configuration in your <Databricks> account. This is not the ID of the VPC endpoint in AWS.
421
- * Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints registered in your <Databricks> account that can connect to your workspace over AWS PrivateLink.
422
- * Note: If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists.
423
- */
424
- allowedVpcEndpointIds?: string[] | undefined;
425
- }
426
-
427
- /**
428
- * Properties of the new private endpoint rule.
429
- * Note that you must approve the endpoint in Azure portal after initialization.
430
- */
431
- export interface CreatePrivateEndpointRule {
432
- /** The ID of a private endpoint rule. */
433
- ruleId?: string | undefined;
434
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
435
- networkConnectivityConfigId?: string | undefined;
436
- /**
437
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
438
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console
439
- * before they take effect.
440
- * The possible values are:
441
- * - PENDING: The endpoint has been created and pending approval.
442
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
443
- * - REJECTED: Connection was rejected by the private link resource owner.
444
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
445
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
446
- * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING.
447
- * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details.
448
- */
449
- connectionState?:
450
- | NccPrivateEndpointRule_PrivateLinkConnectionState
451
- | undefined;
452
- /**
453
- * Only used by private endpoints to customer-managed private endpoint services.
454
- *
455
- * Domain names of target private link service.
456
- * When updating this field, the full list of target domain_names must be specified.
457
- */
458
- domainNames?: string[] | undefined;
459
- /** Time in epoch milliseconds when this object was created. */
460
- creationTime?: bigint | undefined;
461
- /** Time in epoch milliseconds when this object was updated. */
462
- updatedTime?: bigint | undefined;
463
- /** Whether this private endpoint is deactivated. */
464
- deactivated?: boolean | undefined;
465
- /** Time in epoch milliseconds when this object was deactivated. */
466
- deactivatedAt?: bigint | undefined;
467
- errorMessage?: string | undefined;
468
- /** The Azure resource ID of the target resource. */
469
- resourceId?: string | undefined;
470
- /**
471
- * Not used by customer-managed private endpoint services.
472
- *
473
- * The sub-resource type (group ID) of the target resource.
474
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
475
- */
476
- groupId?: string | undefined;
477
- /** The name of the Azure private endpoint resource. */
478
- endpointName?: string | undefined;
479
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
480
- accountId?: string | undefined;
481
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
482
- endpointService?: string | undefined;
483
- /**
484
- * Only used by private endpoints towards AWS S3 service.
485
- *
486
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
487
- * The bucket names must be in the same region as the NCC/endpoint service.
488
- * When updating this field, we perform full update on this field. Please ensure a full list of desired
489
- * resource_names is provided.
490
- */
491
- resourceNames?: string[] | undefined;
492
- /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by <Databricks>. */
493
- vpcEndpointId?: string | undefined;
494
- /**
495
- * Update this field to activate/deactivate this private endpoint to allow egress access from
496
- * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3).
497
- */
498
- enabled?: boolean | undefined;
499
- endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined;
500
- }
501
-
502
- export interface CreateVpcEndpointRequest {
503
- accountId?: string | undefined;
504
- /** The human-readable name of the storage configuration. */
505
- vpcEndpointName?: string | undefined;
506
- /** The region in which this VPC endpoint object exists. */
507
- region?: string | undefined;
508
- /** The ID of the VPC endpoint object in AWS. */
509
- awsVpcEndpointId?: string | undefined;
510
- vpcEndpointInfo?:
511
- | {
512
- $case: 'gcpVpcEndpointInfo';
513
- /** The cloud info of this vpc endpoint. */
514
- gcpVpcEndpointInfo: CustomerFacingGcpVpcEndpointInfo;
515
- }
516
- | undefined;
517
- }
518
-
519
- export interface CustomerFacingGcpVpcEndpointInfo {
520
- pscConnectionId?: string | undefined;
521
- projectId?: string | undefined;
522
- pscEndpointName?: string | undefined;
523
- endpointRegion?: string | undefined;
524
- serviceAttachmentId?: string | undefined;
525
- }
526
-
527
- /**
528
- * This proto is under development.
529
- * The network policies applying for ingress traffic.
530
- * Any changes here should also be synced to estore/namespaces/lakehousenetworkmanager/latest.proto.
531
- */
532
- export interface CustomerFacingIngressNetworkPolicy {
533
- /**
534
- * The network policy restrictions for public access to the workspace.
535
- * Configures how public internet traffic is allowed or denied access.
536
- */
537
- publicAccess?: CustomerFacingIngressNetworkPolicy_PublicAccess | undefined;
538
- /**
539
- * The network policy restrictions for private access to the workspace.
540
- * Configures how registered private endpoints are allowed or denied access.
541
- */
542
- privateAccess?: CustomerFacingIngressNetworkPolicy_PrivateAccess | undefined;
543
- crossWorkspaceAccess?:
544
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess
545
- | undefined;
546
- }
547
-
548
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
549
- export interface CustomerFacingIngressNetworkPolicy_AccountApiDestination {
550
- scopes?: string[] | undefined;
551
- /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */
552
- scopeQualifier?:
553
- | CustomerFacingIngressNetworkPolicy_ApiScopeQualifier
554
- | undefined;
555
- }
556
-
557
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
558
- export interface CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination {
559
- /** Must be set to true. */
560
- allDestinations?: boolean | undefined;
561
- }
562
-
563
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
564
- export interface CustomerFacingIngressNetworkPolicy_AccountUiDestination {
565
- /** Must be set to true. */
566
- allDestinations?: boolean | undefined;
567
- }
568
-
569
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
570
- export interface CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination {
571
- /** Must be set to true. */
572
- allDestinations?: boolean | undefined;
573
- }
574
-
575
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
576
- export interface CustomerFacingIngressNetworkPolicy_Authentication {
577
- identityType?:
578
- | CustomerFacingIngressNetworkPolicy_Authentication_IdentityType
579
- | undefined;
580
- /** Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES. */
581
- identities?:
582
- | CustomerFacingIngressNetworkPolicy_AuthenticationIdentity[]
583
- | undefined;
584
- }
585
-
586
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
587
- export interface CustomerFacingIngressNetworkPolicy_AuthenticationIdentity {
588
- principalType?:
589
- | CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType
590
- | undefined;
591
- principalId?: bigint | undefined;
592
- }
593
-
594
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
595
- export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess {
596
- restrictionMode?:
597
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode
598
- | undefined;
599
- denyRules?:
600
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule[]
601
- | undefined;
602
- allowRules?:
603
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule[]
604
- | undefined;
605
- }
606
-
607
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
608
- export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule {
609
- origin?:
610
- | CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin
611
- | undefined;
612
- destination?:
613
- | CustomerFacingIngressNetworkPolicy_RequestDestination
614
- | undefined;
615
- authentication?:
616
- | CustomerFacingIngressNetworkPolicy_Authentication
617
- | undefined;
618
- /** The label for this ingress rule. */
619
- label?: string | undefined;
620
- }
621
-
622
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
623
- export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin {
624
- source?:
625
- | {
626
- $case: 'allSourceWorkspaces';
627
- /** Matches all source workspaces. */
628
- allSourceWorkspaces: boolean;
629
- }
630
- | {
631
- $case: 'selectedWorkspaces';
632
- /** Specific source workspace IDs to match. */
633
- selectedWorkspaces: CustomerFacingIngressNetworkPolicy_WorkspaceIdList;
634
- }
635
- | undefined;
636
- }
637
-
638
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
639
- export interface CustomerFacingIngressNetworkPolicy_Endpoints {
640
- endpointIds?: string[] | undefined;
641
- }
642
-
643
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
644
- export interface CustomerFacingIngressNetworkPolicy_IpRanges {
645
- /** We only support IPv4 and IPv4 CIDR notation for now. */
646
- ipRanges?: string[] | undefined;
647
- }
648
-
649
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
650
- export interface CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination {
651
- /** Must be set to true. */
652
- allDestinations?: boolean | undefined;
653
- }
654
-
655
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
656
- export interface CustomerFacingIngressNetworkPolicy_PrivateAccess {
657
- restrictionMode?:
658
- | CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode
659
- | undefined;
660
- denyRules?:
661
- | CustomerFacingIngressNetworkPolicy_PrivateIngressRule[]
662
- | undefined;
663
- allowRules?:
664
- | CustomerFacingIngressNetworkPolicy_PrivateIngressRule[]
665
- | undefined;
666
- }
667
-
668
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
669
- export interface CustomerFacingIngressNetworkPolicy_PrivateIngressRule {
670
- origin?: CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin | undefined;
671
- destination?:
672
- | CustomerFacingIngressNetworkPolicy_RequestDestination
673
- | undefined;
674
- authentication?:
675
- | CustomerFacingIngressNetworkPolicy_Authentication
676
- | undefined;
677
- /** The label for this ingress rule. */
678
- label?: string | undefined;
679
- }
680
-
681
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
682
- export interface CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin {
683
- source?:
684
- | {
685
- $case: 'endpoints';
686
- endpoints: CustomerFacingIngressNetworkPolicy_Endpoints;
687
- }
688
- | {$case: 'allRegisteredEndpoints'; allRegisteredEndpoints: boolean}
689
- | {$case: 'azureWorkspacePrivateLink'; azureWorkspacePrivateLink: boolean}
690
- | {$case: 'allPrivateAccess'; allPrivateAccess: boolean}
691
- | undefined;
692
- }
693
-
694
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
695
- export interface CustomerFacingIngressNetworkPolicy_PublicAccess {
696
- restrictionMode?:
697
- | CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode
698
- | undefined;
699
- denyRules?:
700
- | CustomerFacingIngressNetworkPolicy_PublicIngressRule[]
701
- | undefined;
702
- allowRules?:
703
- | CustomerFacingIngressNetworkPolicy_PublicIngressRule[]
704
- | undefined;
705
- }
706
-
707
- /**
708
- * An ingress rule is enforced when a request satisfies all
709
- * specified attributes — including request origin, destination, and authentication.
710
- */
711
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
712
- export interface CustomerFacingIngressNetworkPolicy_PublicIngressRule {
713
- origin?: CustomerFacingIngressNetworkPolicy_PublicRequestOrigin | undefined;
714
- destination?:
715
- | CustomerFacingIngressNetworkPolicy_RequestDestination
716
- | undefined;
717
- authentication?:
718
- | CustomerFacingIngressNetworkPolicy_Authentication
719
- | undefined;
720
- /** The label for this ingress rule. */
721
- label?: string | undefined;
722
- }
723
-
724
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
725
- export interface CustomerFacingIngressNetworkPolicy_PublicRequestOrigin {
726
- source?:
727
- | {
728
- $case: 'allIpRanges';
729
- /** Matches all IPv4 and IPv6 ranges (both public and private). */
730
- allIpRanges: boolean;
731
- }
732
- | {
733
- $case: 'includedIpRanges';
734
- /** Will not allow IP ranges with private IPs. */
735
- includedIpRanges: CustomerFacingIngressNetworkPolicy_IpRanges;
736
- }
737
- | {
738
- $case: 'excludedIpRanges';
739
- /** Excluded means: all public IP ranges except this one. */
740
- excludedIpRanges: CustomerFacingIngressNetworkPolicy_IpRanges;
741
- }
742
- | undefined;
743
- }
744
-
745
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
746
- export interface CustomerFacingIngressNetworkPolicy_RequestDestination {
747
- /**
748
- * When true, match all destinations, no other destination fields can be set.
749
- * When not set or false, at least one specific destination must be provided.
750
- */
751
- allDestinations?: boolean | undefined;
752
- workspaceUi?:
753
- | CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination
754
- | undefined;
755
- workspaceApi?:
756
- | CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination
757
- | undefined;
758
- appsRuntime?:
759
- | CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination
760
- | undefined;
761
- lakebaseRuntime?:
762
- | CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination
763
- | undefined;
764
- accountUi?:
765
- | CustomerFacingIngressNetworkPolicy_AccountUiDestination
766
- | undefined;
767
- accountApi?:
768
- | CustomerFacingIngressNetworkPolicy_AccountApiDestination
769
- | undefined;
770
- /**
771
- * Account DatabricksOne destination is not supported.
772
- * DO NOT change the stage of this destination past PRIVATE_PREVIEW.
773
- */
774
- accountDatabricksOne?:
775
- | CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination
776
- | undefined;
777
- }
778
-
779
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
780
- export interface CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination {
781
- scopes?: string[] | undefined;
782
- /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */
783
- scopeQualifier?:
784
- | CustomerFacingIngressNetworkPolicy_ApiScopeQualifier
785
- | undefined;
786
- }
787
-
788
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
789
- export interface CustomerFacingIngressNetworkPolicy_WorkspaceIdList {
790
- workspaceIds?: bigint[] | undefined;
791
- }
792
-
793
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
794
- export interface CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination {
795
- /** Must be set to true. */
796
- allDestinations?: boolean | undefined;
797
- }
798
-
799
- /** Properties of the new network connectivity configuration. */
800
- export interface CustomerFacingNetworkConnectivityConfig {
801
- /** <Databricks> network connectivity configuration ID. */
802
- networkConnectivityConfigId?: string | undefined;
803
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
804
- accountId?: string | undefined;
805
- /**
806
- * The name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens,
807
- * and underscores. The length must be between 3 and 30 characters. The name must match the regular
808
- * expression ^[0-9a-zA-Z-_]{3,30}$
809
- */
810
- name?: string | undefined;
811
- /**
812
- * The region for the network connectivity configuration.
813
- * Only workspaces in the same region can be attached to the network connectivity configuration.
814
- */
815
- region?: string | undefined;
816
- /** The network connectivity rules that apply to network traffic from your serverless compute resources. */
817
- egressConfig?:
818
- | CustomerFacingNetworkConnectivityConfigEgressConfig
819
- | undefined;
820
- /** Time in epoch milliseconds when this object was updated. */
821
- updatedTime?: bigint | undefined;
822
- /** Time in epoch milliseconds when this object was created. */
823
- creationTime?: bigint | undefined;
824
- }
825
-
826
- /**
827
- * Properties of the new private endpoint rule.
828
- * Note that for private endpoints towards a VPC endpoint service behind a customer-managed NLB,
829
- * you must approve the endpoint in AWS console after initialization.
830
- */
831
- export interface CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule {
832
- /** The ID of a private endpoint rule. */
833
- ruleId?: string | undefined;
834
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
835
- networkConnectivityConfigId?: string | undefined;
836
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
837
- accountId?: string | undefined;
838
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
839
- endpointService?: string | undefined;
840
- /**
841
- * Only used by private endpoints towards a VPC endpoint service for customer-managed VPC endpoint service.
842
- *
843
- * The target AWS resource FQDNs accessible via the VPC endpoint service.
844
- * When updating this field, we perform full update on this field. Please ensure a full list of desired domain_names is provided.
845
- */
846
- domainNames?: string[] | undefined;
847
- /**
848
- * Only used by private endpoints towards AWS S3 service.
849
- *
850
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
851
- * The bucket names must be in the same region as the NCC/endpoint service.
852
- * When updating this field, we perform full update on this field.
853
- * Please ensure a full list of desired resource_names is provided.
854
- */
855
- resourceNames?: string[] | undefined;
856
- /** The AWS VPC endpoint ID. You can use this ID to identify VPC endpoint created by <Databricks>. */
857
- vpcEndpointId?: string | undefined;
858
- /**
859
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
860
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the AWS console
861
- * before they take effect.
862
- * The possible values are:
863
- * - PENDING: The endpoint has been created and pending approval.
864
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
865
- * - REJECTED: Connection was rejected by the private link resource owner.
866
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
867
- * - EXPIRED: If the endpoint is created but not approved in 14 days, it is EXPIRED.
868
- */
869
- connectionState?:
870
- | CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState
871
- | undefined;
872
- /** Time in epoch milliseconds when this object was created. */
873
- creationTime?: bigint | undefined;
874
- /** Time in epoch milliseconds when this object was updated. */
875
- updatedTime?: bigint | undefined;
876
- /** Whether this private endpoint is deactivated. */
877
- deactivated?: boolean | undefined;
878
- /** Time in epoch milliseconds when this object was deactivated. */
879
- deactivatedAt?: bigint | undefined;
880
- /**
881
- * Only used by private endpoints towards an AWS S3 service.
882
- *
883
- * Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources.
884
- */
885
- enabled?: boolean | undefined;
886
- errorMessage?: string | undefined;
887
- }
888
-
889
- /**
890
- * Properties of the new private endpoint rule.
891
- * Note that you must approve the endpoint in Azure portal after initialization.
892
- */
893
- export interface CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule {
894
- /** The ID of a private endpoint rule. */
895
- ruleId?: string | undefined;
896
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
897
- networkConnectivityConfigId?: string | undefined;
898
- /** The Azure resource ID of the target resource. */
899
- resourceId?: string | undefined;
900
- /**
901
- * Only used by private endpoints to Azure first-party services.
902
- *
903
- * The sub-resource type (group ID) of the target resource.
904
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
905
- */
906
- groupId?: string | undefined;
907
- /** The name of the Azure private endpoint resource. */
908
- endpointName?: string | undefined;
909
- /**
910
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
911
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal
912
- * before they take effect.
913
- * The possible values are:
914
- * - INIT: (deprecated) The endpoint has been created and pending approval.
915
- * - PENDING: The endpoint has been created and pending approval.
916
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
917
- * - REJECTED: Connection was rejected by the private link resource owner.
918
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
919
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
920
- */
921
- connectionState?:
922
- | CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState
923
- | undefined;
924
- /** Time in epoch milliseconds when this object was created. */
925
- creationTime?: bigint | undefined;
926
- /** Time in epoch milliseconds when this object was updated. */
927
- updatedTime?: bigint | undefined;
928
- /** Whether this private endpoint is deactivated. */
929
- deactivated?: boolean | undefined;
930
- /** Time in epoch milliseconds when this object was deactivated. */
931
- deactivatedAt?: bigint | undefined;
932
- /**
933
- * Not used by customer-managed private endpoint services.
934
- *
935
- * Domain names of target private link service.
936
- * When updating this field, the full list of target domain_names must be specified.
937
- */
938
- domainNames?: string[] | undefined;
939
- errorMessage?: string | undefined;
940
- }
941
-
942
- export interface CustomerFacingNetworkConnectivityConfigEgressConfig {
943
- /**
944
- * The network connectivity rules that are applied by default without resource specific configurations.
945
- * You can find the stable network information of your serverless compute resources here.
946
- */
947
- defaultRules?: NetworkConnectivityConfigEgressConfig_DefaultRule | undefined;
948
- /** The network connectivity rules that configured for each destinations. These rules override default rules. */
949
- targetRules?:
950
- | CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule
951
- | undefined;
952
- }
953
-
954
- /** Target rule controls the egress rules that are dedicated to specific resources. */
955
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
956
- export interface CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule {
957
- azurePrivateEndpointRules?:
958
- | CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule[]
959
- | undefined;
960
- /** AWS private endpoint rule controls the AWS private endpoint based egress rules. */
961
- awsPrivateEndpointRules?:
962
- | CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule[]
963
- | undefined;
964
- }
965
-
966
- /** * */
967
- export interface CustomerFacingPrivateAccessSettings {
968
- /** <Databricks> private access settings ID. */
969
- privateAccessSettingsId?: string | undefined;
970
- /** The <Databricks> account ID that hosts the private access settings. */
971
- accountId?: string | undefined;
972
- /** The human-readable name of the private access settings object. */
973
- privateAccessSettingsName?: string | undefined;
974
- /** The AWS region for workspaces attached to this private access settings object. */
975
- region?: string | undefined;
976
- /** Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. */
977
- publicAccessEnabled?: boolean | undefined;
978
- /**
979
- * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object.
980
- * `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your <Databricks> account connect to your workspace.
981
- * `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids.
982
- */
983
- privateAccessLevel?: PrivateAccessLevel | undefined;
984
- /**
985
- * An array of Databricks VPC endpoint IDs. This is the <Databricks> ID that is returned when registering the VPC endpoint configuration in your <Databricks> account. This is not the ID of the VPC endpoint in AWS.
986
- * Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints that in your account that can connect to your workspace over AWS PrivateLink.
987
- * If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists.
988
- */
989
- allowedVpcEndpointIds?: string[] | undefined;
990
- }
991
-
992
- /** * */
993
- export interface CustomerFacingVpcEndpoint {
994
- /** Databricks VPC endpoint ID. This is the <Databricks>-specific name of the VPC endpoint. Do not confuse this with the `aws_vpc_endpoint_id`, which is the ID within AWS of the VPC endpoint. */
995
- vpcEndpointId?: string | undefined;
996
- /**
997
- * The <Databricks> account ID that hosts the VPC endpoint configuration.
998
- * TODO - This may signal an OpenAPI diff; it does not show up in the generated spec
999
- */
1000
- accountId?: string | undefined;
1001
- /** The human-readable name of the storage configuration. */
1002
- vpcEndpointName?: string | undefined;
1003
- /** The ID of the VPC endpoint object in AWS. */
1004
- awsVpcEndpointId?: string | undefined;
1005
- /** The ID of the <Databricks> [endpoint service](https://docs.aws.amazon.com/vpc/latest/privatelink/endpoint-service.html) that this VPC endpoint is connected to. For a list of endpoint service IDs for each supported AWS region, see the [Databricks PrivateLink documentation](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html). */
1006
- awsEndpointServiceId?: string | undefined;
1007
- /**
1008
- * This enumeration represents the type of Databricks VPC endpoint service that was used when creating this VPC endpoint.
1009
- * If the VPC endpoint connects to the <Databricks> control plane for either the front-end connection or the back-end REST API connection, the value is GENERAL_ACCESS.
1010
- * If the VPC endpoint connects to the <Databricks> workspace for the back-end secure cluster connectivity relay, the value is DATAPLANE_RELAY_ACCESS.
1011
- */
1012
- useCase?: CustomerFacingVpcEndpointUseCase | undefined;
1013
- /** The AWS region in which this VPC endpoint object exists. */
1014
- region?: string | undefined;
1015
- /** The AWS Account in which the VPC endpoint object exists. */
1016
- awsAccountId?: string | undefined;
1017
- /** The current state (such as `available` or `rejected`) of the VPC endpoint. Derived from AWS. For the full set of values, see [AWS DescribeVpcEndpoint documentation](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html). */
1018
- state?: string | undefined;
1019
- vpcEndpointInfo?:
1020
- | {
1021
- $case: 'gcpVpcEndpointInfo';
1022
- /**
1023
- * The cloud info of this vpc endpoint.
1024
- * Info for a GCP vpc endpoint.
1025
- */
1026
- gcpVpcEndpointInfo: CustomerFacingGcpVpcEndpointInfo;
1027
- }
1028
- | undefined;
1029
- }
1030
-
1031
- /** Next Id: 3 */
1032
- export interface DeleteAccountIpAccessListRequest {
1033
- accountId?: string | undefined;
1034
- /** The ID for the corresponding IP access list */
1035
- listId?: string | undefined;
1036
- }
1037
-
1038
- /** The IP access list was successfully deleted. */
1039
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1040
- export interface DeleteAccountIpAccessListResponse {}
1041
-
1042
- export interface DeleteEndpointRequest {
1043
- name?: string | undefined;
1044
- }
1045
-
1046
- export interface DeleteIpAccessList {
1047
- /** The ID for the corresponding IP access list */
1048
- listId?: string | undefined;
1049
- }
1050
-
1051
- /** The IP access list was successfully deleted. */
1052
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1053
- export interface DeleteIpAccessListResponse {}
1054
-
1055
- /**
1056
- * Initiates deleting a private endpoint rule. If the connection state is PENDING or EXPIRED, the private endpoint is
1057
- * immediately deleted. Otherwise, the private endpoint is deactivated and will be deleted after one day of
1058
- * deactivation. When a private endpoint is deactivated, the deactivated field is set to true and the private endpoint
1059
- * is not available to your serverless compute resources.
1060
- */
1061
- export interface DeleteNccPrivateEndpointRuleRequest {
1062
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1063
- accountId?: string | undefined;
1064
- /** Your Network Connectvity Configuration ID. */
1065
- networkConnectivityConfigId?: string | undefined;
1066
- /** Your private endpoint rule ID. */
1067
- privateEndpointRuleId?: string | undefined;
1068
- }
1069
-
1070
- export interface DeleteNetworkConnectivityConfigRequest {
1071
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1072
- accountId?: string | undefined;
1073
- /** Your Network Connectivity Configuration ID. */
1074
- networkConnectivityConfigId?: string | undefined;
1075
- }
1076
-
1077
- export interface DeleteNetworkPolicyRequest {
1078
- /** The unique identifier of the network policy to delete. */
1079
- networkPolicyId?: string | undefined;
1080
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1081
- accountId?: string | undefined;
1082
- }
1083
-
1084
- export interface DeleteNetworkRequest {
1085
- /** Databricks Account API network configuration ID. */
1086
- networkId?: string | undefined;
1087
- accountId?: string | undefined;
1088
- }
1089
-
1090
- export interface DeletePrivateAccessSettingsRequest {
1091
- privateAccessSettingsId?: string | undefined;
1092
- accountId?: string | undefined;
1093
- }
1094
-
1095
- export interface DeleteVpcEndpointRequest {
1096
- vpcEndpointId?: string | undefined;
1097
- accountId?: string | undefined;
1098
- }
1099
-
1100
- /**
1101
- * The network policies applying for egress traffic.
1102
- * This message is used by the UI/REST API. We translate this message to the format expected by the
1103
- * dataplane in Lakehouse Network Manager (for the format expected by the dataplane, see networkconfig.textproto).
1104
- * This policy should be consistent with [[com.databricks.api.proto.settingspolicy.EgressNetworkPolicy]].
1105
- * Details see API-design: https://docs.google.com/document/d/1DKWO_FpZMCY4cF2O62LpwII1lx8gsnDGG-qgE3t3TOA/
1106
- */
1107
- export interface EgressNetworkPolicy {
1108
- /** The access policy enforced for egress traffic to the internet. */
1109
- networkAccess?: EgressNetworkPolicy_NetworkAccessPolicy | undefined;
1110
- }
1111
-
1112
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1113
- export interface EgressNetworkPolicy_NetworkAccessPolicy {
1114
- /** The restriction mode that controls how serverless workloads can access the internet. */
1115
- restrictionMode?:
1116
- | EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode
1117
- | undefined;
1118
- /** List of internet destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode. */
1119
- allowedInternetDestinations?:
1120
- | EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination[]
1121
- | undefined;
1122
- /** List of storage destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode. */
1123
- allowedStorageDestinations?:
1124
- | EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination[]
1125
- | undefined;
1126
- /** Optional. When policy_enforcement is not provided, we default to ENFORCE_MODE_ALL_SERVICES */
1127
- policyEnforcement?:
1128
- | EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement
1129
- | undefined;
1130
- /**
1131
- * List of internet destinations that serverless workloads are blocked from accessing.
1132
- * These destinations are enforced when restriction mode is RESTRICTED_ACCESS or DRY_RUN.
1133
- * Currently supports DNS_NAME type only; IP_RANGE support is planned.
1134
- */
1135
- blockedInternetDestinations?:
1136
- | EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination[]
1137
- | undefined;
1138
- }
1139
-
1140
- /**
1141
- * Users can specify accessible internet destinations when outbound access is restricted.
1142
- * We only support DNS_NAME (FQDN format) destinations for the time being.
1143
- * Going forward we may extend support to host names and IP addresses.
1144
- */
1145
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1146
- export interface EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination {
1147
- /** The internet destination to which access will be allowed. Format dependent on the destination type. */
1148
- destination?: string | undefined;
1149
- /** The type of internet destination. Currently only DNS_NAME is supported. */
1150
- internetDestinationType?:
1151
- | EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType
1152
- | undefined;
1153
- }
1154
-
1155
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1156
- export interface EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement {
1157
- /**
1158
- * The mode of policy enforcement. ENFORCED blocks traffic that violates policy,
1159
- * while DRY_RUN only logs violations without blocking. When not specified,
1160
- * defaults to ENFORCED.
1161
- */
1162
- enforcementMode?:
1163
- | EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode
1164
- | undefined;
1165
- /**
1166
- * When empty, it means dry run for all products.
1167
- * When non-empty, it means dry run for specific products and for the other products, they will run in enforced mode.
1168
- */
1169
- dryRunModeProductFilter?:
1170
- | EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter[]
1171
- | undefined;
1172
- }
1173
-
1174
- /** Users can specify accessible storage destinations. */
1175
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1176
- export interface EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination {
1177
- bucketName?: string | undefined;
1178
- region?: string | undefined;
1179
- /** The type of storage destination. */
1180
- storageDestinationType?:
1181
- | EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType
1182
- | undefined;
1183
- /** The Azure storage account name. */
1184
- azureStorageAccount?: string | undefined;
1185
- /** The Azure storage service type (blob, dfs, etc.). */
1186
- azureStorageService?: string | undefined;
1187
- }
1188
-
1189
- /** Endpoint represents a cloud networking resource in a user's cloud account and binds it to the <Databricks> account. */
1190
- export interface Endpoint {
1191
- /** The resource name of the endpoint, which uniquely identifies the endpoint. */
1192
- name?: string | undefined;
1193
- /** The unique identifier for this endpoint under the account. This field is a UUID generated by <Databricks>. */
1194
- endpointId?: string | undefined;
1195
- /** The Databricks Account in which the endpoint object exists. */
1196
- accountId?: string | undefined;
1197
- /**
1198
- * The human-readable display name of this endpoint.
1199
- * The input should conform to RFC-1034, which restricts to letters, numbers, and hyphens,
1200
- * with the first character a letter, the last a letter or a number, and a 63 character maximum.
1201
- */
1202
- displayName?: string | undefined;
1203
- /**
1204
- * The use case that determines the type of network connectivity this endpoint provides.
1205
- * This field is automatically determined based on the endpoint configuration and cloud-specific settings.
1206
- */
1207
- useCase?: EndpointUseCase_EndpointUseCase | undefined;
1208
- /** The cloud provider region where this endpoint is located. */
1209
- region?: string | undefined;
1210
- /** The state of the endpoint. The endpoint can only be used if the state is `APPROVED`. */
1211
- state?: EndpointState | undefined;
1212
- /**
1213
- * The cloud info of this endpoint.
1214
- * (-- For now it only supports Azure PL, but in future we can support other clouds and more use cases (e.g. public endpoint) --)
1215
- */
1216
- endpointInfo?:
1217
- | {
1218
- $case: 'azurePrivateEndpointInfo';
1219
- /** Info for an Azure private endpoint. */
1220
- azurePrivateEndpointInfo: AzurePrivateEndpointInfo;
1221
- }
1222
- | undefined;
1223
- /** The timestamp when the endpoint was created. The timestamp is in RFC 3339 format in UTC timezone. */
1224
- createTime?: Temporal.Instant | undefined;
1225
- }
1226
-
1227
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1228
- export interface EndpointUseCase {}
1229
-
1230
- export interface GcpEndpoint {
1231
- /** Output only. The URI of the created PSC endpoint. */
1232
- pscEndpointUri?: string | undefined;
1233
- /** Selects which target services this private endpoint reaches. */
1234
- targetServices?:
1235
- | {
1236
- $case: 'serviceAttachment';
1237
- /**
1238
- * The full url of the target service attachment.
1239
- * Example:
1240
- * projects/my-gcp-project/regions/us-east4/serviceAttachments/my-service-attachment
1241
- */
1242
- serviceAttachment: string;
1243
- }
1244
- | undefined;
1245
- }
1246
-
1247
- export interface GcpNetworkInfo {
1248
- /** The GCP project ID for network resources. This project is where the VPC and subnet resides. */
1249
- networkProjectId?: string | undefined;
1250
- /** The customer-provided VPC ID. */
1251
- vpcId?: string | undefined;
1252
- /**
1253
- * The customer-provided Subnet ID that will be available to Clusters in Workspaces using this
1254
- * Network.
1255
- */
1256
- subnetId?: string | undefined;
1257
- subnetRegion?: string | undefined;
1258
- /**
1259
- * Name of the secondary range within the subnet that will be used by GKE as Pod IP range.
1260
- * This is BYO VPC specific. DB VPC uses network.getGcpManagedNetworkConfig.getGkeClusterPodIpRange
1261
- */
1262
- podIpRangeName?: string | undefined;
1263
- /** Name of the secondary range within the subnet that will be used by GKE as Service IP range. */
1264
- serviceIpRangeName?: string | undefined;
1265
- }
1266
-
1267
- /** Next Id: 3 */
1268
- export interface GetAccountIpAccessListRequest {
1269
- accountId?: string | undefined;
1270
- /** The ID for the corresponding IP access list */
1271
- listId?: string | undefined;
1272
- }
1273
-
1274
- export interface GetAccountIpAccessListResponse {
1275
- ipAccessList?: AccountIpAccessList | undefined;
1276
- }
1277
-
1278
- export interface GetEndpointRequest {
1279
- name?: string | undefined;
1280
- }
1281
-
1282
- export interface GetIpAccessList {
1283
- /** The ID for the corresponding IP access list */
1284
- listId?: string | undefined;
1285
- }
1286
-
1287
- /** An IP access list was successfully returned. */
1288
- export interface GetIpAccessListResponse {
1289
- ipAccessList?: IpAccessList | undefined;
1290
- }
1291
-
1292
- export interface GetNccPrivateEndpointRuleRequest {
1293
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1294
- accountId?: string | undefined;
1295
- /** Your Network Connectvity Configuration ID. */
1296
- networkConnectivityConfigId?: string | undefined;
1297
- /** Your private endpoint rule ID. */
1298
- privateEndpointRuleId?: string | undefined;
1299
- }
1300
-
1301
- /** ***************************** Public facing RPC requests and responses *****************************\// */
1302
- export interface GetNetworkConnectivityConfigRequest {
1303
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1304
- accountId?: string | undefined;
1305
- /** Your Network Connectivity Configuration ID. */
1306
- networkConnectivityConfigId?: string | undefined;
1307
- }
1308
-
1309
- export interface GetNetworkPolicyRequest {
1310
- /** The unique identifier of the network policy to retrieve. */
1311
- networkPolicyId?: string | undefined;
1312
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1313
- accountId?: string | undefined;
1314
- }
1315
-
1316
- export interface GetNetworkRequest {
1317
- /** Databricks Account API network configuration ID. */
1318
- networkId?: string | undefined;
1319
- accountId?: string | undefined;
1320
- }
1321
-
1322
- export interface GetPrivateAccessSettingsRequest {
1323
- privateAccessSettingsId?: string | undefined;
1324
- accountId?: string | undefined;
1325
- }
1326
-
1327
- export interface GetVpcEndpointRequest {
1328
- /** Databricks VPC endpoint ID. */
1329
- vpcEndpointId?: string | undefined;
1330
- accountId?: string | undefined;
1331
- }
1332
-
1333
- export interface GetWorkspaceNetworkOptionRequest {
1334
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1335
- accountId?: string | undefined;
1336
- /** The workspace ID. */
1337
- workspaceId?: bigint | undefined;
1338
- }
1339
-
1340
- /** Definition of an IP Access list */
1341
- export interface IpAccessList {
1342
- /** Universally unique identifier (UUID) of the IP access list. */
1343
- listId?: string | undefined;
1344
- /** Label for the IP access list. This **cannot** be empty. */
1345
- label?: string | undefined;
1346
- ipAddresses?: string[] | undefined;
1347
- /** Total number of IP or CIDR values. */
1348
- addressCount?: number | undefined;
1349
- listType?: IpAccessListType | undefined;
1350
- /** Creation timestamp in milliseconds. */
1351
- createdAt?: bigint | undefined;
1352
- /** User ID of the user who created this list. */
1353
- createdBy?: bigint | undefined;
1354
- /** Update timestamp in milliseconds. */
1355
- updatedAt?: bigint | undefined;
1356
- /** User ID of the user who updated this list. */
1357
- updatedBy?: bigint | undefined;
1358
- /** Specifies whether this IP access list is enabled. */
1359
- enabled?: boolean | undefined;
1360
- }
1361
-
1362
- /** Next Id: 2 */
1363
- export interface ListAccountIpAccessListsRequest {
1364
- accountId?: string | undefined;
1365
- }
1366
-
1367
- /** IP access lists were successfully returned. */
1368
- export interface ListAccountIpAccessListsResponse {
1369
- ipAccessLists?: AccountIpAccessList[] | undefined;
1370
- }
1371
-
1372
- export interface ListEndpointsRequest {
1373
- /**
1374
- * The parent resource name of the account to list endpoints for.
1375
- * Format: `accounts/{account_id}`.
1376
- */
1377
- parent?: string | undefined;
1378
- pageToken?: string | undefined;
1379
- pageSize?: number | undefined;
1380
- }
1381
-
1382
- export interface ListEndpointsResponse {
1383
- items?: Endpoint[] | undefined;
1384
- nextPageToken?: string | undefined;
1385
- }
1386
-
1387
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1388
- export interface ListIpAccessLists {}
1389
-
1390
- /** IP access lists were successfully returned. */
1391
- export interface ListIpAccessListsResponse {
1392
- ipAccessLists?: IpAccessList[] | undefined;
1393
- }
1394
-
1395
- /** Gets an array of private endpoint rules. */
1396
- export interface ListNccPrivateEndpointRulesRequest {
1397
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1398
- accountId?: string | undefined;
1399
- /** Your Network Connectvity Configuration ID. */
1400
- networkConnectivityConfigId?: string | undefined;
1401
- /** Pagination token to go to next page based on previous query. */
1402
- pageToken?: string | undefined;
1403
- }
1404
-
1405
- /** The private endpoint rule list was successfully retrieved. */
1406
- export interface ListNccPrivateEndpointRulesResponse {
1407
- items?: NccPrivateEndpointRule[] | undefined;
1408
- /** A token that can be used to get the next page of results. If null, there are no more results to show. */
1409
- nextPageToken?: string | undefined;
1410
- }
1411
-
1412
- export interface ListNetworkConnectivityConfigsRequest {
1413
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1414
- accountId?: string | undefined;
1415
- /** Pagination token to go to next page based on previous query. */
1416
- pageToken?: string | undefined;
1417
- }
1418
-
1419
- /** The network connectivity configuration list was successfully retrieved. */
1420
- export interface ListNetworkConnectivityConfigsResponse {
1421
- items?: CustomerFacingNetworkConnectivityConfig[] | undefined;
1422
- /** A token that can be used to get the next page of results. If null, there are no more results to show. */
1423
- nextPageToken?: string | undefined;
1424
- }
1425
-
1426
- export interface ListNetworkPoliciesRequest {
1427
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1428
- accountId?: string | undefined;
1429
- /** Pagination token to go to next page based on previous query. */
1430
- pageToken?: string | undefined;
1431
- }
1432
-
1433
- export interface ListNetworkPoliciesResponse {
1434
- /** List of network policies. */
1435
- items?: AccountNetworkPolicy[] | undefined;
1436
- /** A token that can be used to get the next page of results. If null, there are no more results to show. */
1437
- nextPageToken?: string | undefined;
1438
- }
1439
-
1440
- export interface ListNetworkRequest {
1441
- accountId?: string | undefined;
1442
- }
1443
-
1444
- export interface ListNetworkResponse {
1445
- networks?: Network[] | undefined;
1446
- }
1447
-
1448
- export interface ListPrivateAccessSettingsRequest {
1449
- accountId?: string | undefined;
1450
- }
1451
-
1452
- export interface ListPrivateAccessSettingsResponse {
1453
- privateAccessSettings?: CustomerFacingPrivateAccessSettings[] | undefined;
1454
- }
1455
-
1456
- export interface ListVpcEndpointRequest {
1457
- accountId?: string | undefined;
1458
- }
1459
-
1460
- export interface ListVpcEndpointResponse {
1461
- vpcEndpoints?: CustomerFacingVpcEndpoint[] | undefined;
1462
- }
1463
-
1464
- /**
1465
- * Properties of the new private endpoint rule.
1466
- * Note that you must approve the endpoint in Azure portal after initialization.
1467
- */
1468
- export interface NccPrivateEndpointRule {
1469
- /** The ID of a private endpoint rule. */
1470
- ruleId?: string | undefined;
1471
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
1472
- networkConnectivityConfigId?: string | undefined;
1473
- /**
1474
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
1475
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console
1476
- * before they take effect.
1477
- * The possible values are:
1478
- * - PENDING: The endpoint has been created and pending approval.
1479
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
1480
- * - REJECTED: Connection was rejected by the private link resource owner.
1481
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
1482
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
1483
- * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING.
1484
- * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details.
1485
- */
1486
- connectionState?:
1487
- | NccPrivateEndpointRule_PrivateLinkConnectionState
1488
- | undefined;
1489
- /**
1490
- * Only used by private endpoints to customer-managed private endpoint services.
1491
- *
1492
- * Domain names of target private link service.
1493
- * When updating this field, the full list of target domain_names must be specified.
1494
- */
1495
- domainNames?: string[] | undefined;
1496
- /** Time in epoch milliseconds when this object was created. */
1497
- creationTime?: bigint | undefined;
1498
- /** Time in epoch milliseconds when this object was updated. */
1499
- updatedTime?: bigint | undefined;
1500
- /** Whether this private endpoint is deactivated. */
1501
- deactivated?: boolean | undefined;
1502
- /** Time in epoch milliseconds when this object was deactivated. */
1503
- deactivatedAt?: bigint | undefined;
1504
- errorMessage?: string | undefined;
1505
- /** The Azure resource ID of the target resource. */
1506
- resourceId?: string | undefined;
1507
- /**
1508
- * Not used by customer-managed private endpoint services.
1509
- *
1510
- * The sub-resource type (group ID) of the target resource.
1511
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
1512
- */
1513
- groupId?: string | undefined;
1514
- /** The name of the Azure private endpoint resource. */
1515
- endpointName?: string | undefined;
1516
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
1517
- accountId?: string | undefined;
1518
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
1519
- endpointService?: string | undefined;
1520
- /**
1521
- * Only used by private endpoints towards AWS S3 service.
1522
- *
1523
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
1524
- * The bucket names must be in the same region as the NCC/endpoint service.
1525
- * When updating this field, we perform full update on this field. Please ensure a full list of desired
1526
- * resource_names is provided.
1527
- */
1528
- resourceNames?: string[] | undefined;
1529
- /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by <Databricks>. */
1530
- vpcEndpointId?: string | undefined;
1531
- /**
1532
- * Update this field to activate/deactivate this private endpoint to allow egress access from
1533
- * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3).
1534
- */
1535
- enabled?: boolean | undefined;
1536
- endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined;
1537
- }
1538
-
1539
- export interface Network {
1540
- /** The <Databricks> network configuration ID. */
1541
- networkId?: string | undefined;
1542
- /** The <Databricks> account ID associated with this network configuration. */
1543
- accountId?: string | undefined;
1544
- /** Workspace ID associated with this network configuration. */
1545
- workspaceId?: bigint | undefined;
1546
- /** The ID of the VPC associated with this network configuration. VPC IDs can be used in multiple networks. */
1547
- vpcId?: string | undefined;
1548
- /** IDs of at least two subnets associated with this network. Subnet IDs **cannot** be used in multiple network configurations. */
1549
- subnetIds?: string[] | undefined;
1550
- /** IDs of one to five security groups associated with this network. Security group IDs **cannot** be used in multiple network configurations. */
1551
- securityGroupIds?: string[] | undefined;
1552
- vpcStatus?: VpcStatus | undefined;
1553
- /** Array of error messages about the network configuration. */
1554
- errorMessages?: NetworkHealth[] | undefined;
1555
- /** The human-readable name of the network configuration. */
1556
- networkName?: string | undefined;
1557
- /** Time in epoch milliseconds when the network was created. */
1558
- creationTime?: bigint | undefined;
1559
- /** Array of warning messages about the network configuration. */
1560
- warningMessages?: NetworkWarning[] | undefined;
1561
- vpcEndpoints?: NetworkVpcEndpoints | undefined;
1562
- networkInfo?:
1563
- | {$case: 'gcpNetworkInfo'; gcpNetworkInfo: GcpNetworkInfo}
1564
- | undefined;
1565
- }
1566
-
1567
- /**
1568
- * Egress network configurations. Provides network configurations for Databricks -> Customer
1569
- * traffic.
1570
- */
1571
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
1572
- export interface NetworkConnectivityConfigEgressConfig {}
1573
-
1574
- /** Default rules don't have specific targets. */
1575
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1576
- export interface NetworkConnectivityConfigEgressConfig_DefaultRule {
1577
- azureServiceEndpointRule?:
1578
- | NetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRule
1579
- | undefined;
1580
- awsStableIpRule?:
1581
- | NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule
1582
- | undefined;
1583
- }
1584
-
1585
- /** The stable AWS IP CIDR blocks. You can use these to configure the firewall of your resources to allow traffic from your <Databricks> workspace. */
1586
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1587
- export interface NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule {
1588
- /** The list of stable IP CIDR blocks from which <Databricks> network traffic originates when accessing your resources. */
1589
- cidrBlocks?: string[] | undefined;
1590
- }
1591
-
1592
- /**
1593
- * The stable Azure service endpoints. You can configure the firewall of your Azure resources
1594
- * to allow traffic from your <Databricks> serverless compute resources.
1595
- */
1596
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1597
- export interface NetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRule {
1598
- /** The Azure region in which this service endpoint rule applies.. */
1599
- targetRegion?: string | undefined;
1600
- /** The Azure services to which this service endpoint rule applies to. */
1601
- targetServices?: EgressResourceType[] | undefined;
1602
- /** The list of subnets from which <Databricks> network traffic originates when accessing your Azure resources. */
1603
- subnets?: string[] | undefined;
1604
- }
1605
-
1606
- export interface NetworkHealth {
1607
- errorType?: string | undefined;
1608
- /** Details of the error. */
1609
- errorMessage?: string | undefined;
1610
- }
1611
-
1612
- export interface NetworkVpcEndpoints {
1613
- /** The VPC endpoint ID used by this network to access the Databricks REST API. */
1614
- restApi?: string[] | undefined;
1615
- /** The VPC endpoint ID used by this network to access the <Databricks> secure cluster connectivity relay. */
1616
- dataplaneRelay?: string[] | undefined;
1617
- }
1618
-
1619
- export interface NetworkWarning {
1620
- warningType?: string | undefined;
1621
- /** Details of the warning. */
1622
- warningMessage?: string | undefined;
1623
- }
1624
-
1625
- /** Details required to replace an IP access list. */
1626
- export interface ReplaceAccountIpAccessListRequest {
1627
- accountId?: string | undefined;
1628
- /** The ID for the corresponding IP access list */
1629
- listId?: string | undefined;
1630
- /** Label for the IP access list. This **cannot** be empty. */
1631
- label?: string | undefined;
1632
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
1633
- ipAddresses?: string[] | undefined;
1634
- /** Specifies whether this IP access list is enabled. */
1635
- enabled?: boolean | undefined;
1636
- }
1637
-
1638
- /** The IP access list was successfully replaced. */
1639
- export interface ReplaceAccountIpAccessListResponse {
1640
- ipAccessList?: AccountIpAccessList | undefined;
1641
- }
1642
-
1643
- /** Details required to replace an IP access list. */
1644
- export interface ReplaceIpAccessList {
1645
- /** The ID for the corresponding IP access list */
1646
- listId?: string | undefined;
1647
- /** Label for the IP access list. This **cannot** be empty. */
1648
- label?: string | undefined;
1649
- listType?: IpAccessListType | undefined;
1650
- ipAddresses?: string[] | undefined;
1651
- /** Specifies whether this IP access list is enabled. */
1652
- enabled?: boolean | undefined;
1653
- }
1654
-
1655
- /** The IP access list was successfully replaced. */
1656
- export interface ReplaceIpAccessListResponse {
1657
- ipAccessList?: IpAccessList | undefined;
1658
- }
1659
-
1660
- /** Details required to update an IP access list. */
1661
- export interface UpdateAccountIpAccessListRequest {
1662
- accountId?: string | undefined;
1663
- /** The ID for the corresponding IP access list */
1664
- listId?: string | undefined;
1665
- /** Label for the IP access list. This **cannot** be empty. */
1666
- label?: string | undefined;
1667
- listType?: AccountIpAccessListType_IpAccessListType | undefined;
1668
- ipAddresses?: string[] | undefined;
1669
- /** Specifies whether this IP access list is enabled. */
1670
- enabled?: boolean | undefined;
1671
- }
1672
-
1673
- /** The IP access list was successfully updated. */
1674
- export interface UpdateAccountIpAccessListResponse {
1675
- ipAccessList?: AccountIpAccessList | undefined;
1676
- }
1677
-
1678
- /** Details required to update an IP access list. */
1679
- export interface UpdateIpAccessList {
1680
- /** The ID for the corresponding IP access list */
1681
- listId?: string | undefined;
1682
- /** Label for the IP access list. This **cannot** be empty. */
1683
- label?: string | undefined;
1684
- listType?: IpAccessListType | undefined;
1685
- ipAddresses?: string[] | undefined;
1686
- /** Specifies whether this IP access list is enabled. */
1687
- enabled?: boolean | undefined;
1688
- }
1689
-
1690
- /** The IP access list was successfully updated. */
1691
- export interface UpdateIpAccessListResponse {
1692
- ipAccessList?: IpAccessList | undefined;
1693
- }
1694
-
1695
- /** Your Network Connectivity Configuration ID. */
1696
- export interface UpdateNccPrivateEndpointRuleRequest {
1697
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
1698
- networkConnectivityConfigId?: string | undefined;
1699
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1700
- accountId?: string | undefined;
1701
- /** Your private endpoint rule ID. */
1702
- privateEndpointRuleId?: string | undefined;
1703
- privateEndpointRule?: UpdatePrivateEndpointRule | undefined;
1704
- updateMask?: FieldMask<UpdatePrivateEndpointRule> | undefined;
1705
- }
1706
-
1707
- export interface UpdateNetworkPolicyRequest {
1708
- /** The unique identifier for the network policy. */
1709
- networkPolicyId?: string | undefined;
1710
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1711
- accountId?: string | undefined;
1712
- /** Updated network policy configuration details. */
1713
- networkPolicy?: AccountNetworkPolicy | undefined;
1714
- }
1715
-
1716
- export interface UpdatePrivateAccessSettingsRequest {
1717
- /** Properties of the new private access settings object. */
1718
- customerFacingPrivateAccessSettings?:
1719
- | CustomerFacingPrivateAccessSettings
1720
- | undefined;
1721
- }
1722
-
1723
- /**
1724
- * Properties of the new private endpoint rule.
1725
- * Note that you must approve the endpoint in Azure portal after initialization.
1726
- */
1727
- export interface UpdatePrivateEndpointRule {
1728
- /** The ID of a private endpoint rule. */
1729
- ruleId?: string | undefined;
1730
- /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */
1731
- networkConnectivityConfigId?: string | undefined;
1732
- /**
1733
- * The current status of this private endpoint. The private endpoint rules are effective only if the connection state
1734
- * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console
1735
- * before they take effect.
1736
- * The possible values are:
1737
- * - PENDING: The endpoint has been created and pending approval.
1738
- * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources.
1739
- * - REJECTED: Connection was rejected by the private link resource owner.
1740
- * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
1741
- * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
1742
- * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING.
1743
- * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details.
1744
- */
1745
- connectionState?:
1746
- | NccPrivateEndpointRule_PrivateLinkConnectionState
1747
- | undefined;
1748
- /**
1749
- * Only used by private endpoints to customer-managed private endpoint services.
1750
- *
1751
- * Domain names of target private link service.
1752
- * When updating this field, the full list of target domain_names must be specified.
1753
- */
1754
- domainNames?: string[] | undefined;
1755
- /** Time in epoch milliseconds when this object was created. */
1756
- creationTime?: bigint | undefined;
1757
- /** Time in epoch milliseconds when this object was updated. */
1758
- updatedTime?: bigint | undefined;
1759
- /** Whether this private endpoint is deactivated. */
1760
- deactivated?: boolean | undefined;
1761
- /** Time in epoch milliseconds when this object was deactivated. */
1762
- deactivatedAt?: bigint | undefined;
1763
- errorMessage?: string | undefined;
1764
- /** The Azure resource ID of the target resource. */
1765
- resourceId?: string | undefined;
1766
- /**
1767
- * Not used by customer-managed private endpoint services.
1768
- *
1769
- * The sub-resource type (group ID) of the target resource.
1770
- * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs.
1771
- */
1772
- groupId?: string | undefined;
1773
- /** The name of the Azure private endpoint resource. */
1774
- endpointName?: string | undefined;
1775
- /** <Databricks> account ID. You can find your account ID from the Accounts Console. */
1776
- accountId?: string | undefined;
1777
- /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */
1778
- endpointService?: string | undefined;
1779
- /**
1780
- * Only used by private endpoints towards AWS S3 service.
1781
- *
1782
- * The globally unique S3 bucket names that will be accessed via the VPC endpoint.
1783
- * The bucket names must be in the same region as the NCC/endpoint service.
1784
- * When updating this field, we perform full update on this field. Please ensure a full list of desired
1785
- * resource_names is provided.
1786
- */
1787
- resourceNames?: string[] | undefined;
1788
- /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by <Databricks>. */
1789
- vpcEndpointId?: string | undefined;
1790
- /**
1791
- * Update this field to activate/deactivate this private endpoint to allow egress access from
1792
- * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3).
1793
- */
1794
- enabled?: boolean | undefined;
1795
- endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined;
1796
- }
1797
-
1798
- export interface UpdateWorkspaceNetworkOptionRequest {
1799
- /** Your <Databricks> account ID. You can find your account ID in your <Databricks> accounts console. */
1800
- accountId?: string | undefined;
1801
- /** The workspace ID. */
1802
- workspaceId?: bigint | undefined;
1803
- /** The network option details for the workspace. */
1804
- workspaceNetworkOption?: WorkspaceNetworkOption | undefined;
1805
- }
1806
-
1807
- export interface WorkspaceNetworkOption {
1808
- /**
1809
- * The network policy ID to apply to the workspace. This controls the network access rules
1810
- * for all serverless compute resources in the workspace. Each workspace can only be
1811
- * linked to one policy at a time. If no policy is explicitly assigned,
1812
- * the workspace will use 'default-policy'.
1813
- */
1814
- networkPolicyId?: string | undefined;
1815
- /** The workspace ID. */
1816
- workspaceId?: bigint | undefined;
1817
- }
1818
-
1819
- export const unmarshalAccountIpAccessListSchema: z.ZodType<AccountIpAccessList> =
1820
- z
1821
- .object({
1822
- list_id: z.string().optional(),
1823
- label: z.string().optional(),
1824
- ip_addresses: z.array(z.string()).optional(),
1825
- address_count: z.number().optional(),
1826
- list_type: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
1827
- created_at: z
1828
- .union([z.number(), z.bigint()])
1829
- .transform(v => BigInt(v))
1830
- .optional(),
1831
- created_by: z
1832
- .union([z.number(), z.bigint()])
1833
- .transform(v => BigInt(v))
1834
- .optional(),
1835
- updated_at: z
1836
- .union([z.number(), z.bigint()])
1837
- .transform(v => BigInt(v))
1838
- .optional(),
1839
- updated_by: z
1840
- .union([z.number(), z.bigint()])
1841
- .transform(v => BigInt(v))
1842
- .optional(),
1843
- enabled: z.boolean().optional(),
1844
- })
1845
- .transform(d => ({
1846
- listId: d.list_id,
1847
- label: d.label,
1848
- ipAddresses: d.ip_addresses,
1849
- addressCount: d.address_count,
1850
- listType: d.list_type,
1851
- createdAt: d.created_at,
1852
- createdBy: d.created_by,
1853
- updatedAt: d.updated_at,
1854
- updatedBy: d.updated_by,
1855
- enabled: d.enabled,
1856
- }));
1857
-
1858
- export const unmarshalAccountNetworkPolicySchema: z.ZodType<AccountNetworkPolicy> =
1859
- z
1860
- .object({
1861
- network_policy_id: z.string().optional(),
1862
- account_id: z.string().optional(),
1863
- egress: z.lazy(() => unmarshalEgressNetworkPolicySchema).optional(),
1864
- ingress: z
1865
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicySchema)
1866
- .optional(),
1867
- ingress_dry_run: z
1868
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicySchema)
1869
- .optional(),
1870
- })
1871
- .transform(d => ({
1872
- networkPolicyId: d.network_policy_id,
1873
- accountId: d.account_id,
1874
- egress: d.egress,
1875
- ingress: d.ingress,
1876
- ingressDryRun: d.ingress_dry_run,
1877
- }));
1878
-
1879
- export const unmarshalAzurePrivateEndpointInfoSchema: z.ZodType<AzurePrivateEndpointInfo> =
1880
- z
1881
- .object({
1882
- private_endpoint_name: z.string().optional(),
1883
- private_endpoint_resource_guid: z.string().optional(),
1884
- private_endpoint_resource_id: z.string().optional(),
1885
- private_link_service_id: z.string().optional(),
1886
- })
1887
- .transform(d => ({
1888
- privateEndpointName: d.private_endpoint_name,
1889
- privateEndpointResourceGuid: d.private_endpoint_resource_guid,
1890
- privateEndpointResourceId: d.private_endpoint_resource_id,
1891
- privateLinkServiceId: d.private_link_service_id,
1892
- }));
1893
-
1894
- export const unmarshalCreateAccountIpAccessListResponseSchema: z.ZodType<CreateAccountIpAccessListResponse> =
1895
- z
1896
- .object({
1897
- ip_access_list: z
1898
- .lazy(() => unmarshalAccountIpAccessListSchema)
1899
- .optional(),
1900
- })
1901
- .transform(d => ({
1902
- ipAccessList: d.ip_access_list,
1903
- }));
1904
-
1905
- export const unmarshalCreateIpAccessListResponseSchema: z.ZodType<CreateIpAccessListResponse> =
1906
- z
1907
- .object({
1908
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
1909
- })
1910
- .transform(d => ({
1911
- ipAccessList: d.ip_access_list,
1912
- }));
1913
-
1914
- export const unmarshalCustomerFacingGcpVpcEndpointInfoSchema: z.ZodType<CustomerFacingGcpVpcEndpointInfo> =
1915
- z
1916
- .object({
1917
- psc_connection_id: z.string().optional(),
1918
- project_id: z.string().optional(),
1919
- psc_endpoint_name: z.string().optional(),
1920
- endpoint_region: z.string().optional(),
1921
- service_attachment_id: z.string().optional(),
1922
- })
1923
- .transform(d => ({
1924
- pscConnectionId: d.psc_connection_id,
1925
- projectId: d.project_id,
1926
- pscEndpointName: d.psc_endpoint_name,
1927
- endpointRegion: d.endpoint_region,
1928
- serviceAttachmentId: d.service_attachment_id,
1929
- }));
1930
-
1931
- export const unmarshalCustomerFacingIngressNetworkPolicySchema: z.ZodType<CustomerFacingIngressNetworkPolicy> =
1932
- z
1933
- .object({
1934
- public_access: z
1935
- .lazy(
1936
- () => unmarshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema
1937
- )
1938
- .optional(),
1939
- private_access: z
1940
- .lazy(
1941
- () => unmarshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema
1942
- )
1943
- .optional(),
1944
- cross_workspace_access: z
1945
- .lazy(
1946
- () =>
1947
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema
1948
- )
1949
- .optional(),
1950
- })
1951
- .transform(d => ({
1952
- publicAccess: d.public_access,
1953
- privateAccess: d.private_access,
1954
- crossWorkspaceAccess: d.cross_workspace_access,
1955
- }));
1956
-
1957
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1958
- export const unmarshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AccountApiDestination> =
1959
- z
1960
- .object({
1961
- scopes: z.array(z.string()).optional(),
1962
- scope_qualifier: z
1963
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
1964
- .optional(),
1965
- })
1966
- .transform(d => ({
1967
- scopes: d.scopes,
1968
- scopeQualifier: d.scope_qualifier,
1969
- }));
1970
-
1971
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1972
- export const unmarshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination> =
1973
- z
1974
- .object({
1975
- all_destinations: z.boolean().optional(),
1976
- })
1977
- .transform(d => ({
1978
- allDestinations: d.all_destinations,
1979
- }));
1980
-
1981
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1982
- export const unmarshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AccountUiDestination> =
1983
- z
1984
- .object({
1985
- all_destinations: z.boolean().optional(),
1986
- })
1987
- .transform(d => ({
1988
- allDestinations: d.all_destinations,
1989
- }));
1990
-
1991
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1992
- export const unmarshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination> =
1993
- z
1994
- .object({
1995
- all_destinations: z.boolean().optional(),
1996
- })
1997
- .transform(d => ({
1998
- allDestinations: d.all_destinations,
1999
- }));
2000
-
2001
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2002
- export const unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_Authentication> =
2003
- z
2004
- .object({
2005
- identity_type: z
2006
- .enum(CustomerFacingIngressNetworkPolicy_Authentication_IdentityType)
2007
- .optional(),
2008
- identities: z
2009
- .array(
2010
- z.lazy(
2011
- () =>
2012
- unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema
2013
- )
2014
- )
2015
- .optional(),
2016
- })
2017
- .transform(d => ({
2018
- identityType: d.identity_type,
2019
- identities: d.identities,
2020
- }));
2021
-
2022
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2023
- export const unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType<CustomerFacingIngressNetworkPolicy_AuthenticationIdentity> =
2024
- z
2025
- .object({
2026
- principal_type: z
2027
- .enum(
2028
- CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType
2029
- )
2030
- .optional(),
2031
- principal_id: z
2032
- .union([z.number(), z.bigint()])
2033
- .transform(v => BigInt(v))
2034
- .optional(),
2035
- })
2036
- .transform(d => ({
2037
- principalType: d.principal_type,
2038
- principalId: d.principal_id,
2039
- }));
2040
-
2041
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2042
- export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess> =
2043
- z
2044
- .object({
2045
- restriction_mode: z
2046
- .enum(
2047
- CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode
2048
- )
2049
- .optional(),
2050
- deny_rules: z
2051
- .array(
2052
- z.lazy(
2053
- () =>
2054
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
2055
- )
2056
- )
2057
- .optional(),
2058
- allow_rules: z
2059
- .array(
2060
- z.lazy(
2061
- () =>
2062
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
2063
- )
2064
- )
2065
- .optional(),
2066
- })
2067
- .transform(d => ({
2068
- restrictionMode: d.restriction_mode,
2069
- denyRules: d.deny_rules,
2070
- allowRules: d.allow_rules,
2071
- }));
2072
-
2073
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2074
- export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule> =
2075
- z
2076
- .object({
2077
- origin: z
2078
- .lazy(
2079
- () =>
2080
- unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema
2081
- )
2082
- .optional(),
2083
- destination: z
2084
- .lazy(
2085
- () =>
2086
- unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
2087
- )
2088
- .optional(),
2089
- authentication: z
2090
- .lazy(
2091
- () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
2092
- )
2093
- .optional(),
2094
- label: z.string().optional(),
2095
- })
2096
- .transform(d => ({
2097
- origin: d.origin,
2098
- destination: d.destination,
2099
- authentication: d.authentication,
2100
- label: d.label,
2101
- }));
2102
-
2103
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2104
- export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin> =
2105
- z
2106
- .object({
2107
- all_source_workspaces: z.boolean().optional(),
2108
- selected_workspaces: z
2109
- .lazy(
2110
- () =>
2111
- unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema
2112
- )
2113
- .optional(),
2114
- })
2115
- .transform(d => ({
2116
- source:
2117
- d.all_source_workspaces !== undefined
2118
- ? {
2119
- $case: 'allSourceWorkspaces' as const,
2120
- allSourceWorkspaces: d.all_source_workspaces,
2121
- }
2122
- : d.selected_workspaces !== undefined
2123
- ? {
2124
- $case: 'selectedWorkspaces' as const,
2125
- selectedWorkspaces: d.selected_workspaces,
2126
- }
2127
- : undefined,
2128
- }));
2129
-
2130
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2131
- export const unmarshalCustomerFacingIngressNetworkPolicy_EndpointsSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_Endpoints> =
2132
- z
2133
- .object({
2134
- endpoint_ids: z.array(z.string()).optional(),
2135
- })
2136
- .transform(d => ({
2137
- endpointIds: d.endpoint_ids,
2138
- }));
2139
-
2140
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2141
- export const unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_IpRanges> =
2142
- z
2143
- .object({
2144
- ip_ranges: z.array(z.string()).optional(),
2145
- })
2146
- .transform(d => ({
2147
- ipRanges: d.ip_ranges,
2148
- }));
2149
-
2150
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2151
- export const unmarshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination> =
2152
- z
2153
- .object({
2154
- all_destinations: z.boolean().optional(),
2155
- })
2156
- .transform(d => ({
2157
- allDestinations: d.all_destinations,
2158
- }));
2159
-
2160
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2161
- export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PrivateAccess> =
2162
- z
2163
- .object({
2164
- restriction_mode: z
2165
- .enum(CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode)
2166
- .optional(),
2167
- deny_rules: z
2168
- .array(
2169
- z.lazy(
2170
- () =>
2171
- unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
2172
- )
2173
- )
2174
- .optional(),
2175
- allow_rules: z
2176
- .array(
2177
- z.lazy(
2178
- () =>
2179
- unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
2180
- )
2181
- )
2182
- .optional(),
2183
- })
2184
- .transform(d => ({
2185
- restrictionMode: d.restriction_mode,
2186
- denyRules: d.deny_rules,
2187
- allowRules: d.allow_rules,
2188
- }));
2189
-
2190
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2191
- export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PrivateIngressRule> =
2192
- z
2193
- .object({
2194
- origin: z
2195
- .lazy(
2196
- () =>
2197
- unmarshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema
2198
- )
2199
- .optional(),
2200
- destination: z
2201
- .lazy(
2202
- () =>
2203
- unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
2204
- )
2205
- .optional(),
2206
- authentication: z
2207
- .lazy(
2208
- () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
2209
- )
2210
- .optional(),
2211
- label: z.string().optional(),
2212
- })
2213
- .transform(d => ({
2214
- origin: d.origin,
2215
- destination: d.destination,
2216
- authentication: d.authentication,
2217
- label: d.label,
2218
- }));
2219
-
2220
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2221
- export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin> =
2222
- z
2223
- .object({
2224
- endpoints: z
2225
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_EndpointsSchema)
2226
- .optional(),
2227
- all_registered_endpoints: z.boolean().optional(),
2228
- azure_workspace_private_link: z.boolean().optional(),
2229
- all_private_access: z.boolean().optional(),
2230
- })
2231
- .transform(d => ({
2232
- source:
2233
- d.endpoints !== undefined
2234
- ? {$case: 'endpoints' as const, endpoints: d.endpoints}
2235
- : d.all_registered_endpoints !== undefined
2236
- ? {
2237
- $case: 'allRegisteredEndpoints' as const,
2238
- allRegisteredEndpoints: d.all_registered_endpoints,
2239
- }
2240
- : d.azure_workspace_private_link !== undefined
2241
- ? {
2242
- $case: 'azureWorkspacePrivateLink' as const,
2243
- azureWorkspacePrivateLink: d.azure_workspace_private_link,
2244
- }
2245
- : d.all_private_access !== undefined
2246
- ? {
2247
- $case: 'allPrivateAccess' as const,
2248
- allPrivateAccess: d.all_private_access,
2249
- }
2250
- : undefined,
2251
- }));
2252
-
2253
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2254
- export const unmarshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PublicAccess> =
2255
- z
2256
- .object({
2257
- restriction_mode: z
2258
- .enum(CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode)
2259
- .optional(),
2260
- deny_rules: z
2261
- .array(
2262
- z.lazy(
2263
- () =>
2264
- unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
2265
- )
2266
- )
2267
- .optional(),
2268
- allow_rules: z
2269
- .array(
2270
- z.lazy(
2271
- () =>
2272
- unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
2273
- )
2274
- )
2275
- .optional(),
2276
- })
2277
- .transform(d => ({
2278
- restrictionMode: d.restriction_mode,
2279
- denyRules: d.deny_rules,
2280
- allowRules: d.allow_rules,
2281
- }));
2282
-
2283
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2284
- export const unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PublicIngressRule> =
2285
- z
2286
- .object({
2287
- origin: z
2288
- .lazy(
2289
- () =>
2290
- unmarshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema
2291
- )
2292
- .optional(),
2293
- destination: z
2294
- .lazy(
2295
- () =>
2296
- unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
2297
- )
2298
- .optional(),
2299
- authentication: z
2300
- .lazy(
2301
- () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
2302
- )
2303
- .optional(),
2304
- label: z.string().optional(),
2305
- })
2306
- .transform(d => ({
2307
- origin: d.origin,
2308
- destination: d.destination,
2309
- authentication: d.authentication,
2310
- label: d.label,
2311
- }));
2312
-
2313
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2314
- export const unmarshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_PublicRequestOrigin> =
2315
- z
2316
- .object({
2317
- all_ip_ranges: z.boolean().optional(),
2318
- included_ip_ranges: z
2319
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema)
2320
- .optional(),
2321
- excluded_ip_ranges: z
2322
- .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema)
2323
- .optional(),
2324
- })
2325
- .transform(d => ({
2326
- source:
2327
- d.all_ip_ranges !== undefined
2328
- ? {$case: 'allIpRanges' as const, allIpRanges: d.all_ip_ranges}
2329
- : d.included_ip_ranges !== undefined
2330
- ? {
2331
- $case: 'includedIpRanges' as const,
2332
- includedIpRanges: d.included_ip_ranges,
2333
- }
2334
- : d.excluded_ip_ranges !== undefined
2335
- ? {
2336
- $case: 'excludedIpRanges' as const,
2337
- excludedIpRanges: d.excluded_ip_ranges,
2338
- }
2339
- : undefined,
2340
- }));
2341
-
2342
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2343
- export const unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_RequestDestination> =
2344
- z
2345
- .object({
2346
- all_destinations: z.boolean().optional(),
2347
- workspace_ui: z
2348
- .lazy(
2349
- () =>
2350
- unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema
2351
- )
2352
- .optional(),
2353
- workspace_api: z
2354
- .lazy(
2355
- () =>
2356
- unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema
2357
- )
2358
- .optional(),
2359
- apps_runtime: z
2360
- .lazy(
2361
- () =>
2362
- unmarshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema
2363
- )
2364
- .optional(),
2365
- lakebase_runtime: z
2366
- .lazy(
2367
- () =>
2368
- unmarshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema
2369
- )
2370
- .optional(),
2371
- account_ui: z
2372
- .lazy(
2373
- () =>
2374
- unmarshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema
2375
- )
2376
- .optional(),
2377
- account_api: z
2378
- .lazy(
2379
- () =>
2380
- unmarshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema
2381
- )
2382
- .optional(),
2383
- account_databricks_one: z
2384
- .lazy(
2385
- () =>
2386
- unmarshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema
2387
- )
2388
- .optional(),
2389
- })
2390
- .transform(d => ({
2391
- allDestinations: d.all_destinations,
2392
- workspaceUi: d.workspace_ui,
2393
- workspaceApi: d.workspace_api,
2394
- appsRuntime: d.apps_runtime,
2395
- lakebaseRuntime: d.lakebase_runtime,
2396
- accountUi: d.account_ui,
2397
- accountApi: d.account_api,
2398
- accountDatabricksOne: d.account_databricks_one,
2399
- }));
2400
-
2401
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2402
- export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination> =
2403
- z
2404
- .object({
2405
- scopes: z.array(z.string()).optional(),
2406
- scope_qualifier: z
2407
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
2408
- .optional(),
2409
- })
2410
- .transform(d => ({
2411
- scopes: d.scopes,
2412
- scopeQualifier: d.scope_qualifier,
2413
- }));
2414
-
2415
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2416
- export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_WorkspaceIdList> =
2417
- z
2418
- .object({
2419
- workspace_ids: z
2420
- .array(z.union([z.number(), z.bigint()]).transform(v => BigInt(v)))
2421
- .optional(),
2422
- })
2423
- .transform(d => ({
2424
- workspaceIds: d.workspace_ids,
2425
- }));
2426
-
2427
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2428
- export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType<CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination> =
2429
- z
2430
- .object({
2431
- all_destinations: z.boolean().optional(),
2432
- })
2433
- .transform(d => ({
2434
- allDestinations: d.all_destinations,
2435
- }));
2436
-
2437
- export const unmarshalCustomerFacingNetworkConnectivityConfigSchema: z.ZodType<CustomerFacingNetworkConnectivityConfig> =
2438
- z
2439
- .object({
2440
- network_connectivity_config_id: z.string().optional(),
2441
- account_id: z.string().optional(),
2442
- name: z.string().optional(),
2443
- region: z.string().optional(),
2444
- egress_config: z
2445
- .lazy(
2446
- () =>
2447
- unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema
2448
- )
2449
- .optional(),
2450
- updated_time: z
2451
- .union([z.number(), z.bigint()])
2452
- .transform(v => BigInt(v))
2453
- .optional(),
2454
- creation_time: z
2455
- .union([z.number(), z.bigint()])
2456
- .transform(v => BigInt(v))
2457
- .optional(),
2458
- })
2459
- .transform(d => ({
2460
- networkConnectivityConfigId: d.network_connectivity_config_id,
2461
- accountId: d.account_id,
2462
- name: d.name,
2463
- region: d.region,
2464
- egressConfig: d.egress_config,
2465
- updatedTime: d.updated_time,
2466
- creationTime: d.creation_time,
2467
- }));
2468
-
2469
- export const unmarshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule> =
2470
- z
2471
- .object({
2472
- rule_id: z.string().optional(),
2473
- network_connectivity_config_id: z.string().optional(),
2474
- account_id: z.string().optional(),
2475
- endpoint_service: z.string().optional(),
2476
- domain_names: z.array(z.string()).optional(),
2477
- resource_names: z.array(z.string()).optional(),
2478
- vpc_endpoint_id: z.string().optional(),
2479
- connection_state: z
2480
- .enum(
2481
- CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState
2482
- )
2483
- .optional(),
2484
- creation_time: z
2485
- .union([z.number(), z.bigint()])
2486
- .transform(v => BigInt(v))
2487
- .optional(),
2488
- updated_time: z
2489
- .union([z.number(), z.bigint()])
2490
- .transform(v => BigInt(v))
2491
- .optional(),
2492
- deactivated: z.boolean().optional(),
2493
- deactivated_at: z
2494
- .union([z.number(), z.bigint()])
2495
- .transform(v => BigInt(v))
2496
- .optional(),
2497
- enabled: z.boolean().optional(),
2498
- error_message: z.string().optional(),
2499
- })
2500
- .transform(d => ({
2501
- ruleId: d.rule_id,
2502
- networkConnectivityConfigId: d.network_connectivity_config_id,
2503
- accountId: d.account_id,
2504
- endpointService: d.endpoint_service,
2505
- domainNames: d.domain_names,
2506
- resourceNames: d.resource_names,
2507
- vpcEndpointId: d.vpc_endpoint_id,
2508
- connectionState: d.connection_state,
2509
- creationTime: d.creation_time,
2510
- updatedTime: d.updated_time,
2511
- deactivated: d.deactivated,
2512
- deactivatedAt: d.deactivated_at,
2513
- enabled: d.enabled,
2514
- errorMessage: d.error_message,
2515
- }));
2516
-
2517
- export const unmarshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule> =
2518
- z
2519
- .object({
2520
- rule_id: z.string().optional(),
2521
- network_connectivity_config_id: z.string().optional(),
2522
- resource_id: z.string().optional(),
2523
- group_id: z.string().optional(),
2524
- endpoint_name: z.string().optional(),
2525
- connection_state: z
2526
- .enum(
2527
- CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState
2528
- )
2529
- .optional(),
2530
- creation_time: z
2531
- .union([z.number(), z.bigint()])
2532
- .transform(v => BigInt(v))
2533
- .optional(),
2534
- updated_time: z
2535
- .union([z.number(), z.bigint()])
2536
- .transform(v => BigInt(v))
2537
- .optional(),
2538
- deactivated: z.boolean().optional(),
2539
- deactivated_at: z
2540
- .union([z.number(), z.bigint()])
2541
- .transform(v => BigInt(v))
2542
- .optional(),
2543
- domain_names: z.array(z.string()).optional(),
2544
- error_message: z.string().optional(),
2545
- })
2546
- .transform(d => ({
2547
- ruleId: d.rule_id,
2548
- networkConnectivityConfigId: d.network_connectivity_config_id,
2549
- resourceId: d.resource_id,
2550
- groupId: d.group_id,
2551
- endpointName: d.endpoint_name,
2552
- connectionState: d.connection_state,
2553
- creationTime: d.creation_time,
2554
- updatedTime: d.updated_time,
2555
- deactivated: d.deactivated,
2556
- deactivatedAt: d.deactivated_at,
2557
- domainNames: d.domain_names,
2558
- errorMessage: d.error_message,
2559
- }));
2560
-
2561
- export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigEgressConfig> =
2562
- z
2563
- .object({
2564
- default_rules: z
2565
- .lazy(
2566
- () => unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema
2567
- )
2568
- .optional(),
2569
- target_rules: z
2570
- .lazy(
2571
- () =>
2572
- unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema
2573
- )
2574
- .optional(),
2575
- })
2576
- .transform(d => ({
2577
- defaultRules: d.default_rules,
2578
- targetRules: d.target_rules,
2579
- }));
2580
-
2581
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2582
- export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType<CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule> =
2583
- z
2584
- .object({
2585
- azure_private_endpoint_rules: z
2586
- .array(
2587
- z.lazy(
2588
- () =>
2589
- unmarshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema
2590
- )
2591
- )
2592
- .optional(),
2593
- aws_private_endpoint_rules: z
2594
- .array(
2595
- z.lazy(
2596
- () =>
2597
- unmarshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema
2598
- )
2599
- )
2600
- .optional(),
2601
- })
2602
- .transform(d => ({
2603
- azurePrivateEndpointRules: d.azure_private_endpoint_rules,
2604
- awsPrivateEndpointRules: d.aws_private_endpoint_rules,
2605
- }));
2606
-
2607
- export const unmarshalCustomerFacingPrivateAccessSettingsSchema: z.ZodType<CustomerFacingPrivateAccessSettings> =
2608
- z
2609
- .object({
2610
- private_access_settings_id: z.string().optional(),
2611
- account_id: z.string().optional(),
2612
- private_access_settings_name: z.string().optional(),
2613
- region: z.string().optional(),
2614
- public_access_enabled: z.boolean().optional(),
2615
- private_access_level: z.enum(PrivateAccessLevel).optional(),
2616
- allowed_vpc_endpoint_ids: z.array(z.string()).optional(),
2617
- })
2618
- .transform(d => ({
2619
- privateAccessSettingsId: d.private_access_settings_id,
2620
- accountId: d.account_id,
2621
- privateAccessSettingsName: d.private_access_settings_name,
2622
- region: d.region,
2623
- publicAccessEnabled: d.public_access_enabled,
2624
- privateAccessLevel: d.private_access_level,
2625
- allowedVpcEndpointIds: d.allowed_vpc_endpoint_ids,
2626
- }));
2627
-
2628
- export const unmarshalCustomerFacingVpcEndpointSchema: z.ZodType<CustomerFacingVpcEndpoint> =
2629
- z
2630
- .object({
2631
- vpc_endpoint_id: z.string().optional(),
2632
- account_id: z.string().optional(),
2633
- vpc_endpoint_name: z.string().optional(),
2634
- aws_vpc_endpoint_id: z.string().optional(),
2635
- aws_endpoint_service_id: z.string().optional(),
2636
- use_case: z.enum(CustomerFacingVpcEndpointUseCase).optional(),
2637
- region: z.string().optional(),
2638
- aws_account_id: z.string().optional(),
2639
- state: z.string().optional(),
2640
- gcp_vpc_endpoint_info: z
2641
- .lazy(() => unmarshalCustomerFacingGcpVpcEndpointInfoSchema)
2642
- .optional(),
2643
- })
2644
- .transform(d => ({
2645
- vpcEndpointId: d.vpc_endpoint_id,
2646
- accountId: d.account_id,
2647
- vpcEndpointName: d.vpc_endpoint_name,
2648
- awsVpcEndpointId: d.aws_vpc_endpoint_id,
2649
- awsEndpointServiceId: d.aws_endpoint_service_id,
2650
- useCase: d.use_case,
2651
- region: d.region,
2652
- awsAccountId: d.aws_account_id,
2653
- state: d.state,
2654
- vpcEndpointInfo:
2655
- d.gcp_vpc_endpoint_info !== undefined
2656
- ? {
2657
- $case: 'gcpVpcEndpointInfo' as const,
2658
- gcpVpcEndpointInfo: d.gcp_vpc_endpoint_info,
2659
- }
2660
- : undefined,
2661
- }));
2662
-
2663
- export const unmarshalDeleteAccountIpAccessListResponseSchema: z.ZodType<DeleteAccountIpAccessListResponse> =
2664
- z.object({});
2665
-
2666
- export const unmarshalDeleteIpAccessListResponseSchema: z.ZodType<DeleteIpAccessListResponse> =
2667
- z.object({});
2668
-
2669
- export const unmarshalEgressNetworkPolicySchema: z.ZodType<EgressNetworkPolicy> =
2670
- z
2671
- .object({
2672
- network_access: z
2673
- .lazy(() => unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema)
2674
- .optional(),
2675
- })
2676
- .transform(d => ({
2677
- networkAccess: d.network_access,
2678
- }));
2679
-
2680
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2681
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy> =
2682
- z
2683
- .object({
2684
- restriction_mode: z
2685
- .enum(EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode)
2686
- .optional(),
2687
- allowed_internet_destinations: z
2688
- .array(
2689
- z.lazy(
2690
- () =>
2691
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
2692
- )
2693
- )
2694
- .optional(),
2695
- allowed_storage_destinations: z
2696
- .array(
2697
- z.lazy(
2698
- () =>
2699
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema
2700
- )
2701
- )
2702
- .optional(),
2703
- policy_enforcement: z
2704
- .lazy(
2705
- () =>
2706
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema
2707
- )
2708
- .optional(),
2709
- blocked_internet_destinations: z
2710
- .array(
2711
- z.lazy(
2712
- () =>
2713
- unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
2714
- )
2715
- )
2716
- .optional(),
2717
- })
2718
- .transform(d => ({
2719
- restrictionMode: d.restriction_mode,
2720
- allowedInternetDestinations: d.allowed_internet_destinations,
2721
- allowedStorageDestinations: d.allowed_storage_destinations,
2722
- policyEnforcement: d.policy_enforcement,
2723
- blockedInternetDestinations: d.blocked_internet_destinations,
2724
- }));
2725
-
2726
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2727
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination> =
2728
- z
2729
- .object({
2730
- destination: z.string().optional(),
2731
- internet_destination_type: z
2732
- .enum(
2733
- EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType
2734
- )
2735
- .optional(),
2736
- })
2737
- .transform(d => ({
2738
- destination: d.destination,
2739
- internetDestinationType: d.internet_destination_type,
2740
- }));
2741
-
2742
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2743
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement> =
2744
- z
2745
- .object({
2746
- enforcement_mode: z
2747
- .enum(
2748
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode
2749
- )
2750
- .optional(),
2751
- dry_run_mode_product_filter: z
2752
- .array(
2753
- z.enum(
2754
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter
2755
- )
2756
- )
2757
- .optional(),
2758
- })
2759
- .transform(d => ({
2760
- enforcementMode: d.enforcement_mode,
2761
- dryRunModeProductFilter: d.dry_run_mode_product_filter,
2762
- }));
2763
-
2764
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2765
- export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType<EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination> =
2766
- z
2767
- .object({
2768
- bucket_name: z.string().optional(),
2769
- region: z.string().optional(),
2770
- storage_destination_type: z
2771
- .enum(
2772
- EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType
2773
- )
2774
- .optional(),
2775
- azure_storage_account: z.string().optional(),
2776
- azure_storage_service: z.string().optional(),
2777
- })
2778
- .transform(d => ({
2779
- bucketName: d.bucket_name,
2780
- region: d.region,
2781
- storageDestinationType: d.storage_destination_type,
2782
- azureStorageAccount: d.azure_storage_account,
2783
- azureStorageService: d.azure_storage_service,
2784
- }));
2785
-
2786
- export const unmarshalEndpointSchema: z.ZodType<Endpoint> = z
2787
- .object({
2788
- name: z.string().optional(),
2789
- endpoint_id: z.string().optional(),
2790
- account_id: z.string().optional(),
2791
- display_name: z.string().optional(),
2792
- use_case: z.enum(EndpointUseCase_EndpointUseCase).optional(),
2793
- region: z.string().optional(),
2794
- state: z.enum(EndpointState).optional(),
2795
- azure_private_endpoint_info: z
2796
- .lazy(() => unmarshalAzurePrivateEndpointInfoSchema)
2797
- .optional(),
2798
- create_time: z
2799
- .string()
2800
- .transform(s => Temporal.Instant.from(s))
2801
- .optional(),
2802
- })
2803
- .transform(d => ({
2804
- name: d.name,
2805
- endpointId: d.endpoint_id,
2806
- accountId: d.account_id,
2807
- displayName: d.display_name,
2808
- useCase: d.use_case,
2809
- region: d.region,
2810
- state: d.state,
2811
- endpointInfo:
2812
- d.azure_private_endpoint_info !== undefined
2813
- ? {
2814
- $case: 'azurePrivateEndpointInfo' as const,
2815
- azurePrivateEndpointInfo: d.azure_private_endpoint_info,
2816
- }
2817
- : undefined,
2818
- createTime: d.create_time,
2819
- }));
2820
-
2821
- export const unmarshalGcpEndpointSchema: z.ZodType<GcpEndpoint> = z
2822
- .object({
2823
- psc_endpoint_uri: z.string().optional(),
2824
- service_attachment: z.string().optional(),
2825
- })
2826
- .transform(d => ({
2827
- pscEndpointUri: d.psc_endpoint_uri,
2828
- targetServices:
2829
- d.service_attachment !== undefined
2830
- ? {
2831
- $case: 'serviceAttachment' as const,
2832
- serviceAttachment: d.service_attachment,
2833
- }
2834
- : undefined,
2835
- }));
2836
-
2837
- export const unmarshalGcpNetworkInfoSchema: z.ZodType<GcpNetworkInfo> = z
2838
- .object({
2839
- network_project_id: z.string().optional(),
2840
- vpc_id: z.string().optional(),
2841
- subnet_id: z.string().optional(),
2842
- subnet_region: z.string().optional(),
2843
- pod_ip_range_name: z.string().optional(),
2844
- service_ip_range_name: z.string().optional(),
2845
- })
2846
- .transform(d => ({
2847
- networkProjectId: d.network_project_id,
2848
- vpcId: d.vpc_id,
2849
- subnetId: d.subnet_id,
2850
- subnetRegion: d.subnet_region,
2851
- podIpRangeName: d.pod_ip_range_name,
2852
- serviceIpRangeName: d.service_ip_range_name,
2853
- }));
2854
-
2855
- export const unmarshalGetAccountIpAccessListResponseSchema: z.ZodType<GetAccountIpAccessListResponse> =
2856
- z
2857
- .object({
2858
- ip_access_list: z
2859
- .lazy(() => unmarshalAccountIpAccessListSchema)
2860
- .optional(),
2861
- })
2862
- .transform(d => ({
2863
- ipAccessList: d.ip_access_list,
2864
- }));
2865
-
2866
- export const unmarshalGetIpAccessListResponseSchema: z.ZodType<GetIpAccessListResponse> =
2867
- z
2868
- .object({
2869
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
2870
- })
2871
- .transform(d => ({
2872
- ipAccessList: d.ip_access_list,
2873
- }));
2874
-
2875
- export const unmarshalIpAccessListSchema: z.ZodType<IpAccessList> = z
2876
- .object({
2877
- list_id: z.string().optional(),
2878
- label: z.string().optional(),
2879
- ip_addresses: z.array(z.string()).optional(),
2880
- address_count: z.number().optional(),
2881
- list_type: z.enum(IpAccessListType).optional(),
2882
- created_at: z
2883
- .union([z.number(), z.bigint()])
2884
- .transform(v => BigInt(v))
2885
- .optional(),
2886
- created_by: z
2887
- .union([z.number(), z.bigint()])
2888
- .transform(v => BigInt(v))
2889
- .optional(),
2890
- updated_at: z
2891
- .union([z.number(), z.bigint()])
2892
- .transform(v => BigInt(v))
2893
- .optional(),
2894
- updated_by: z
2895
- .union([z.number(), z.bigint()])
2896
- .transform(v => BigInt(v))
2897
- .optional(),
2898
- enabled: z.boolean().optional(),
2899
- })
2900
- .transform(d => ({
2901
- listId: d.list_id,
2902
- label: d.label,
2903
- ipAddresses: d.ip_addresses,
2904
- addressCount: d.address_count,
2905
- listType: d.list_type,
2906
- createdAt: d.created_at,
2907
- createdBy: d.created_by,
2908
- updatedAt: d.updated_at,
2909
- updatedBy: d.updated_by,
2910
- enabled: d.enabled,
2911
- }));
2912
-
2913
- export const unmarshalListAccountIpAccessListsResponseSchema: z.ZodType<ListAccountIpAccessListsResponse> =
2914
- z
2915
- .object({
2916
- ip_access_lists: z
2917
- .array(z.lazy(() => unmarshalAccountIpAccessListSchema))
2918
- .optional(),
2919
- })
2920
- .transform(d => ({
2921
- ipAccessLists: d.ip_access_lists,
2922
- }));
2923
-
2924
- export const unmarshalListEndpointsResponseSchema: z.ZodType<ListEndpointsResponse> =
2925
- z
2926
- .object({
2927
- items: z.array(z.lazy(() => unmarshalEndpointSchema)).optional(),
2928
- next_page_token: z.string().optional(),
2929
- })
2930
- .transform(d => ({
2931
- items: d.items,
2932
- nextPageToken: d.next_page_token,
2933
- }));
2934
-
2935
- export const unmarshalListIpAccessListsResponseSchema: z.ZodType<ListIpAccessListsResponse> =
2936
- z
2937
- .object({
2938
- ip_access_lists: z
2939
- .array(z.lazy(() => unmarshalIpAccessListSchema))
2940
- .optional(),
2941
- })
2942
- .transform(d => ({
2943
- ipAccessLists: d.ip_access_lists,
2944
- }));
2945
-
2946
- export const unmarshalListNccPrivateEndpointRulesResponseSchema: z.ZodType<ListNccPrivateEndpointRulesResponse> =
2947
- z
2948
- .object({
2949
- items: z
2950
- .array(z.lazy(() => unmarshalNccPrivateEndpointRuleSchema))
2951
- .optional(),
2952
- next_page_token: z.string().optional(),
2953
- })
2954
- .transform(d => ({
2955
- items: d.items,
2956
- nextPageToken: d.next_page_token,
2957
- }));
2958
-
2959
- export const unmarshalListNetworkConnectivityConfigsResponseSchema: z.ZodType<ListNetworkConnectivityConfigsResponse> =
2960
- z
2961
- .object({
2962
- items: z
2963
- .array(
2964
- z.lazy(() => unmarshalCustomerFacingNetworkConnectivityConfigSchema)
2965
- )
2966
- .optional(),
2967
- next_page_token: z.string().optional(),
2968
- })
2969
- .transform(d => ({
2970
- items: d.items,
2971
- nextPageToken: d.next_page_token,
2972
- }));
2973
-
2974
- export const unmarshalListNetworkPoliciesResponseSchema: z.ZodType<ListNetworkPoliciesResponse> =
2975
- z
2976
- .object({
2977
- items: z
2978
- .array(z.lazy(() => unmarshalAccountNetworkPolicySchema))
2979
- .optional(),
2980
- next_page_token: z.string().optional(),
2981
- })
2982
- .transform(d => ({
2983
- items: d.items,
2984
- nextPageToken: d.next_page_token,
2985
- }));
2986
-
2987
- export const unmarshalNccPrivateEndpointRuleSchema: z.ZodType<NccPrivateEndpointRule> =
2988
- z
2989
- .object({
2990
- rule_id: z.string().optional(),
2991
- network_connectivity_config_id: z.string().optional(),
2992
- connection_state: z
2993
- .enum(NccPrivateEndpointRule_PrivateLinkConnectionState)
2994
- .optional(),
2995
- domain_names: z.array(z.string()).optional(),
2996
- creation_time: z
2997
- .union([z.number(), z.bigint()])
2998
- .transform(v => BigInt(v))
2999
- .optional(),
3000
- updated_time: z
3001
- .union([z.number(), z.bigint()])
3002
- .transform(v => BigInt(v))
3003
- .optional(),
3004
- deactivated: z.boolean().optional(),
3005
- deactivated_at: z
3006
- .union([z.number(), z.bigint()])
3007
- .transform(v => BigInt(v))
3008
- .optional(),
3009
- error_message: z.string().optional(),
3010
- resource_id: z.string().optional(),
3011
- group_id: z.string().optional(),
3012
- endpoint_name: z.string().optional(),
3013
- account_id: z.string().optional(),
3014
- endpoint_service: z.string().optional(),
3015
- resource_names: z.array(z.string()).optional(),
3016
- vpc_endpoint_id: z.string().optional(),
3017
- enabled: z.boolean().optional(),
3018
- gcp_endpoint: z.lazy(() => unmarshalGcpEndpointSchema).optional(),
3019
- })
3020
- .transform(d => ({
3021
- ruleId: d.rule_id,
3022
- networkConnectivityConfigId: d.network_connectivity_config_id,
3023
- connectionState: d.connection_state,
3024
- domainNames: d.domain_names,
3025
- creationTime: d.creation_time,
3026
- updatedTime: d.updated_time,
3027
- deactivated: d.deactivated,
3028
- deactivatedAt: d.deactivated_at,
3029
- errorMessage: d.error_message,
3030
- resourceId: d.resource_id,
3031
- groupId: d.group_id,
3032
- endpointName: d.endpoint_name,
3033
- accountId: d.account_id,
3034
- endpointService: d.endpoint_service,
3035
- resourceNames: d.resource_names,
3036
- vpcEndpointId: d.vpc_endpoint_id,
3037
- enabled: d.enabled,
3038
- endpoint:
3039
- d.gcp_endpoint !== undefined
3040
- ? {$case: 'gcpEndpoint' as const, gcpEndpoint: d.gcp_endpoint}
3041
- : undefined,
3042
- }));
3043
-
3044
- export const unmarshalNetworkSchema: z.ZodType<Network> = z
3045
- .object({
3046
- network_id: z.string().optional(),
3047
- account_id: z.string().optional(),
3048
- workspace_id: z
3049
- .union([z.number(), z.bigint()])
3050
- .transform(v => BigInt(v))
3051
- .optional(),
3052
- vpc_id: z.string().optional(),
3053
- subnet_ids: z.array(z.string()).optional(),
3054
- security_group_ids: z.array(z.string()).optional(),
3055
- vpc_status: z.enum(VpcStatus).optional(),
3056
- error_messages: z
3057
- .array(z.lazy(() => unmarshalNetworkHealthSchema))
3058
- .optional(),
3059
- network_name: z.string().optional(),
3060
- creation_time: z
3061
- .union([z.number(), z.bigint()])
3062
- .transform(v => BigInt(v))
3063
- .optional(),
3064
- warning_messages: z
3065
- .array(z.lazy(() => unmarshalNetworkWarningSchema))
3066
- .optional(),
3067
- vpc_endpoints: z.lazy(() => unmarshalNetworkVpcEndpointsSchema).optional(),
3068
- gcp_network_info: z.lazy(() => unmarshalGcpNetworkInfoSchema).optional(),
3069
- })
3070
- .transform(d => ({
3071
- networkId: d.network_id,
3072
- accountId: d.account_id,
3073
- workspaceId: d.workspace_id,
3074
- vpcId: d.vpc_id,
3075
- subnetIds: d.subnet_ids,
3076
- securityGroupIds: d.security_group_ids,
3077
- vpcStatus: d.vpc_status,
3078
- errorMessages: d.error_messages,
3079
- networkName: d.network_name,
3080
- creationTime: d.creation_time,
3081
- warningMessages: d.warning_messages,
3082
- vpcEndpoints: d.vpc_endpoints,
3083
- networkInfo:
3084
- d.gcp_network_info !== undefined
3085
- ? {$case: 'gcpNetworkInfo' as const, gcpNetworkInfo: d.gcp_network_info}
3086
- : undefined,
3087
- }));
3088
-
3089
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3090
- export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema: z.ZodType<NetworkConnectivityConfigEgressConfig_DefaultRule> =
3091
- z
3092
- .object({
3093
- azure_service_endpoint_rule: z
3094
- .lazy(
3095
- () =>
3096
- unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema
3097
- )
3098
- .optional(),
3099
- aws_stable_ip_rule: z
3100
- .lazy(
3101
- () =>
3102
- unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema
3103
- )
3104
- .optional(),
3105
- })
3106
- .transform(d => ({
3107
- azureServiceEndpointRule: d.azure_service_endpoint_rule,
3108
- awsStableIpRule: d.aws_stable_ip_rule,
3109
- }));
3110
-
3111
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3112
- export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema: z.ZodType<NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule> =
3113
- z
3114
- .object({
3115
- cidr_blocks: z.array(z.string()).optional(),
3116
- })
3117
- .transform(d => ({
3118
- cidrBlocks: d.cidr_blocks,
3119
- }));
3120
-
3121
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3122
- export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema: z.ZodType<NetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRule> =
3123
- z
3124
- .object({
3125
- target_region: z.string().optional(),
3126
- target_services: z.array(z.enum(EgressResourceType)).optional(),
3127
- subnets: z.array(z.string()).optional(),
3128
- })
3129
- .transform(d => ({
3130
- targetRegion: d.target_region,
3131
- targetServices: d.target_services,
3132
- subnets: d.subnets,
3133
- }));
3134
-
3135
- export const unmarshalNetworkHealthSchema: z.ZodType<NetworkHealth> = z
3136
- .object({
3137
- error_type: z.string().optional(),
3138
- error_message: z.string().optional(),
3139
- })
3140
- .transform(d => ({
3141
- errorType: d.error_type,
3142
- errorMessage: d.error_message,
3143
- }));
3144
-
3145
- export const unmarshalNetworkVpcEndpointsSchema: z.ZodType<NetworkVpcEndpoints> =
3146
- z
3147
- .object({
3148
- rest_api: z.array(z.string()).optional(),
3149
- dataplane_relay: z.array(z.string()).optional(),
3150
- })
3151
- .transform(d => ({
3152
- restApi: d.rest_api,
3153
- dataplaneRelay: d.dataplane_relay,
3154
- }));
3155
-
3156
- export const unmarshalNetworkWarningSchema: z.ZodType<NetworkWarning> = z
3157
- .object({
3158
- warning_type: z.string().optional(),
3159
- warning_message: z.string().optional(),
3160
- })
3161
- .transform(d => ({
3162
- warningType: d.warning_type,
3163
- warningMessage: d.warning_message,
3164
- }));
3165
-
3166
- export const unmarshalReplaceAccountIpAccessListResponseSchema: z.ZodType<ReplaceAccountIpAccessListResponse> =
3167
- z
3168
- .object({
3169
- ip_access_list: z
3170
- .lazy(() => unmarshalAccountIpAccessListSchema)
3171
- .optional(),
3172
- })
3173
- .transform(d => ({
3174
- ipAccessList: d.ip_access_list,
3175
- }));
3176
-
3177
- export const unmarshalReplaceIpAccessListResponseSchema: z.ZodType<ReplaceIpAccessListResponse> =
3178
- z
3179
- .object({
3180
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
3181
- })
3182
- .transform(d => ({
3183
- ipAccessList: d.ip_access_list,
3184
- }));
3185
-
3186
- export const unmarshalUpdateAccountIpAccessListResponseSchema: z.ZodType<UpdateAccountIpAccessListResponse> =
3187
- z
3188
- .object({
3189
- ip_access_list: z
3190
- .lazy(() => unmarshalAccountIpAccessListSchema)
3191
- .optional(),
3192
- })
3193
- .transform(d => ({
3194
- ipAccessList: d.ip_access_list,
3195
- }));
3196
-
3197
- export const unmarshalUpdateIpAccessListResponseSchema: z.ZodType<UpdateIpAccessListResponse> =
3198
- z
3199
- .object({
3200
- ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(),
3201
- })
3202
- .transform(d => ({
3203
- ipAccessList: d.ip_access_list,
3204
- }));
3205
-
3206
- export const unmarshalWorkspaceNetworkOptionSchema: z.ZodType<WorkspaceNetworkOption> =
3207
- z
3208
- .object({
3209
- network_policy_id: z.string().optional(),
3210
- workspace_id: z
3211
- .union([z.number(), z.bigint()])
3212
- .transform(v => BigInt(v))
3213
- .optional(),
3214
- })
3215
- .transform(d => ({
3216
- networkPolicyId: d.network_policy_id,
3217
- workspaceId: d.workspace_id,
3218
- }));
3219
-
3220
- export const marshalAccountNetworkPolicySchema: z.ZodType = z
3221
- .object({
3222
- networkPolicyId: z.string().optional(),
3223
- accountId: z.string().optional(),
3224
- egress: z.lazy(() => marshalEgressNetworkPolicySchema).optional(),
3225
- ingress: z
3226
- .lazy(() => marshalCustomerFacingIngressNetworkPolicySchema)
3227
- .optional(),
3228
- ingressDryRun: z
3229
- .lazy(() => marshalCustomerFacingIngressNetworkPolicySchema)
3230
- .optional(),
3231
- })
3232
- .transform(d => ({
3233
- network_policy_id: d.networkPolicyId,
3234
- account_id: d.accountId,
3235
- egress: d.egress,
3236
- ingress: d.ingress,
3237
- ingress_dry_run: d.ingressDryRun,
3238
- }));
3239
-
3240
- export const marshalAzurePrivateEndpointInfoSchema: z.ZodType = z
3241
- .object({
3242
- privateEndpointName: z.string().optional(),
3243
- privateEndpointResourceGuid: z.string().optional(),
3244
- privateEndpointResourceId: z.string().optional(),
3245
- privateLinkServiceId: z.string().optional(),
3246
- })
3247
- .transform(d => ({
3248
- private_endpoint_name: d.privateEndpointName,
3249
- private_endpoint_resource_guid: d.privateEndpointResourceGuid,
3250
- private_endpoint_resource_id: d.privateEndpointResourceId,
3251
- private_link_service_id: d.privateLinkServiceId,
3252
- }));
3253
-
3254
- export const marshalCreateAccountIpAccessListRequestSchema: z.ZodType = z
3255
- .object({
3256
- accountId: z.string().optional(),
3257
- label: z.string().optional(),
3258
- listType: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
3259
- ipAddresses: z.array(z.string()).optional(),
3260
- })
3261
- .transform(d => ({
3262
- account_id: d.accountId,
3263
- label: d.label,
3264
- list_type: d.listType,
3265
- ip_addresses: d.ipAddresses,
3266
- }));
3267
-
3268
- export const marshalCreateIpAccessListSchema: z.ZodType = z
3269
- .object({
3270
- label: z.string().optional(),
3271
- listType: z.enum(IpAccessListType).optional(),
3272
- ipAddresses: z.array(z.string()).optional(),
3273
- })
3274
- .transform(d => ({
3275
- label: d.label,
3276
- list_type: d.listType,
3277
- ip_addresses: d.ipAddresses,
3278
- }));
3279
-
3280
- export const marshalCreateNetworkConnectivityConfigurationSchema: z.ZodType = z
3281
- .object({
3282
- networkConnectivityConfigId: z.string().optional(),
3283
- accountId: z.string().optional(),
3284
- name: z.string().optional(),
3285
- region: z.string().optional(),
3286
- egressConfig: z
3287
- .lazy(
3288
- () => marshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema
3289
- )
3290
- .optional(),
3291
- updatedTime: z.bigint().optional(),
3292
- creationTime: z.bigint().optional(),
3293
- })
3294
- .transform(d => ({
3295
- network_connectivity_config_id: d.networkConnectivityConfigId,
3296
- account_id: d.accountId,
3297
- name: d.name,
3298
- region: d.region,
3299
- egress_config: d.egressConfig,
3300
- updated_time: d.updatedTime,
3301
- creation_time: d.creationTime,
3302
- }));
3303
-
3304
- export const marshalCreateNetworkRequestSchema: z.ZodType = z
3305
- .object({
3306
- accountId: z.string().optional(),
3307
- networkName: z.string().optional(),
3308
- vpcId: z.string().optional(),
3309
- subnetIds: z.array(z.string()).optional(),
3310
- securityGroupIds: z.array(z.string()).optional(),
3311
- vpcEndpoints: z.lazy(() => marshalNetworkVpcEndpointsSchema).optional(),
3312
- gcpNetworkInfo: z.lazy(() => marshalGcpNetworkInfoSchema).optional(),
3313
- })
3314
- .transform(d => ({
3315
- account_id: d.accountId,
3316
- network_name: d.networkName,
3317
- vpc_id: d.vpcId,
3318
- subnet_ids: d.subnetIds,
3319
- security_group_ids: d.securityGroupIds,
3320
- vpc_endpoints: d.vpcEndpoints,
3321
- gcp_network_info: d.gcpNetworkInfo,
3322
- }));
3323
-
3324
- export const marshalCreatePrivateAccessSettingsRequestSchema: z.ZodType = z
3325
- .object({
3326
- accountId: z.string().optional(),
3327
- privateAccessSettingsName: z.string().optional(),
3328
- region: z.string().optional(),
3329
- publicAccessEnabled: z.boolean().optional(),
3330
- privateAccessLevel: z.enum(PrivateAccessLevel).optional(),
3331
- allowedVpcEndpointIds: z.array(z.string()).optional(),
3332
- })
3333
- .transform(d => ({
3334
- account_id: d.accountId,
3335
- private_access_settings_name: d.privateAccessSettingsName,
3336
- region: d.region,
3337
- public_access_enabled: d.publicAccessEnabled,
3338
- private_access_level: d.privateAccessLevel,
3339
- allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds,
3340
- }));
3341
-
3342
- export const marshalCreatePrivateEndpointRuleSchema: z.ZodType = z
3343
- .object({
3344
- ruleId: z.string().optional(),
3345
- networkConnectivityConfigId: z.string().optional(),
3346
- connectionState: z
3347
- .enum(NccPrivateEndpointRule_PrivateLinkConnectionState)
3348
- .optional(),
3349
- domainNames: z.array(z.string()).optional(),
3350
- creationTime: z.bigint().optional(),
3351
- updatedTime: z.bigint().optional(),
3352
- deactivated: z.boolean().optional(),
3353
- deactivatedAt: z.bigint().optional(),
3354
- errorMessage: z.string().optional(),
3355
- resourceId: z.string().optional(),
3356
- groupId: z.string().optional(),
3357
- endpointName: z.string().optional(),
3358
- accountId: z.string().optional(),
3359
- endpointService: z.string().optional(),
3360
- resourceNames: z.array(z.string()).optional(),
3361
- vpcEndpointId: z.string().optional(),
3362
- enabled: z.boolean().optional(),
3363
- endpoint: z
3364
- .discriminatedUnion('$case', [
3365
- z.object({
3366
- $case: z.literal('gcpEndpoint'),
3367
- gcpEndpoint: z.lazy(() => marshalGcpEndpointSchema),
3368
- }),
3369
- ])
3370
- .optional(),
3371
- })
3372
- .transform(d => ({
3373
- rule_id: d.ruleId,
3374
- network_connectivity_config_id: d.networkConnectivityConfigId,
3375
- connection_state: d.connectionState,
3376
- domain_names: d.domainNames,
3377
- creation_time: d.creationTime,
3378
- updated_time: d.updatedTime,
3379
- deactivated: d.deactivated,
3380
- deactivated_at: d.deactivatedAt,
3381
- error_message: d.errorMessage,
3382
- resource_id: d.resourceId,
3383
- group_id: d.groupId,
3384
- endpoint_name: d.endpointName,
3385
- account_id: d.accountId,
3386
- endpoint_service: d.endpointService,
3387
- resource_names: d.resourceNames,
3388
- vpc_endpoint_id: d.vpcEndpointId,
3389
- enabled: d.enabled,
3390
- ...(d.endpoint?.$case === 'gcpEndpoint' && {
3391
- gcp_endpoint: d.endpoint.gcpEndpoint,
3392
- }),
3393
- }));
3394
-
3395
- export const marshalCreateVpcEndpointRequestSchema: z.ZodType = z
3396
- .object({
3397
- accountId: z.string().optional(),
3398
- vpcEndpointName: z.string().optional(),
3399
- region: z.string().optional(),
3400
- awsVpcEndpointId: z.string().optional(),
3401
- vpcEndpointInfo: z
3402
- .discriminatedUnion('$case', [
3403
- z.object({
3404
- $case: z.literal('gcpVpcEndpointInfo'),
3405
- gcpVpcEndpointInfo: z.lazy(
3406
- () => marshalCustomerFacingGcpVpcEndpointInfoSchema
3407
- ),
3408
- }),
3409
- ])
3410
- .optional(),
3411
- })
3412
- .transform(d => ({
3413
- account_id: d.accountId,
3414
- vpc_endpoint_name: d.vpcEndpointName,
3415
- region: d.region,
3416
- aws_vpc_endpoint_id: d.awsVpcEndpointId,
3417
- ...(d.vpcEndpointInfo?.$case === 'gcpVpcEndpointInfo' && {
3418
- gcp_vpc_endpoint_info: d.vpcEndpointInfo.gcpVpcEndpointInfo,
3419
- }),
3420
- }));
3421
-
3422
- export const marshalCustomerFacingGcpVpcEndpointInfoSchema: z.ZodType = z
3423
- .object({
3424
- pscConnectionId: z.string().optional(),
3425
- projectId: z.string().optional(),
3426
- pscEndpointName: z.string().optional(),
3427
- endpointRegion: z.string().optional(),
3428
- serviceAttachmentId: z.string().optional(),
3429
- })
3430
- .transform(d => ({
3431
- psc_connection_id: d.pscConnectionId,
3432
- project_id: d.projectId,
3433
- psc_endpoint_name: d.pscEndpointName,
3434
- endpoint_region: d.endpointRegion,
3435
- service_attachment_id: d.serviceAttachmentId,
3436
- }));
3437
-
3438
- export const marshalCustomerFacingIngressNetworkPolicySchema: z.ZodType = z
3439
- .object({
3440
- publicAccess: z
3441
- .lazy(() => marshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema)
3442
- .optional(),
3443
- privateAccess: z
3444
- .lazy(() => marshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema)
3445
- .optional(),
3446
- crossWorkspaceAccess: z
3447
- .lazy(
3448
- () =>
3449
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema
3450
- )
3451
- .optional(),
3452
- })
3453
- .transform(d => ({
3454
- public_access: d.publicAccess,
3455
- private_access: d.privateAccess,
3456
- cross_workspace_access: d.crossWorkspaceAccess,
3457
- }));
3458
-
3459
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3460
- export const marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType =
3461
- z
3462
- .object({
3463
- scopes: z.array(z.string()).optional(),
3464
- scopeQualifier: z
3465
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
3466
- .optional(),
3467
- })
3468
- .transform(d => ({
3469
- scopes: d.scopes,
3470
- scope_qualifier: d.scopeQualifier,
3471
- }));
3472
-
3473
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3474
- export const marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType =
3475
- z
3476
- .object({
3477
- allDestinations: z.boolean().optional(),
3478
- })
3479
- .transform(d => ({
3480
- all_destinations: d.allDestinations,
3481
- }));
3482
-
3483
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3484
- export const marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType =
3485
- z
3486
- .object({
3487
- allDestinations: z.boolean().optional(),
3488
- })
3489
- .transform(d => ({
3490
- all_destinations: d.allDestinations,
3491
- }));
3492
-
3493
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3494
- export const marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType =
3495
- z
3496
- .object({
3497
- allDestinations: z.boolean().optional(),
3498
- })
3499
- .transform(d => ({
3500
- all_destinations: d.allDestinations,
3501
- }));
3502
-
3503
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3504
- export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema: z.ZodType =
3505
- z
3506
- .object({
3507
- identityType: z
3508
- .enum(CustomerFacingIngressNetworkPolicy_Authentication_IdentityType)
3509
- .optional(),
3510
- identities: z
3511
- .array(
3512
- z.lazy(
3513
- () =>
3514
- marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema
3515
- )
3516
- )
3517
- .optional(),
3518
- })
3519
- .transform(d => ({
3520
- identity_type: d.identityType,
3521
- identities: d.identities,
3522
- }));
3523
-
3524
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3525
- export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType =
3526
- z
3527
- .object({
3528
- principalType: z
3529
- .enum(
3530
- CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType
3531
- )
3532
- .optional(),
3533
- principalId: z.bigint().optional(),
3534
- })
3535
- .transform(d => ({
3536
- principal_type: d.principalType,
3537
- principal_id: d.principalId,
3538
- }));
3539
-
3540
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3541
- export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType =
3542
- z
3543
- .object({
3544
- restrictionMode: z
3545
- .enum(
3546
- CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode
3547
- )
3548
- .optional(),
3549
- denyRules: z
3550
- .array(
3551
- z.lazy(
3552
- () =>
3553
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
3554
- )
3555
- )
3556
- .optional(),
3557
- allowRules: z
3558
- .array(
3559
- z.lazy(
3560
- () =>
3561
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema
3562
- )
3563
- )
3564
- .optional(),
3565
- })
3566
- .transform(d => ({
3567
- restriction_mode: d.restrictionMode,
3568
- deny_rules: d.denyRules,
3569
- allow_rules: d.allowRules,
3570
- }));
3571
-
3572
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3573
- export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType =
3574
- z
3575
- .object({
3576
- origin: z
3577
- .lazy(
3578
- () =>
3579
- marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema
3580
- )
3581
- .optional(),
3582
- destination: z
3583
- .lazy(
3584
- () =>
3585
- marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
3586
- )
3587
- .optional(),
3588
- authentication: z
3589
- .lazy(
3590
- () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
3591
- )
3592
- .optional(),
3593
- label: z.string().optional(),
3594
- })
3595
- .transform(d => ({
3596
- origin: d.origin,
3597
- destination: d.destination,
3598
- authentication: d.authentication,
3599
- label: d.label,
3600
- }));
3601
-
3602
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3603
- export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType =
3604
- z
3605
- .object({
3606
- source: z
3607
- .discriminatedUnion('$case', [
3608
- z.object({
3609
- $case: z.literal('allSourceWorkspaces'),
3610
- allSourceWorkspaces: z.boolean(),
3611
- }),
3612
- z.object({
3613
- $case: z.literal('selectedWorkspaces'),
3614
- selectedWorkspaces: z.lazy(
3615
- () =>
3616
- marshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema
3617
- ),
3618
- }),
3619
- ])
3620
- .optional(),
3621
- })
3622
- .transform(d => ({
3623
- ...(d.source?.$case === 'allSourceWorkspaces' && {
3624
- all_source_workspaces: d.source.allSourceWorkspaces,
3625
- }),
3626
- ...(d.source?.$case === 'selectedWorkspaces' && {
3627
- selected_workspaces: d.source.selectedWorkspaces,
3628
- }),
3629
- }));
3630
-
3631
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3632
- export const marshalCustomerFacingIngressNetworkPolicy_EndpointsSchema: z.ZodType =
3633
- z
3634
- .object({
3635
- endpointIds: z.array(z.string()).optional(),
3636
- })
3637
- .transform(d => ({
3638
- endpoint_ids: d.endpointIds,
3639
- }));
3640
-
3641
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3642
- export const marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema: z.ZodType =
3643
- z
3644
- .object({
3645
- ipRanges: z.array(z.string()).optional(),
3646
- })
3647
- .transform(d => ({
3648
- ip_ranges: d.ipRanges,
3649
- }));
3650
-
3651
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3652
- export const marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType =
3653
- z
3654
- .object({
3655
- allDestinations: z.boolean().optional(),
3656
- })
3657
- .transform(d => ({
3658
- all_destinations: d.allDestinations,
3659
- }));
3660
-
3661
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3662
- export const marshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema: z.ZodType =
3663
- z
3664
- .object({
3665
- restrictionMode: z
3666
- .enum(CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode)
3667
- .optional(),
3668
- denyRules: z
3669
- .array(
3670
- z.lazy(
3671
- () =>
3672
- marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
3673
- )
3674
- )
3675
- .optional(),
3676
- allowRules: z
3677
- .array(
3678
- z.lazy(
3679
- () =>
3680
- marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema
3681
- )
3682
- )
3683
- .optional(),
3684
- })
3685
- .transform(d => ({
3686
- restriction_mode: d.restrictionMode,
3687
- deny_rules: d.denyRules,
3688
- allow_rules: d.allowRules,
3689
- }));
3690
-
3691
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3692
- export const marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType =
3693
- z
3694
- .object({
3695
- origin: z
3696
- .lazy(
3697
- () =>
3698
- marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema
3699
- )
3700
- .optional(),
3701
- destination: z
3702
- .lazy(
3703
- () =>
3704
- marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
3705
- )
3706
- .optional(),
3707
- authentication: z
3708
- .lazy(
3709
- () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
3710
- )
3711
- .optional(),
3712
- label: z.string().optional(),
3713
- })
3714
- .transform(d => ({
3715
- origin: d.origin,
3716
- destination: d.destination,
3717
- authentication: d.authentication,
3718
- label: d.label,
3719
- }));
3720
-
3721
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3722
- export const marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType =
3723
- z
3724
- .object({
3725
- source: z
3726
- .discriminatedUnion('$case', [
3727
- z.object({
3728
- $case: z.literal('endpoints'),
3729
- endpoints: z.lazy(
3730
- () => marshalCustomerFacingIngressNetworkPolicy_EndpointsSchema
3731
- ),
3732
- }),
3733
- z.object({
3734
- $case: z.literal('allRegisteredEndpoints'),
3735
- allRegisteredEndpoints: z.boolean(),
3736
- }),
3737
- z.object({
3738
- $case: z.literal('azureWorkspacePrivateLink'),
3739
- azureWorkspacePrivateLink: z.boolean(),
3740
- }),
3741
- z.object({
3742
- $case: z.literal('allPrivateAccess'),
3743
- allPrivateAccess: z.boolean(),
3744
- }),
3745
- ])
3746
- .optional(),
3747
- })
3748
- .transform(d => ({
3749
- ...(d.source?.$case === 'endpoints' && {endpoints: d.source.endpoints}),
3750
- ...(d.source?.$case === 'allRegisteredEndpoints' && {
3751
- all_registered_endpoints: d.source.allRegisteredEndpoints,
3752
- }),
3753
- ...(d.source?.$case === 'azureWorkspacePrivateLink' && {
3754
- azure_workspace_private_link: d.source.azureWorkspacePrivateLink,
3755
- }),
3756
- ...(d.source?.$case === 'allPrivateAccess' && {
3757
- all_private_access: d.source.allPrivateAccess,
3758
- }),
3759
- }));
3760
-
3761
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3762
- export const marshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema: z.ZodType =
3763
- z
3764
- .object({
3765
- restrictionMode: z
3766
- .enum(CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode)
3767
- .optional(),
3768
- denyRules: z
3769
- .array(
3770
- z.lazy(
3771
- () =>
3772
- marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
3773
- )
3774
- )
3775
- .optional(),
3776
- allowRules: z
3777
- .array(
3778
- z.lazy(
3779
- () =>
3780
- marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema
3781
- )
3782
- )
3783
- .optional(),
3784
- })
3785
- .transform(d => ({
3786
- restriction_mode: d.restrictionMode,
3787
- deny_rules: d.denyRules,
3788
- allow_rules: d.allowRules,
3789
- }));
3790
-
3791
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3792
- export const marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType =
3793
- z
3794
- .object({
3795
- origin: z
3796
- .lazy(
3797
- () =>
3798
- marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema
3799
- )
3800
- .optional(),
3801
- destination: z
3802
- .lazy(
3803
- () =>
3804
- marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema
3805
- )
3806
- .optional(),
3807
- authentication: z
3808
- .lazy(
3809
- () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema
3810
- )
3811
- .optional(),
3812
- label: z.string().optional(),
3813
- })
3814
- .transform(d => ({
3815
- origin: d.origin,
3816
- destination: d.destination,
3817
- authentication: d.authentication,
3818
- label: d.label,
3819
- }));
3820
-
3821
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3822
- export const marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType =
3823
- z
3824
- .object({
3825
- source: z
3826
- .discriminatedUnion('$case', [
3827
- z.object({$case: z.literal('allIpRanges'), allIpRanges: z.boolean()}),
3828
- z.object({
3829
- $case: z.literal('includedIpRanges'),
3830
- includedIpRanges: z.lazy(
3831
- () => marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema
3832
- ),
3833
- }),
3834
- z.object({
3835
- $case: z.literal('excludedIpRanges'),
3836
- excludedIpRanges: z.lazy(
3837
- () => marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema
3838
- ),
3839
- }),
3840
- ])
3841
- .optional(),
3842
- })
3843
- .transform(d => ({
3844
- ...(d.source?.$case === 'allIpRanges' && {
3845
- all_ip_ranges: d.source.allIpRanges,
3846
- }),
3847
- ...(d.source?.$case === 'includedIpRanges' && {
3848
- included_ip_ranges: d.source.includedIpRanges,
3849
- }),
3850
- ...(d.source?.$case === 'excludedIpRanges' && {
3851
- excluded_ip_ranges: d.source.excludedIpRanges,
3852
- }),
3853
- }));
3854
-
3855
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3856
- export const marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema: z.ZodType =
3857
- z
3858
- .object({
3859
- allDestinations: z.boolean().optional(),
3860
- workspaceUi: z
3861
- .lazy(
3862
- () =>
3863
- marshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema
3864
- )
3865
- .optional(),
3866
- workspaceApi: z
3867
- .lazy(
3868
- () =>
3869
- marshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema
3870
- )
3871
- .optional(),
3872
- appsRuntime: z
3873
- .lazy(
3874
- () =>
3875
- marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema
3876
- )
3877
- .optional(),
3878
- lakebaseRuntime: z
3879
- .lazy(
3880
- () =>
3881
- marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema
3882
- )
3883
- .optional(),
3884
- accountUi: z
3885
- .lazy(
3886
- () =>
3887
- marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema
3888
- )
3889
- .optional(),
3890
- accountApi: z
3891
- .lazy(
3892
- () =>
3893
- marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema
3894
- )
3895
- .optional(),
3896
- accountDatabricksOne: z
3897
- .lazy(
3898
- () =>
3899
- marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema
3900
- )
3901
- .optional(),
3902
- })
3903
- .transform(d => ({
3904
- all_destinations: d.allDestinations,
3905
- workspace_ui: d.workspaceUi,
3906
- workspace_api: d.workspaceApi,
3907
- apps_runtime: d.appsRuntime,
3908
- lakebase_runtime: d.lakebaseRuntime,
3909
- account_ui: d.accountUi,
3910
- account_api: d.accountApi,
3911
- account_databricks_one: d.accountDatabricksOne,
3912
- }));
3913
-
3914
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3915
- export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType =
3916
- z
3917
- .object({
3918
- scopes: z.array(z.string()).optional(),
3919
- scopeQualifier: z
3920
- .enum(CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)
3921
- .optional(),
3922
- })
3923
- .transform(d => ({
3924
- scopes: d.scopes,
3925
- scope_qualifier: d.scopeQualifier,
3926
- }));
3927
-
3928
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3929
- export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType =
3930
- z
3931
- .object({
3932
- workspaceIds: z.array(z.bigint()).optional(),
3933
- })
3934
- .transform(d => ({
3935
- workspace_ids: d.workspaceIds,
3936
- }));
3937
-
3938
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
3939
- export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType =
3940
- z
3941
- .object({
3942
- allDestinations: z.boolean().optional(),
3943
- })
3944
- .transform(d => ({
3945
- all_destinations: d.allDestinations,
3946
- }));
3947
-
3948
- export const marshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType =
3949
- z
3950
- .object({
3951
- ruleId: z.string().optional(),
3952
- networkConnectivityConfigId: z.string().optional(),
3953
- accountId: z.string().optional(),
3954
- endpointService: z.string().optional(),
3955
- domainNames: z.array(z.string()).optional(),
3956
- resourceNames: z.array(z.string()).optional(),
3957
- vpcEndpointId: z.string().optional(),
3958
- connectionState: z
3959
- .enum(
3960
- CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState
3961
- )
3962
- .optional(),
3963
- creationTime: z.bigint().optional(),
3964
- updatedTime: z.bigint().optional(),
3965
- deactivated: z.boolean().optional(),
3966
- deactivatedAt: z.bigint().optional(),
3967
- enabled: z.boolean().optional(),
3968
- errorMessage: z.string().optional(),
3969
- })
3970
- .transform(d => ({
3971
- rule_id: d.ruleId,
3972
- network_connectivity_config_id: d.networkConnectivityConfigId,
3973
- account_id: d.accountId,
3974
- endpoint_service: d.endpointService,
3975
- domain_names: d.domainNames,
3976
- resource_names: d.resourceNames,
3977
- vpc_endpoint_id: d.vpcEndpointId,
3978
- connection_state: d.connectionState,
3979
- creation_time: d.creationTime,
3980
- updated_time: d.updatedTime,
3981
- deactivated: d.deactivated,
3982
- deactivated_at: d.deactivatedAt,
3983
- enabled: d.enabled,
3984
- error_message: d.errorMessage,
3985
- }));
3986
-
3987
- export const marshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType =
3988
- z
3989
- .object({
3990
- ruleId: z.string().optional(),
3991
- networkConnectivityConfigId: z.string().optional(),
3992
- resourceId: z.string().optional(),
3993
- groupId: z.string().optional(),
3994
- endpointName: z.string().optional(),
3995
- connectionState: z
3996
- .enum(
3997
- CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState
3998
- )
3999
- .optional(),
4000
- creationTime: z.bigint().optional(),
4001
- updatedTime: z.bigint().optional(),
4002
- deactivated: z.boolean().optional(),
4003
- deactivatedAt: z.bigint().optional(),
4004
- domainNames: z.array(z.string()).optional(),
4005
- errorMessage: z.string().optional(),
4006
- })
4007
- .transform(d => ({
4008
- rule_id: d.ruleId,
4009
- network_connectivity_config_id: d.networkConnectivityConfigId,
4010
- resource_id: d.resourceId,
4011
- group_id: d.groupId,
4012
- endpoint_name: d.endpointName,
4013
- connection_state: d.connectionState,
4014
- creation_time: d.creationTime,
4015
- updated_time: d.updatedTime,
4016
- deactivated: d.deactivated,
4017
- deactivated_at: d.deactivatedAt,
4018
- domain_names: d.domainNames,
4019
- error_message: d.errorMessage,
4020
- }));
4021
-
4022
- export const marshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType =
4023
- z
4024
- .object({
4025
- defaultRules: z
4026
- .lazy(
4027
- () => marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema
4028
- )
4029
- .optional(),
4030
- targetRules: z
4031
- .lazy(
4032
- () =>
4033
- marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema
4034
- )
4035
- .optional(),
4036
- })
4037
- .transform(d => ({
4038
- default_rules: d.defaultRules,
4039
- target_rules: d.targetRules,
4040
- }));
4041
-
4042
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4043
- export const marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType =
4044
- z
4045
- .object({
4046
- azurePrivateEndpointRules: z
4047
- .array(
4048
- z.lazy(
4049
- () =>
4050
- marshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema
4051
- )
4052
- )
4053
- .optional(),
4054
- awsPrivateEndpointRules: z
4055
- .array(
4056
- z.lazy(
4057
- () =>
4058
- marshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema
4059
- )
4060
- )
4061
- .optional(),
4062
- })
4063
- .transform(d => ({
4064
- azure_private_endpoint_rules: d.azurePrivateEndpointRules,
4065
- aws_private_endpoint_rules: d.awsPrivateEndpointRules,
4066
- }));
4067
-
4068
- export const marshalCustomerFacingPrivateAccessSettingsSchema: z.ZodType = z
4069
- .object({
4070
- privateAccessSettingsId: z.string().optional(),
4071
- accountId: z.string().optional(),
4072
- privateAccessSettingsName: z.string().optional(),
4073
- region: z.string().optional(),
4074
- publicAccessEnabled: z.boolean().optional(),
4075
- privateAccessLevel: z.enum(PrivateAccessLevel).optional(),
4076
- allowedVpcEndpointIds: z.array(z.string()).optional(),
4077
- })
4078
- .transform(d => ({
4079
- private_access_settings_id: d.privateAccessSettingsId,
4080
- account_id: d.accountId,
4081
- private_access_settings_name: d.privateAccessSettingsName,
4082
- region: d.region,
4083
- public_access_enabled: d.publicAccessEnabled,
4084
- private_access_level: d.privateAccessLevel,
4085
- allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds,
4086
- }));
4087
-
4088
- export const marshalEgressNetworkPolicySchema: z.ZodType = z
4089
- .object({
4090
- networkAccess: z
4091
- .lazy(() => marshalEgressNetworkPolicy_NetworkAccessPolicySchema)
4092
- .optional(),
4093
- })
4094
- .transform(d => ({
4095
- network_access: d.networkAccess,
4096
- }));
4097
-
4098
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4099
- export const marshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType = z
4100
- .object({
4101
- restrictionMode: z
4102
- .enum(EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode)
4103
- .optional(),
4104
- allowedInternetDestinations: z
4105
- .array(
4106
- z.lazy(
4107
- () =>
4108
- marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
4109
- )
4110
- )
4111
- .optional(),
4112
- allowedStorageDestinations: z
4113
- .array(
4114
- z.lazy(
4115
- () =>
4116
- marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema
4117
- )
4118
- )
4119
- .optional(),
4120
- policyEnforcement: z
4121
- .lazy(
4122
- () =>
4123
- marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema
4124
- )
4125
- .optional(),
4126
- blockedInternetDestinations: z
4127
- .array(
4128
- z.lazy(
4129
- () =>
4130
- marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema
4131
- )
4132
- )
4133
- .optional(),
4134
- })
4135
- .transform(d => ({
4136
- restriction_mode: d.restrictionMode,
4137
- allowed_internet_destinations: d.allowedInternetDestinations,
4138
- allowed_storage_destinations: d.allowedStorageDestinations,
4139
- policy_enforcement: d.policyEnforcement,
4140
- blocked_internet_destinations: d.blockedInternetDestinations,
4141
- }));
4142
-
4143
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4144
- export const marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType =
4145
- z
4146
- .object({
4147
- destination: z.string().optional(),
4148
- internetDestinationType: z
4149
- .enum(
4150
- EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType
4151
- )
4152
- .optional(),
4153
- })
4154
- .transform(d => ({
4155
- destination: d.destination,
4156
- internet_destination_type: d.internetDestinationType,
4157
- }));
4158
-
4159
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4160
- export const marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType =
4161
- z
4162
- .object({
4163
- enforcementMode: z
4164
- .enum(
4165
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode
4166
- )
4167
- .optional(),
4168
- dryRunModeProductFilter: z
4169
- .array(
4170
- z.enum(
4171
- EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter
4172
- )
4173
- )
4174
- .optional(),
4175
- })
4176
- .transform(d => ({
4177
- enforcement_mode: d.enforcementMode,
4178
- dry_run_mode_product_filter: d.dryRunModeProductFilter,
4179
- }));
4180
-
4181
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4182
- export const marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType =
4183
- z
4184
- .object({
4185
- bucketName: z.string().optional(),
4186
- region: z.string().optional(),
4187
- storageDestinationType: z
4188
- .enum(
4189
- EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType
4190
- )
4191
- .optional(),
4192
- azureStorageAccount: z.string().optional(),
4193
- azureStorageService: z.string().optional(),
4194
- })
4195
- .transform(d => ({
4196
- bucket_name: d.bucketName,
4197
- region: d.region,
4198
- storage_destination_type: d.storageDestinationType,
4199
- azure_storage_account: d.azureStorageAccount,
4200
- azure_storage_service: d.azureStorageService,
4201
- }));
4202
-
4203
- export const marshalEndpointSchema: z.ZodType = z
4204
- .object({
4205
- name: z.string().optional(),
4206
- endpointId: z.string().optional(),
4207
- accountId: z.string().optional(),
4208
- displayName: z.string().optional(),
4209
- useCase: z.enum(EndpointUseCase_EndpointUseCase).optional(),
4210
- region: z.string().optional(),
4211
- state: z.enum(EndpointState).optional(),
4212
- endpointInfo: z
4213
- .discriminatedUnion('$case', [
4214
- z.object({
4215
- $case: z.literal('azurePrivateEndpointInfo'),
4216
- azurePrivateEndpointInfo: z.lazy(
4217
- () => marshalAzurePrivateEndpointInfoSchema
4218
- ),
4219
- }),
4220
- ])
4221
- .optional(),
4222
- createTime: z
4223
- .any()
4224
- .transform((d: Temporal.Instant) => d.toString())
4225
- .optional(),
4226
- })
4227
- .transform(d => ({
4228
- name: d.name,
4229
- endpoint_id: d.endpointId,
4230
- account_id: d.accountId,
4231
- display_name: d.displayName,
4232
- use_case: d.useCase,
4233
- region: d.region,
4234
- state: d.state,
4235
- ...(d.endpointInfo?.$case === 'azurePrivateEndpointInfo' && {
4236
- azure_private_endpoint_info: d.endpointInfo.azurePrivateEndpointInfo,
4237
- }),
4238
- create_time: d.createTime,
4239
- }));
4240
-
4241
- export const marshalGcpEndpointSchema: z.ZodType = z
4242
- .object({
4243
- pscEndpointUri: z.string().optional(),
4244
- targetServices: z
4245
- .discriminatedUnion('$case', [
4246
- z.object({
4247
- $case: z.literal('serviceAttachment'),
4248
- serviceAttachment: z.string(),
4249
- }),
4250
- ])
4251
- .optional(),
4252
- })
4253
- .transform(d => ({
4254
- psc_endpoint_uri: d.pscEndpointUri,
4255
- ...(d.targetServices?.$case === 'serviceAttachment' && {
4256
- service_attachment: d.targetServices.serviceAttachment,
4257
- }),
4258
- }));
4259
-
4260
- export const marshalGcpNetworkInfoSchema: z.ZodType = z
4261
- .object({
4262
- networkProjectId: z.string().optional(),
4263
- vpcId: z.string().optional(),
4264
- subnetId: z.string().optional(),
4265
- subnetRegion: z.string().optional(),
4266
- podIpRangeName: z.string().optional(),
4267
- serviceIpRangeName: z.string().optional(),
4268
- })
4269
- .transform(d => ({
4270
- network_project_id: d.networkProjectId,
4271
- vpc_id: d.vpcId,
4272
- subnet_id: d.subnetId,
4273
- subnet_region: d.subnetRegion,
4274
- pod_ip_range_name: d.podIpRangeName,
4275
- service_ip_range_name: d.serviceIpRangeName,
4276
- }));
4277
-
4278
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4279
- export const marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema: z.ZodType =
4280
- z
4281
- .object({
4282
- azureServiceEndpointRule: z
4283
- .lazy(
4284
- () =>
4285
- marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema
4286
- )
4287
- .optional(),
4288
- awsStableIpRule: z
4289
- .lazy(
4290
- () =>
4291
- marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema
4292
- )
4293
- .optional(),
4294
- })
4295
- .transform(d => ({
4296
- azure_service_endpoint_rule: d.azureServiceEndpointRule,
4297
- aws_stable_ip_rule: d.awsStableIpRule,
4298
- }));
4299
-
4300
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4301
- export const marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRuleSchema: z.ZodType =
4302
- z
4303
- .object({
4304
- cidrBlocks: z.array(z.string()).optional(),
4305
- })
4306
- .transform(d => ({
4307
- cidr_blocks: d.cidrBlocks,
4308
- }));
4309
-
4310
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
4311
- export const marshalNetworkConnectivityConfigEgressConfig_DefaultRule_AzureServiceEndpointRuleSchema: z.ZodType =
4312
- z
4313
- .object({
4314
- targetRegion: z.string().optional(),
4315
- targetServices: z.array(z.enum(EgressResourceType)).optional(),
4316
- subnets: z.array(z.string()).optional(),
4317
- })
4318
- .transform(d => ({
4319
- target_region: d.targetRegion,
4320
- target_services: d.targetServices,
4321
- subnets: d.subnets,
4322
- }));
4323
-
4324
- export const marshalNetworkVpcEndpointsSchema: z.ZodType = z
4325
- .object({
4326
- restApi: z.array(z.string()).optional(),
4327
- dataplaneRelay: z.array(z.string()).optional(),
4328
- })
4329
- .transform(d => ({
4330
- rest_api: d.restApi,
4331
- dataplane_relay: d.dataplaneRelay,
4332
- }));
4333
-
4334
- export const marshalReplaceAccountIpAccessListRequestSchema: z.ZodType = z
4335
- .object({
4336
- accountId: z.string().optional(),
4337
- listId: z.string().optional(),
4338
- label: z.string().optional(),
4339
- listType: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
4340
- ipAddresses: z.array(z.string()).optional(),
4341
- enabled: z.boolean().optional(),
4342
- })
4343
- .transform(d => ({
4344
- account_id: d.accountId,
4345
- list_id: d.listId,
4346
- label: d.label,
4347
- list_type: d.listType,
4348
- ip_addresses: d.ipAddresses,
4349
- enabled: d.enabled,
4350
- }));
4351
-
4352
- export const marshalReplaceIpAccessListSchema: z.ZodType = z
4353
- .object({
4354
- listId: z.string().optional(),
4355
- label: z.string().optional(),
4356
- listType: z.enum(IpAccessListType).optional(),
4357
- ipAddresses: z.array(z.string()).optional(),
4358
- enabled: z.boolean().optional(),
4359
- })
4360
- .transform(d => ({
4361
- list_id: d.listId,
4362
- label: d.label,
4363
- list_type: d.listType,
4364
- ip_addresses: d.ipAddresses,
4365
- enabled: d.enabled,
4366
- }));
4367
-
4368
- export const marshalUpdateAccountIpAccessListRequestSchema: z.ZodType = z
4369
- .object({
4370
- accountId: z.string().optional(),
4371
- listId: z.string().optional(),
4372
- label: z.string().optional(),
4373
- listType: z.enum(AccountIpAccessListType_IpAccessListType).optional(),
4374
- ipAddresses: z.array(z.string()).optional(),
4375
- enabled: z.boolean().optional(),
4376
- })
4377
- .transform(d => ({
4378
- account_id: d.accountId,
4379
- list_id: d.listId,
4380
- label: d.label,
4381
- list_type: d.listType,
4382
- ip_addresses: d.ipAddresses,
4383
- enabled: d.enabled,
4384
- }));
4385
-
4386
- export const marshalUpdateIpAccessListSchema: z.ZodType = z
4387
- .object({
4388
- listId: z.string().optional(),
4389
- label: z.string().optional(),
4390
- listType: z.enum(IpAccessListType).optional(),
4391
- ipAddresses: z.array(z.string()).optional(),
4392
- enabled: z.boolean().optional(),
4393
- })
4394
- .transform(d => ({
4395
- list_id: d.listId,
4396
- label: d.label,
4397
- list_type: d.listType,
4398
- ip_addresses: d.ipAddresses,
4399
- enabled: d.enabled,
4400
- }));
4401
-
4402
- export const marshalUpdatePrivateEndpointRuleSchema: z.ZodType = z
4403
- .object({
4404
- ruleId: z.string().optional(),
4405
- networkConnectivityConfigId: z.string().optional(),
4406
- connectionState: z
4407
- .enum(NccPrivateEndpointRule_PrivateLinkConnectionState)
4408
- .optional(),
4409
- domainNames: z.array(z.string()).optional(),
4410
- creationTime: z.bigint().optional(),
4411
- updatedTime: z.bigint().optional(),
4412
- deactivated: z.boolean().optional(),
4413
- deactivatedAt: z.bigint().optional(),
4414
- errorMessage: z.string().optional(),
4415
- resourceId: z.string().optional(),
4416
- groupId: z.string().optional(),
4417
- endpointName: z.string().optional(),
4418
- accountId: z.string().optional(),
4419
- endpointService: z.string().optional(),
4420
- resourceNames: z.array(z.string()).optional(),
4421
- vpcEndpointId: z.string().optional(),
4422
- enabled: z.boolean().optional(),
4423
- endpoint: z
4424
- .discriminatedUnion('$case', [
4425
- z.object({
4426
- $case: z.literal('gcpEndpoint'),
4427
- gcpEndpoint: z.lazy(() => marshalGcpEndpointSchema),
4428
- }),
4429
- ])
4430
- .optional(),
4431
- })
4432
- .transform(d => ({
4433
- rule_id: d.ruleId,
4434
- network_connectivity_config_id: d.networkConnectivityConfigId,
4435
- connection_state: d.connectionState,
4436
- domain_names: d.domainNames,
4437
- creation_time: d.creationTime,
4438
- updated_time: d.updatedTime,
4439
- deactivated: d.deactivated,
4440
- deactivated_at: d.deactivatedAt,
4441
- error_message: d.errorMessage,
4442
- resource_id: d.resourceId,
4443
- group_id: d.groupId,
4444
- endpoint_name: d.endpointName,
4445
- account_id: d.accountId,
4446
- endpoint_service: d.endpointService,
4447
- resource_names: d.resourceNames,
4448
- vpc_endpoint_id: d.vpcEndpointId,
4449
- enabled: d.enabled,
4450
- ...(d.endpoint?.$case === 'gcpEndpoint' && {
4451
- gcp_endpoint: d.endpoint.gcpEndpoint,
4452
- }),
4453
- }));
4454
-
4455
- export const marshalWorkspaceNetworkOptionSchema: z.ZodType = z
4456
- .object({
4457
- networkPolicyId: z.string().optional(),
4458
- workspaceId: z.bigint().optional(),
4459
- })
4460
- .transform(d => ({
4461
- network_policy_id: d.networkPolicyId,
4462
- workspace_id: d.workspaceId,
4463
- }));
4464
-
4465
- const gcpEndpointFieldMaskSchema: FieldMaskSchema = {
4466
- pscEndpointUri: {wire: 'psc_endpoint_uri'},
4467
- serviceAttachment: {wire: 'service_attachment'},
4468
- };
4469
-
4470
- const updatePrivateEndpointRuleFieldMaskSchema: FieldMaskSchema = {
4471
- accountId: {wire: 'account_id'},
4472
- connectionState: {wire: 'connection_state'},
4473
- creationTime: {wire: 'creation_time'},
4474
- deactivated: {wire: 'deactivated'},
4475
- deactivatedAt: {wire: 'deactivated_at'},
4476
- domainNames: {wire: 'domain_names'},
4477
- enabled: {wire: 'enabled'},
4478
- endpointName: {wire: 'endpoint_name'},
4479
- endpointService: {wire: 'endpoint_service'},
4480
- errorMessage: {wire: 'error_message'},
4481
- gcpEndpoint: {
4482
- wire: 'gcp_endpoint',
4483
- children: () => gcpEndpointFieldMaskSchema,
4484
- },
4485
- groupId: {wire: 'group_id'},
4486
- networkConnectivityConfigId: {wire: 'network_connectivity_config_id'},
4487
- resourceId: {wire: 'resource_id'},
4488
- resourceNames: {wire: 'resource_names'},
4489
- ruleId: {wire: 'rule_id'},
4490
- updatedTime: {wire: 'updated_time'},
4491
- vpcEndpointId: {wire: 'vpc_endpoint_id'},
4492
- };
4493
-
4494
- export function updatePrivateEndpointRuleFieldMask(
4495
- ...paths: string[]
4496
- ): FieldMask<UpdatePrivateEndpointRule> {
4497
- return FieldMask.build<UpdatePrivateEndpointRule>(
4498
- paths,
4499
- updatePrivateEndpointRuleFieldMaskSchema
4500
- );
4501
- }