@pulumi/gcp 6.10.0 → 6.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cloudbuild/workerPool.d.ts +0 -2
- package/cloudbuild/workerPool.js +0 -2
- package/cloudbuild/workerPool.js.map +1 -1
- package/cloudfunctions/function.d.ts +24 -0
- package/cloudfunctions/function.js +4 -0
- package/cloudfunctions/function.js.map +1 -1
- package/cloudfunctions/getFunction.d.ts +2 -0
- package/cloudfunctions/getFunction.js.map +1 -1
- package/compute/backendService.d.ts +1 -5
- package/compute/backendService.js +1 -5
- package/compute/backendService.js.map +1 -1
- package/compute/backendServiceIamBinding.d.ts +54 -0
- package/compute/backendServiceIamBinding.js +65 -0
- package/compute/backendServiceIamBinding.js.map +1 -0
- package/compute/backendServiceIamMember.d.ts +54 -0
- package/compute/backendServiceIamMember.js +65 -0
- package/compute/backendServiceIamMember.js.map +1 -0
- package/compute/backendServiceIamPolicy.d.ts +47 -0
- package/compute/backendServiceIamPolicy.js +58 -0
- package/compute/backendServiceIamPolicy.js.map +1 -0
- package/compute/getInstanceTemplate.d.ts +5 -5
- package/compute/getInstanceTemplate.js +1 -0
- package/compute/getInstanceTemplate.js.map +1 -1
- package/compute/globalForwardingRule.d.ts +51 -4
- package/compute/globalForwardingRule.js +39 -1
- package/compute/globalForwardingRule.js.map +1 -1
- package/compute/index.d.ts +3 -0
- package/compute/index.js +15 -0
- package/compute/index.js.map +1 -1
- package/compute/regionNetworkEndpointGroup.d.ts +24 -9
- package/compute/regionNetworkEndpointGroup.js +2 -0
- package/compute/regionNetworkEndpointGroup.js.map +1 -1
- package/container/cluster.d.ts +1 -1
- package/container/cluster.js +1 -1
- package/package.json +2 -2
- package/package.json.dev +2 -2
- package/servicenetworking/connection.d.ts +6 -0
- package/servicenetworking/connection.js.map +1 -1
- package/storage/bucket.d.ts +9 -0
- package/storage/bucket.js.map +1 -1
- package/types/input.d.ts +223 -33
- package/types/output.d.ts +245 -33
- package/vpcaccess/connector.d.ts +3 -3
package/types/output.d.ts
CHANGED
|
@@ -5548,6 +5548,52 @@ export declare namespace cloudfunctions {
|
|
|
5548
5548
|
expression: string;
|
|
5549
5549
|
title: string;
|
|
5550
5550
|
}
|
|
5551
|
+
interface FunctionSecretEnvironmentVariable {
|
|
5552
|
+
/**
|
|
5553
|
+
* Name of the environment variable.
|
|
5554
|
+
*/
|
|
5555
|
+
key: string;
|
|
5556
|
+
/**
|
|
5557
|
+
* Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
|
|
5558
|
+
*/
|
|
5559
|
+
projectId: string;
|
|
5560
|
+
/**
|
|
5561
|
+
* ID of the secret in secret manager (not the full resource name).
|
|
5562
|
+
*/
|
|
5563
|
+
secret: string;
|
|
5564
|
+
/**
|
|
5565
|
+
* Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
|
|
5566
|
+
*/
|
|
5567
|
+
version: string;
|
|
5568
|
+
}
|
|
5569
|
+
interface FunctionSecretVolume {
|
|
5570
|
+
/**
|
|
5571
|
+
* The path within the container to mount the secret volume. For example, setting the mountPath as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
|
|
5572
|
+
*/
|
|
5573
|
+
mountPath: string;
|
|
5574
|
+
/**
|
|
5575
|
+
* Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
|
|
5576
|
+
*/
|
|
5577
|
+
projectId: string;
|
|
5578
|
+
/**
|
|
5579
|
+
* ID of the secret in secret manager (not the full resource name).
|
|
5580
|
+
*/
|
|
5581
|
+
secret: string;
|
|
5582
|
+
/**
|
|
5583
|
+
* List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
|
|
5584
|
+
*/
|
|
5585
|
+
versions?: outputs.cloudfunctions.FunctionSecretVolumeVersion[];
|
|
5586
|
+
}
|
|
5587
|
+
interface FunctionSecretVolumeVersion {
|
|
5588
|
+
/**
|
|
5589
|
+
* Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
|
|
5590
|
+
*/
|
|
5591
|
+
path: string;
|
|
5592
|
+
/**
|
|
5593
|
+
* Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
|
|
5594
|
+
*/
|
|
5595
|
+
version: string;
|
|
5596
|
+
}
|
|
5551
5597
|
interface FunctionSourceRepository {
|
|
5552
5598
|
deployedUrl: string;
|
|
5553
5599
|
/**
|
|
@@ -5577,6 +5623,22 @@ export declare namespace cloudfunctions {
|
|
|
5577
5623
|
*/
|
|
5578
5624
|
retry: boolean;
|
|
5579
5625
|
}
|
|
5626
|
+
interface GetFunctionSecretEnvironmentVariable {
|
|
5627
|
+
key: string;
|
|
5628
|
+
projectId: string;
|
|
5629
|
+
secret: string;
|
|
5630
|
+
version: string;
|
|
5631
|
+
}
|
|
5632
|
+
interface GetFunctionSecretVolume {
|
|
5633
|
+
mountPath: string;
|
|
5634
|
+
projectId: string;
|
|
5635
|
+
secret: string;
|
|
5636
|
+
versions: outputs.cloudfunctions.GetFunctionSecretVolumeVersion[];
|
|
5637
|
+
}
|
|
5638
|
+
interface GetFunctionSecretVolumeVersion {
|
|
5639
|
+
path: string;
|
|
5640
|
+
version: string;
|
|
5641
|
+
}
|
|
5580
5642
|
interface GetFunctionSourceRepository {
|
|
5581
5643
|
deployedUrl: string;
|
|
5582
5644
|
/**
|
|
@@ -6349,15 +6411,15 @@ export declare namespace cloudrun {
|
|
|
6349
6411
|
}
|
|
6350
6412
|
interface ServiceTemplateSpecContainerPort {
|
|
6351
6413
|
/**
|
|
6352
|
-
* Port number.
|
|
6414
|
+
* Port number the container listens on. This must be a valid port number, 0 < x < 65536.
|
|
6353
6415
|
*/
|
|
6354
|
-
containerPort
|
|
6416
|
+
containerPort?: number;
|
|
6355
6417
|
/**
|
|
6356
6418
|
* Volume's name.
|
|
6357
6419
|
*/
|
|
6358
6420
|
name: string;
|
|
6359
6421
|
/**
|
|
6360
|
-
* Protocol
|
|
6422
|
+
* Protocol for port. Must be "TCP". Defaults to "TCP".
|
|
6361
6423
|
*/
|
|
6362
6424
|
protocol?: string;
|
|
6363
6425
|
}
|
|
@@ -7785,6 +7847,16 @@ export declare namespace compute {
|
|
|
7785
7847
|
*/
|
|
7786
7848
|
seconds: number;
|
|
7787
7849
|
}
|
|
7850
|
+
interface BackendServiceIamBindingCondition {
|
|
7851
|
+
description?: string;
|
|
7852
|
+
expression: string;
|
|
7853
|
+
title: string;
|
|
7854
|
+
}
|
|
7855
|
+
interface BackendServiceIamMemberCondition {
|
|
7856
|
+
description?: string;
|
|
7857
|
+
expression: string;
|
|
7858
|
+
title: string;
|
|
7859
|
+
}
|
|
7788
7860
|
interface BackendServiceIap {
|
|
7789
7861
|
/**
|
|
7790
7862
|
* OAuth2 Client ID for IAP
|
|
@@ -7916,7 +7988,17 @@ export declare namespace compute {
|
|
|
7916
7988
|
seconds: number;
|
|
7917
7989
|
}
|
|
7918
7990
|
interface BackendServiceSecuritySettings {
|
|
7991
|
+
/**
|
|
7992
|
+
* ClientTlsPolicy is a resource that specifies how a client should authenticate
|
|
7993
|
+
* connections to backends of a service. This resource itself does not affect
|
|
7994
|
+
* configuration unless it is attached to a backend service resource.
|
|
7995
|
+
*/
|
|
7919
7996
|
clientTlsPolicy: string;
|
|
7997
|
+
/**
|
|
7998
|
+
* A list of alternate names to verify the subject identity in the certificate.
|
|
7999
|
+
* If specified, the client will verify that the server certificate's subject
|
|
8000
|
+
* alt name matches one of the specified values.
|
|
8001
|
+
*/
|
|
7920
8002
|
subjectAltNames: string[];
|
|
7921
8003
|
}
|
|
7922
8004
|
interface DiskDiskEncryptionKey {
|
|
@@ -11792,18 +11874,15 @@ export declare namespace compute {
|
|
|
11792
11874
|
*/
|
|
11793
11875
|
service?: string;
|
|
11794
11876
|
/**
|
|
11795
|
-
* A template to parse
|
|
11796
|
-
*
|
|
11797
|
-
*
|
|
11798
|
-
*
|
|
11799
|
-
* can be backed by the same Serverless NEG with URL mask "/". The URL mask
|
|
11800
|
-
* will parse them to { function = "function1" } and { function = "function2" } respectively.
|
|
11877
|
+
* A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
|
|
11878
|
+
* on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
|
|
11879
|
+
* The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
|
|
11880
|
+
* App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
|
|
11801
11881
|
*/
|
|
11802
11882
|
urlMask?: string;
|
|
11803
11883
|
/**
|
|
11804
|
-
*
|
|
11805
|
-
* The version
|
|
11806
|
-
* Example value: "v1", "v2".
|
|
11884
|
+
* The optional resource version. The version identified by this value is platform-specific and is follows:
|
|
11885
|
+
* API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag
|
|
11807
11886
|
*/
|
|
11808
11887
|
version?: string;
|
|
11809
11888
|
}
|
|
@@ -11815,12 +11894,10 @@ export declare namespace compute {
|
|
|
11815
11894
|
*/
|
|
11816
11895
|
function?: string;
|
|
11817
11896
|
/**
|
|
11818
|
-
* A template to parse
|
|
11819
|
-
*
|
|
11820
|
-
*
|
|
11821
|
-
*
|
|
11822
|
-
* can be backed by the same Serverless NEG with URL mask "/". The URL mask
|
|
11823
|
-
* will parse them to { function = "function1" } and { function = "function2" } respectively.
|
|
11897
|
+
* A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
|
|
11898
|
+
* on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
|
|
11899
|
+
* The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
|
|
11900
|
+
* App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
|
|
11824
11901
|
*/
|
|
11825
11902
|
urlMask?: string;
|
|
11826
11903
|
}
|
|
@@ -11839,15 +11916,38 @@ export declare namespace compute {
|
|
|
11839
11916
|
*/
|
|
11840
11917
|
tag?: string;
|
|
11841
11918
|
/**
|
|
11842
|
-
* A template to parse
|
|
11843
|
-
*
|
|
11844
|
-
*
|
|
11845
|
-
*
|
|
11846
|
-
* can be backed by the same Serverless NEG with URL mask "/". The URL mask
|
|
11847
|
-
* will parse them to { function = "function1" } and { function = "function2" } respectively.
|
|
11919
|
+
* A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
|
|
11920
|
+
* on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
|
|
11921
|
+
* The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
|
|
11922
|
+
* App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
|
|
11848
11923
|
*/
|
|
11849
11924
|
urlMask?: string;
|
|
11850
11925
|
}
|
|
11926
|
+
interface RegionNetworkEndpointGroupServerlessDeployment {
|
|
11927
|
+
/**
|
|
11928
|
+
* The platform of the NEG backend target(s). Possible values:
|
|
11929
|
+
* API Gateway: apigateway.googleapis.com
|
|
11930
|
+
*/
|
|
11931
|
+
platform: string;
|
|
11932
|
+
/**
|
|
11933
|
+
* The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask.
|
|
11934
|
+
* The resource identified by this value is platform-specific and is as follows: API Gateway: The gateway ID, App Engine: The service name,
|
|
11935
|
+
* Cloud Functions: The function name, Cloud Run: The service name
|
|
11936
|
+
*/
|
|
11937
|
+
resource?: string;
|
|
11938
|
+
/**
|
|
11939
|
+
* A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
|
|
11940
|
+
* on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
|
|
11941
|
+
* The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
|
|
11942
|
+
* App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
|
|
11943
|
+
*/
|
|
11944
|
+
urlMask: string;
|
|
11945
|
+
/**
|
|
11946
|
+
* The optional resource version. The version identified by this value is platform-specific and is follows:
|
|
11947
|
+
* API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag
|
|
11948
|
+
*/
|
|
11949
|
+
version?: string;
|
|
11950
|
+
}
|
|
11851
11951
|
interface RegionPerInstanceConfigPreservedState {
|
|
11852
11952
|
/**
|
|
11853
11953
|
* Stateful disks for the instance.
|
|
@@ -13541,6 +13641,8 @@ export declare namespace compute {
|
|
|
13541
13641
|
* Action to take when `match` matches the request. Valid values:
|
|
13542
13642
|
* * "allow" : allow access to target
|
|
13543
13643
|
* * "deny(status)" : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502)
|
|
13644
|
+
* * "rateBasedBan" : limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
|
|
13645
|
+
* * "threshold" : limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
|
|
13544
13646
|
*/
|
|
13545
13647
|
action: string;
|
|
13546
13648
|
/**
|
|
@@ -13562,6 +13664,11 @@ export declare namespace compute {
|
|
|
13562
13664
|
* Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
|
|
13563
13665
|
*/
|
|
13564
13666
|
priority: number;
|
|
13667
|
+
/**
|
|
13668
|
+
* )
|
|
13669
|
+
* Must be specified if the `action` is "rateBasedBad" or "throttle". Cannot be specified for other actions. Structure is documented below.
|
|
13670
|
+
*/
|
|
13671
|
+
rateLimitOptions?: outputs.compute.SecurityPolicyRuleRateLimitOptions;
|
|
13565
13672
|
}
|
|
13566
13673
|
interface SecurityPolicyRuleMatch {
|
|
13567
13674
|
/**
|
|
@@ -13598,6 +13705,66 @@ export declare namespace compute {
|
|
|
13598
13705
|
*/
|
|
13599
13706
|
expression: string;
|
|
13600
13707
|
}
|
|
13708
|
+
interface SecurityPolicyRuleRateLimitOptions {
|
|
13709
|
+
/**
|
|
13710
|
+
* Can only be specified if the `action` for the rule is "rateBasedBan".
|
|
13711
|
+
* If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
|
|
13712
|
+
*/
|
|
13713
|
+
banDurationSec?: number;
|
|
13714
|
+
/**
|
|
13715
|
+
* Can only be specified if the `action` for the rule is "rateBasedBan".
|
|
13716
|
+
* If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also
|
|
13717
|
+
* exceed this 'ban_threshold'. Structure is documented below.
|
|
13718
|
+
*/
|
|
13719
|
+
banThreshold?: outputs.compute.SecurityPolicyRuleRateLimitOptionsBanThreshold;
|
|
13720
|
+
/**
|
|
13721
|
+
* Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
|
|
13722
|
+
*/
|
|
13723
|
+
conformAction: string;
|
|
13724
|
+
/**
|
|
13725
|
+
* Determines the key to enforce the rateLimitThreshold on.
|
|
13726
|
+
* Possible values incude "ALL", "ALL_IPS", "HTTP_HEADER", "IP", "XFF_IP". If not specified, defaults to "ALL".
|
|
13727
|
+
*/
|
|
13728
|
+
enforceOnKey?: string;
|
|
13729
|
+
/**
|
|
13730
|
+
* Rate limit key name applicable only for HTTP_HEADER key types. Name of the HTTP header whose value is taken as the key value.
|
|
13731
|
+
*/
|
|
13732
|
+
enforceOnKeyName?: string;
|
|
13733
|
+
/**
|
|
13734
|
+
* When a request is denied, returns the HTTP response code specified.
|
|
13735
|
+
* Valid options are "deny()" where valid values for status are 403, 404, 429, and 502.
|
|
13736
|
+
*/
|
|
13737
|
+
exceedAction: string;
|
|
13738
|
+
exceedRedirectOptions?: outputs.compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptions;
|
|
13739
|
+
/**
|
|
13740
|
+
* Threshold at which to begin ratelimiting. Structure is documented below.
|
|
13741
|
+
*/
|
|
13742
|
+
rateLimitThreshold: outputs.compute.SecurityPolicyRuleRateLimitOptionsRateLimitThreshold;
|
|
13743
|
+
}
|
|
13744
|
+
interface SecurityPolicyRuleRateLimitOptionsBanThreshold {
|
|
13745
|
+
/**
|
|
13746
|
+
* Number of HTTP(S) requests for calculating the threshold.
|
|
13747
|
+
*/
|
|
13748
|
+
count: number;
|
|
13749
|
+
/**
|
|
13750
|
+
* Interval over which the threshold is computed.
|
|
13751
|
+
*/
|
|
13752
|
+
intervalSec: number;
|
|
13753
|
+
}
|
|
13754
|
+
interface SecurityPolicyRuleRateLimitOptionsExceedRedirectOptions {
|
|
13755
|
+
target?: string;
|
|
13756
|
+
type: string;
|
|
13757
|
+
}
|
|
13758
|
+
interface SecurityPolicyRuleRateLimitOptionsRateLimitThreshold {
|
|
13759
|
+
/**
|
|
13760
|
+
* Number of HTTP(S) requests for calculating the threshold.
|
|
13761
|
+
*/
|
|
13762
|
+
count: number;
|
|
13763
|
+
/**
|
|
13764
|
+
* Interval over which the threshold is computed.
|
|
13765
|
+
*/
|
|
13766
|
+
intervalSec: number;
|
|
13767
|
+
}
|
|
13601
13768
|
interface SecurityScanConfigAuthentication {
|
|
13602
13769
|
/**
|
|
13603
13770
|
* Describes authentication configuration that uses a custom account.
|
|
@@ -16119,6 +16286,12 @@ export declare namespace container {
|
|
|
16119
16286
|
* Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set `enabled = true` to enable.
|
|
16120
16287
|
*/
|
|
16121
16288
|
gcePersistentDiskCsiDriverConfig: outputs.container.ClusterAddonsConfigGcePersistentDiskCsiDriverConfig;
|
|
16289
|
+
/**
|
|
16290
|
+
* The status of the Filestore CSI driver addon,
|
|
16291
|
+
* which allows the usage of filestore instance as volumes.
|
|
16292
|
+
* It is disbaled by default; set `enabled = true` to enable.
|
|
16293
|
+
*/
|
|
16294
|
+
gcpFilestoreCsiDriverConfig: outputs.container.ClusterAddonsConfigGcpFilestoreCsiDriverConfig;
|
|
16122
16295
|
/**
|
|
16123
16296
|
* The status of the Horizontal Pod Autoscaling
|
|
16124
16297
|
* addon, which increases or decreases the number of replica pods a replication controller
|
|
@@ -16186,6 +16359,13 @@ export declare namespace container {
|
|
|
16186
16359
|
*/
|
|
16187
16360
|
enabled: boolean;
|
|
16188
16361
|
}
|
|
16362
|
+
interface ClusterAddonsConfigGcpFilestoreCsiDriverConfig {
|
|
16363
|
+
/**
|
|
16364
|
+
* Enable the PodSecurityPolicy controller for this cluster.
|
|
16365
|
+
* If enabled, pods must be valid under a PodSecurityPolicy to be created.
|
|
16366
|
+
*/
|
|
16367
|
+
enabled: boolean;
|
|
16368
|
+
}
|
|
16189
16369
|
interface ClusterAddonsConfigHorizontalPodAutoscaling {
|
|
16190
16370
|
/**
|
|
16191
16371
|
* The status of the Istio addon, which makes it easy to set up Istio for services in a
|
|
@@ -16258,6 +16438,11 @@ export declare namespace container {
|
|
|
16258
16438
|
resourceLimits?: outputs.container.ClusterClusterAutoscalingResourceLimit[];
|
|
16259
16439
|
}
|
|
16260
16440
|
interface ClusterClusterAutoscalingAutoProvisioningDefaults {
|
|
16441
|
+
/**
|
|
16442
|
+
* The image type to use for this node. Note that changing the image type
|
|
16443
|
+
* will delete and recreate all nodes in the node pool.
|
|
16444
|
+
*/
|
|
16445
|
+
imageType?: string;
|
|
16261
16446
|
/**
|
|
16262
16447
|
* Minimum CPU platform to be used by this instance.
|
|
16263
16448
|
* The instance may be scheduled on the specified or newer CPU platform. Applicable
|
|
@@ -16461,7 +16646,7 @@ export declare namespace container {
|
|
|
16461
16646
|
}
|
|
16462
16647
|
interface ClusterNodeConfig {
|
|
16463
16648
|
/**
|
|
16464
|
-
* The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
|
|
16649
|
+
* The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: <https://cloud.google.com/compute/docs/disks/customer-managed-encryption>
|
|
16465
16650
|
*/
|
|
16466
16651
|
bootDiskKmsKey?: string;
|
|
16467
16652
|
/**
|
|
@@ -16560,8 +16745,7 @@ export declare namespace container {
|
|
|
16560
16745
|
*/
|
|
16561
16746
|
preemptible?: boolean;
|
|
16562
16747
|
/**
|
|
16563
|
-
*
|
|
16564
|
-
* >>>>>>> v4.3.0
|
|
16748
|
+
* [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `imageType = "COS_CONTAINERD"` and `nodeVersion = "1.12.7-gke.17"` or later to use it.
|
|
16565
16749
|
* Structure is documented below.
|
|
16566
16750
|
*/
|
|
16567
16751
|
sandboxConfig?: outputs.container.ClusterNodeConfigSandboxConfig;
|
|
@@ -16769,7 +16953,7 @@ export declare namespace container {
|
|
|
16769
16953
|
}
|
|
16770
16954
|
interface ClusterNodePoolNodeConfig {
|
|
16771
16955
|
/**
|
|
16772
|
-
* The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
|
|
16956
|
+
* The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: <https://cloud.google.com/compute/docs/disks/customer-managed-encryption>
|
|
16773
16957
|
*/
|
|
16774
16958
|
bootDiskKmsKey?: string;
|
|
16775
16959
|
/**
|
|
@@ -16868,8 +17052,7 @@ export declare namespace container {
|
|
|
16868
17052
|
*/
|
|
16869
17053
|
preemptible?: boolean;
|
|
16870
17054
|
/**
|
|
16871
|
-
*
|
|
16872
|
-
* >>>>>>> v4.3.0
|
|
17055
|
+
* [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `imageType = "COS_CONTAINERD"` and `nodeVersion = "1.12.7-gke.17"` or later to use it.
|
|
16873
17056
|
* Structure is documented below.
|
|
16874
17057
|
*/
|
|
16875
17058
|
sandboxConfig?: outputs.container.ClusterNodePoolNodeConfigSandboxConfig;
|
|
@@ -17138,6 +17321,7 @@ export declare namespace container {
|
|
|
17138
17321
|
configConnectorConfigs: outputs.container.GetClusterAddonsConfigConfigConnectorConfig[];
|
|
17139
17322
|
dnsCacheConfigs: outputs.container.GetClusterAddonsConfigDnsCacheConfig[];
|
|
17140
17323
|
gcePersistentDiskCsiDriverConfigs: outputs.container.GetClusterAddonsConfigGcePersistentDiskCsiDriverConfig[];
|
|
17324
|
+
gcpFilestoreCsiDriverConfigs: outputs.container.GetClusterAddonsConfigGcpFilestoreCsiDriverConfig[];
|
|
17141
17325
|
horizontalPodAutoscalings: outputs.container.GetClusterAddonsConfigHorizontalPodAutoscaling[];
|
|
17142
17326
|
httpLoadBalancings: outputs.container.GetClusterAddonsConfigHttpLoadBalancing[];
|
|
17143
17327
|
istioConfigs: outputs.container.GetClusterAddonsConfigIstioConfig[];
|
|
@@ -17157,6 +17341,9 @@ export declare namespace container {
|
|
|
17157
17341
|
interface GetClusterAddonsConfigGcePersistentDiskCsiDriverConfig {
|
|
17158
17342
|
enabled: boolean;
|
|
17159
17343
|
}
|
|
17344
|
+
interface GetClusterAddonsConfigGcpFilestoreCsiDriverConfig {
|
|
17345
|
+
enabled: boolean;
|
|
17346
|
+
}
|
|
17160
17347
|
interface GetClusterAddonsConfigHorizontalPodAutoscaling {
|
|
17161
17348
|
disabled: boolean;
|
|
17162
17349
|
}
|
|
@@ -17183,6 +17370,7 @@ export declare namespace container {
|
|
|
17183
17370
|
resourceLimits: outputs.container.GetClusterClusterAutoscalingResourceLimit[];
|
|
17184
17371
|
}
|
|
17185
17372
|
interface GetClusterClusterAutoscalingAutoProvisioningDefault {
|
|
17373
|
+
imageType: string;
|
|
17186
17374
|
minCpuPlatform: string;
|
|
17187
17375
|
oauthScopes: string[];
|
|
17188
17376
|
serviceAccount: string;
|
|
@@ -28241,6 +28429,10 @@ export declare namespace spanner {
|
|
|
28241
28429
|
}
|
|
28242
28430
|
export declare namespace sql {
|
|
28243
28431
|
interface DatabaseInstanceClone {
|
|
28432
|
+
/**
|
|
28433
|
+
* The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression a-z?.
|
|
28434
|
+
*/
|
|
28435
|
+
allocatedIpRange?: string;
|
|
28244
28436
|
/**
|
|
28245
28437
|
* The timestamp of the point in time that should be restored.
|
|
28246
28438
|
*/
|
|
@@ -28394,8 +28586,7 @@ export declare namespace sql {
|
|
|
28394
28586
|
*/
|
|
28395
28587
|
backupRetentionSettings: outputs.sql.DatabaseInstanceSettingsBackupConfigurationBackupRetentionSettings;
|
|
28396
28588
|
/**
|
|
28397
|
-
* True if binary logging is enabled.
|
|
28398
|
-
* `settings.backup_configuration.enabled` is false, this must be as well.
|
|
28589
|
+
* True if binary logging is enabled.
|
|
28399
28590
|
* Cannot be used with Postgres.
|
|
28400
28591
|
*/
|
|
28401
28592
|
binaryLogEnabled?: boolean;
|
|
@@ -28464,7 +28655,7 @@ export declare namespace sql {
|
|
|
28464
28655
|
}
|
|
28465
28656
|
interface DatabaseInstanceSettingsIpConfiguration {
|
|
28466
28657
|
/**
|
|
28467
|
-
* The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://
|
|
28658
|
+
* The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression a-z?.
|
|
28468
28659
|
*/
|
|
28469
28660
|
allocatedIpRange?: string;
|
|
28470
28661
|
authorizedNetworks?: outputs.sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetwork[];
|
|
@@ -28554,6 +28745,7 @@ export declare namespace sql {
|
|
|
28554
28745
|
sha1Fingerprint: string;
|
|
28555
28746
|
}
|
|
28556
28747
|
interface GetDatabaseInstanceClone {
|
|
28748
|
+
allocatedIpRange: string;
|
|
28557
28749
|
pointInTime: string;
|
|
28558
28750
|
sourceInstanceName: string;
|
|
28559
28751
|
}
|
|
@@ -28963,6 +29155,14 @@ export declare namespace storage {
|
|
|
28963
29155
|
* Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' `lastModificationTime` do not exclude objects in a data sink. Structure documented below.
|
|
28964
29156
|
*/
|
|
28965
29157
|
objectConditions?: outputs.storage.TransferJobTransferSpecObjectConditions;
|
|
29158
|
+
/**
|
|
29159
|
+
* A POSIX data sink. Structure documented below.
|
|
29160
|
+
*/
|
|
29161
|
+
posixDataSink?: outputs.storage.TransferJobTransferSpecPosixDataSink;
|
|
29162
|
+
/**
|
|
29163
|
+
* A POSIX filesystem data source. Structure documented below.
|
|
29164
|
+
*/
|
|
29165
|
+
posixDataSource?: outputs.storage.TransferJobTransferSpecPosixDataSource;
|
|
28966
29166
|
/**
|
|
28967
29167
|
* Characteristics of how to treat files from datasource and sink during job. If the option `deleteObjectsUniqueInSink` is true, object conditions based on objects' `lastModificationTime` are ignored and do not exclude objects in a data source or a data sink. Structure documented below.
|
|
28968
29168
|
*/
|
|
@@ -29060,6 +29260,18 @@ export declare namespace storage {
|
|
|
29060
29260
|
*/
|
|
29061
29261
|
minTimeElapsedSinceLastModification?: string;
|
|
29062
29262
|
}
|
|
29263
|
+
interface TransferJobTransferSpecPosixDataSink {
|
|
29264
|
+
/**
|
|
29265
|
+
* Root directory path to the filesystem.
|
|
29266
|
+
*/
|
|
29267
|
+
rootDirectory: string;
|
|
29268
|
+
}
|
|
29269
|
+
interface TransferJobTransferSpecPosixDataSource {
|
|
29270
|
+
/**
|
|
29271
|
+
* Root directory path to the filesystem.
|
|
29272
|
+
*/
|
|
29273
|
+
rootDirectory: string;
|
|
29274
|
+
}
|
|
29063
29275
|
interface TransferJobTransferSpecTransferOptions {
|
|
29064
29276
|
/**
|
|
29065
29277
|
* Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and `deleteObjectsUniqueInSink` are mutually exclusive.
|
package/vpcaccess/connector.d.ts
CHANGED
|
@@ -182,7 +182,7 @@ export declare class Connector extends pulumi.CustomResource {
|
|
|
182
182
|
*/
|
|
183
183
|
readonly name: pulumi.Output<string>;
|
|
184
184
|
/**
|
|
185
|
-
* Name of the VPC network. Required if `ipCidrRange` is set.
|
|
185
|
+
* Name or selfLink of the VPC network. Required if `ipCidrRange` is set.
|
|
186
186
|
*/
|
|
187
187
|
readonly network: pulumi.Output<string | undefined>;
|
|
188
188
|
/**
|
|
@@ -250,7 +250,7 @@ export interface ConnectorState {
|
|
|
250
250
|
*/
|
|
251
251
|
name?: pulumi.Input<string>;
|
|
252
252
|
/**
|
|
253
|
-
* Name of the VPC network. Required if `ipCidrRange` is set.
|
|
253
|
+
* Name or selfLink of the VPC network. Required if `ipCidrRange` is set.
|
|
254
254
|
*/
|
|
255
255
|
network?: pulumi.Input<string>;
|
|
256
256
|
/**
|
|
@@ -310,7 +310,7 @@ export interface ConnectorArgs {
|
|
|
310
310
|
*/
|
|
311
311
|
name?: pulumi.Input<string>;
|
|
312
312
|
/**
|
|
313
|
-
* Name of the VPC network. Required if `ipCidrRange` is set.
|
|
313
|
+
* Name or selfLink of the VPC network. Required if `ipCidrRange` is set.
|
|
314
314
|
*/
|
|
315
315
|
network?: pulumi.Input<string>;
|
|
316
316
|
/**
|