@pulumi/gcp 6.44.0 → 6.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (164) hide show
  1. package/alloydb/instance.d.ts +3 -0
  2. package/alloydb/instance.js +3 -0
  3. package/alloydb/instance.js.map +1 -1
  4. package/bigtable/gcpolicy.d.ts +58 -32
  5. package/bigtable/gcpolicy.js +45 -32
  6. package/bigtable/gcpolicy.js.map +1 -1
  7. package/bigtable/instance.d.ts +6 -3
  8. package/bigtable/instance.js.map +1 -1
  9. package/certificateauthority/authority.d.ts +3 -2
  10. package/certificateauthority/authority.js +3 -2
  11. package/certificateauthority/authority.js.map +1 -1
  12. package/certificateauthority/certificate.d.ts +12 -5
  13. package/certificateauthority/certificate.js +12 -5
  14. package/certificateauthority/certificate.js.map +1 -1
  15. package/cloudrunv2/index.d.ts +6 -0
  16. package/cloudrunv2/index.js +27 -0
  17. package/cloudrunv2/index.js.map +1 -0
  18. package/cloudrunv2/job.d.ts +501 -0
  19. package/cloudrunv2/job.js +321 -0
  20. package/cloudrunv2/job.js.map +1 -0
  21. package/cloudrunv2/service.d.ts +574 -0
  22. package/cloudrunv2/service.js +334 -0
  23. package/cloudrunv2/service.js.map +1 -0
  24. package/compute/backendService.d.ts +19 -0
  25. package/compute/backendService.js +19 -0
  26. package/compute/backendService.js.map +1 -1
  27. package/compute/forwardingRule.d.ts +21 -30
  28. package/compute/forwardingRule.js.map +1 -1
  29. package/compute/instanceGroupManager.d.ts +27 -0
  30. package/compute/instanceGroupManager.js +2 -0
  31. package/compute/instanceGroupManager.js.map +1 -1
  32. package/compute/regionInstanceGroupManager.d.ts +27 -0
  33. package/compute/regionInstanceGroupManager.js +2 -0
  34. package/compute/regionInstanceGroupManager.js.map +1 -1
  35. package/compute/routerInterface.d.ts +52 -31
  36. package/compute/routerInterface.js +4 -0
  37. package/compute/routerInterface.js.map +1 -1
  38. package/compute/securityPolicy.d.ts +83 -0
  39. package/compute/securityPolicy.js +73 -0
  40. package/compute/securityPolicy.js.map +1 -1
  41. package/config/vars.d.ts +3 -0
  42. package/config/vars.js +18 -0
  43. package/config/vars.js.map +1 -1
  44. package/container/cluster.d.ts +7 -4
  45. package/container/cluster.js.map +1 -1
  46. package/container/nodePool.d.ts +9 -6
  47. package/container/nodePool.js.map +1 -1
  48. package/datafusion/instance.d.ts +97 -5
  49. package/datafusion/instance.js +52 -5
  50. package/datafusion/instance.js.map +1 -1
  51. package/dataproc/metastoreService.d.ts +49 -0
  52. package/dataproc/metastoreService.js +34 -0
  53. package/dataproc/metastoreService.js.map +1 -1
  54. package/datastream/privateConnection.d.ts +16 -0
  55. package/datastream/privateConnection.js +4 -0
  56. package/datastream/privateConnection.js.map +1 -1
  57. package/eventarc/googleChannelConfig.d.ts +142 -0
  58. package/eventarc/googleChannelConfig.js +110 -0
  59. package/eventarc/googleChannelConfig.js.map +1 -0
  60. package/eventarc/index.d.ts +3 -0
  61. package/eventarc/index.js +6 -1
  62. package/eventarc/index.js.map +1 -1
  63. package/firebase/getAndroidApp.d.ts +36 -0
  64. package/firebase/getAndroidApp.js +22 -0
  65. package/firebase/getAndroidApp.js.map +1 -0
  66. package/firebase/index.d.ts +6 -0
  67. package/firebase/index.js +9 -1
  68. package/firebase/index.js.map +1 -1
  69. package/firebase/storageBucket.d.ts +109 -0
  70. package/firebase/storageBucket.js +91 -0
  71. package/firebase/storageBucket.js.map +1 -0
  72. package/gkebackup/backupPlan.d.ts +403 -0
  73. package/gkebackup/backupPlan.js +259 -0
  74. package/gkebackup/backupPlan.js.map +1 -0
  75. package/gkebackup/index.d.ts +3 -0
  76. package/gkebackup/index.js +22 -0
  77. package/gkebackup/index.js.map +1 -0
  78. package/gkehub/featureMembership.d.ts +1 -0
  79. package/gkehub/featureMembership.js +1 -0
  80. package/gkehub/featureMembership.js.map +1 -1
  81. package/iam/index.d.ts +3 -0
  82. package/iam/index.js +6 -1
  83. package/iam/index.js.map +1 -1
  84. package/iam/workforcePoolProvider.d.ts +510 -0
  85. package/iam/workforcePoolProvider.js +213 -0
  86. package/iam/workforcePoolProvider.js.map +1 -0
  87. package/index.d.ts +3 -1
  88. package/index.js +6 -2
  89. package/index.js.map +1 -1
  90. package/logging/billingAccountBucketConfig.d.ts +20 -0
  91. package/logging/billingAccountBucketConfig.js +2 -0
  92. package/logging/billingAccountBucketConfig.js.map +1 -1
  93. package/logging/folderBucketConfig.d.ts +20 -0
  94. package/logging/folderBucketConfig.js +2 -0
  95. package/logging/folderBucketConfig.js.map +1 -1
  96. package/logging/getProjectCmekSettings.d.ts +97 -0
  97. package/logging/getProjectCmekSettings.js +43 -0
  98. package/logging/getProjectCmekSettings.js.map +1 -0
  99. package/logging/index.d.ts +3 -0
  100. package/logging/index.js +4 -1
  101. package/logging/index.js.map +1 -1
  102. package/logging/organizationBucketConfig.d.ts +20 -0
  103. package/logging/organizationBucketConfig.js +2 -0
  104. package/logging/organizationBucketConfig.js.map +1 -1
  105. package/logging/projectBucketConfig.d.ts +48 -2
  106. package/logging/projectBucketConfig.js +34 -0
  107. package/logging/projectBucketConfig.js.map +1 -1
  108. package/networkservices/edgeCacheOrigin.d.ts +55 -1
  109. package/networkservices/edgeCacheOrigin.js +26 -1
  110. package/networkservices/edgeCacheOrigin.js.map +1 -1
  111. package/package.json +2 -2
  112. package/package.json.dev +2 -2
  113. package/provider.d.ts +6 -0
  114. package/provider.js +3 -0
  115. package/provider.js.map +1 -1
  116. package/securitycenter/index.d.ts +9 -0
  117. package/securitycenter/index.js +16 -1
  118. package/securitycenter/index.js.map +1 -1
  119. package/securitycenter/instanceIamBinding.d.ts +239 -0
  120. package/securitycenter/instanceIamBinding.js +218 -0
  121. package/securitycenter/instanceIamBinding.js.map +1 -0
  122. package/securitycenter/instanceIamMember.d.ts +239 -0
  123. package/securitycenter/instanceIamMember.js +218 -0
  124. package/securitycenter/instanceIamMember.js.map +1 -0
  125. package/securitycenter/instanceIamPolicy.d.ts +231 -0
  126. package/securitycenter/instanceIamPolicy.js +211 -0
  127. package/securitycenter/instanceIamPolicy.js.map +1 -0
  128. package/sql/database.d.ts +41 -0
  129. package/sql/database.js +22 -0
  130. package/sql/database.js.map +1 -1
  131. package/storage/bucket.d.ts +29 -7
  132. package/storage/bucket.js +18 -6
  133. package/storage/bucket.js.map +1 -1
  134. package/storage/getBucket.d.ts +1 -0
  135. package/storage/getBucket.js.map +1 -1
  136. package/types/input.d.ts +1544 -98
  137. package/types/output.d.ts +1559 -94
  138. package/vertex/aiFeatureStoreEntityTypeIamBinding.d.ts +119 -0
  139. package/vertex/aiFeatureStoreEntityTypeIamBinding.js +96 -0
  140. package/vertex/aiFeatureStoreEntityTypeIamBinding.js.map +1 -0
  141. package/vertex/aiFeatureStoreEntityTypeIamMember.d.ts +119 -0
  142. package/vertex/aiFeatureStoreEntityTypeIamMember.js +96 -0
  143. package/vertex/aiFeatureStoreEntityTypeIamMember.js.map +1 -0
  144. package/vertex/aiFeatureStoreEntityTypeIamPolicy.d.ts +108 -0
  145. package/vertex/aiFeatureStoreEntityTypeIamPolicy.js +89 -0
  146. package/vertex/aiFeatureStoreEntityTypeIamPolicy.js.map +1 -0
  147. package/vertex/aiFeatureStoreIamBinding.d.ts +53 -43
  148. package/vertex/aiFeatureStoreIamBinding.js +11 -37
  149. package/vertex/aiFeatureStoreIamBinding.js.map +1 -1
  150. package/vertex/aiFeatureStoreIamMember.d.ts +53 -43
  151. package/vertex/aiFeatureStoreIamMember.js +11 -37
  152. package/vertex/aiFeatureStoreIamMember.js.map +1 -1
  153. package/vertex/aiFeatureStoreIamPolicy.d.ts +50 -43
  154. package/vertex/aiFeatureStoreIamPolicy.js +11 -37
  155. package/vertex/aiFeatureStoreIamPolicy.js.map +1 -1
  156. package/vertex/aiIndex.d.ts +314 -0
  157. package/vertex/aiIndex.js +188 -0
  158. package/vertex/aiIndex.js.map +1 -0
  159. package/vertex/aiTensorboard.d.ts +242 -0
  160. package/vertex/aiTensorboard.js +146 -0
  161. package/vertex/aiTensorboard.js.map +1 -0
  162. package/vertex/index.d.ts +15 -0
  163. package/vertex/index.js +26 -1
  164. package/vertex/index.js.map +1 -1
package/types/input.d.ts CHANGED
@@ -7578,7 +7578,7 @@ export declare namespace cloudrun {
7578
7578
  }
7579
7579
  interface ServiceTemplateSpecContainerPort {
7580
7580
  /**
7581
- * Port number the container listens on. This must be a valid port number, 0 < x < 65536.
7581
+ * Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to "8080".
7582
7582
  */
7583
7583
  containerPort?: pulumi.Input<number>;
7584
7584
  /**
@@ -7795,6 +7795,819 @@ export declare namespace cloudrun {
7795
7795
  url?: pulumi.Input<string>;
7796
7796
  }
7797
7797
  }
7798
+ export declare namespace cloudrunv2 {
7799
+ interface JobBinaryAuthorization {
7800
+ /**
7801
+ * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass
7802
+ */
7803
+ breakglassJustification?: pulumi.Input<string>;
7804
+ /**
7805
+ * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.
7806
+ */
7807
+ useDefault?: pulumi.Input<boolean>;
7808
+ }
7809
+ interface JobCondition {
7810
+ executionReason?: pulumi.Input<string>;
7811
+ lastTransitionTime?: pulumi.Input<string>;
7812
+ message?: pulumi.Input<string>;
7813
+ reason?: pulumi.Input<string>;
7814
+ revisionReason?: pulumi.Input<string>;
7815
+ severity?: pulumi.Input<string>;
7816
+ state?: pulumi.Input<string>;
7817
+ type?: pulumi.Input<string>;
7818
+ }
7819
+ interface JobLatestCreatedExecution {
7820
+ completionTime?: pulumi.Input<string>;
7821
+ createTime?: pulumi.Input<string>;
7822
+ /**
7823
+ * Volume's name.
7824
+ */
7825
+ name?: pulumi.Input<string>;
7826
+ }
7827
+ interface JobTemplate {
7828
+ /**
7829
+ * KRM-style labels for the resource. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved.
7830
+ */
7831
+ labels?: pulumi.Input<{
7832
+ [key: string]: pulumi.Input<string>;
7833
+ }>;
7834
+ /**
7835
+ * Specifies the maximum desired number of tasks the execution should run at given time. Must be <= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.
7836
+ */
7837
+ parallelism?: pulumi.Input<number>;
7838
+ /**
7839
+ * Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
7840
+ */
7841
+ taskCount?: pulumi.Input<number>;
7842
+ /**
7843
+ * Describes the task(s) that will be created when executing an execution
7844
+ * Structure is documented below.
7845
+ */
7846
+ template: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplate>;
7847
+ }
7848
+ interface JobTemplateTemplate {
7849
+ /**
7850
+ * Holds the single container that defines the unit of execution for this task.
7851
+ * Structure is documented below.
7852
+ */
7853
+ containers?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainer>[]>;
7854
+ /**
7855
+ * A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
7856
+ */
7857
+ encryptionKey?: pulumi.Input<string>;
7858
+ /**
7859
+ * The execution environment being used to host this Task.
7860
+ * Possible values are `EXECUTION_ENVIRONMENT_GEN1` and `EXECUTION_ENVIRONMENT_GEN2`.
7861
+ */
7862
+ executionEnvironment?: pulumi.Input<string>;
7863
+ /**
7864
+ * Number of retries allowed per Task, before marking this Task failed.
7865
+ */
7866
+ maxRetries?: pulumi.Input<number>;
7867
+ /**
7868
+ * Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.
7869
+ */
7870
+ serviceAccount?: pulumi.Input<string>;
7871
+ /**
7872
+ * Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.
7873
+ * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
7874
+ */
7875
+ timeout?: pulumi.Input<string>;
7876
+ /**
7877
+ * A list of Volumes to make available to containers.
7878
+ * Structure is documented below.
7879
+ */
7880
+ volumes?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateVolume>[]>;
7881
+ /**
7882
+ * VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.
7883
+ * Structure is documented below.
7884
+ */
7885
+ vpcAccess?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateVpcAccess>;
7886
+ }
7887
+ interface JobTemplateTemplateContainer {
7888
+ /**
7889
+ * Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
7890
+ */
7891
+ args?: pulumi.Input<pulumi.Input<string>[]>;
7892
+ /**
7893
+ * Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
7894
+ */
7895
+ commands?: pulumi.Input<pulumi.Input<string>[]>;
7896
+ /**
7897
+ * List of environment variables to set in the container.
7898
+ * Structure is documented below.
7899
+ */
7900
+ envs?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerEnv>[]>;
7901
+ /**
7902
+ * URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images
7903
+ */
7904
+ image: pulumi.Input<string>;
7905
+ /**
7906
+ * Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7907
+ * Structure is documented below.
7908
+ */
7909
+ livenessProbe?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerLivenessProbe>;
7910
+ /**
7911
+ * Volume's name.
7912
+ */
7913
+ name?: pulumi.Input<string>;
7914
+ /**
7915
+ * List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.
7916
+ * If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on
7917
+ * Structure is documented below.
7918
+ */
7919
+ ports?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerPort>[]>;
7920
+ /**
7921
+ * Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
7922
+ * Structure is documented below.
7923
+ */
7924
+ resources?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerResources>;
7925
+ /**
7926
+ * Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7927
+ * Structure is documented below.
7928
+ */
7929
+ startupProbe?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerStartupProbe>;
7930
+ /**
7931
+ * Volume to mount into the container's filesystem.
7932
+ * Structure is documented below.
7933
+ */
7934
+ volumeMounts?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerVolumeMount>[]>;
7935
+ /**
7936
+ * Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.
7937
+ */
7938
+ workingDir?: pulumi.Input<string>;
7939
+ }
7940
+ interface JobTemplateTemplateContainerEnv {
7941
+ /**
7942
+ * Volume's name.
7943
+ */
7944
+ name: pulumi.Input<string>;
7945
+ /**
7946
+ * The header field value
7947
+ */
7948
+ value?: pulumi.Input<string>;
7949
+ /**
7950
+ * Source for the environment variable's value.
7951
+ * Structure is documented below.
7952
+ */
7953
+ valueSource?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerEnvValueSource>;
7954
+ }
7955
+ interface JobTemplateTemplateContainerEnvValueSource {
7956
+ /**
7957
+ * Selects a secret and a specific version from Cloud Secret Manager.
7958
+ * Structure is documented below.
7959
+ */
7960
+ secretKeyRef?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerEnvValueSourceSecretKeyRef>;
7961
+ }
7962
+ interface JobTemplateTemplateContainerEnvValueSourceSecretKeyRef {
7963
+ /**
7964
+ * The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.
7965
+ */
7966
+ secret: pulumi.Input<string>;
7967
+ /**
7968
+ * The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version
7969
+ */
7970
+ version: pulumi.Input<string>;
7971
+ }
7972
+ interface JobTemplateTemplateContainerLivenessProbe {
7973
+ /**
7974
+ * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
7975
+ */
7976
+ failureThreshold?: pulumi.Input<number>;
7977
+ /**
7978
+ * HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.
7979
+ * Structure is documented below.
7980
+ */
7981
+ httpGet?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerLivenessProbeHttpGet>;
7982
+ /**
7983
+ * Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7984
+ */
7985
+ initialDelaySeconds?: pulumi.Input<number>;
7986
+ /**
7987
+ * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds
7988
+ */
7989
+ periodSeconds?: pulumi.Input<number>;
7990
+ /**
7991
+ * TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.
7992
+ * Structure is documented below.
7993
+ */
7994
+ tcpSocket?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerLivenessProbeTcpSocket>;
7995
+ /**
7996
+ * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7997
+ */
7998
+ timeoutSeconds?: pulumi.Input<number>;
7999
+ }
8000
+ interface JobTemplateTemplateContainerLivenessProbeHttpGet {
8001
+ /**
8002
+ * Custom headers to set in the request. HTTP allows repeated headers.
8003
+ * Structure is documented below.
8004
+ */
8005
+ httpHeaders?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerLivenessProbeHttpGetHttpHeader>[]>;
8006
+ /**
8007
+ * The relative path of the secret in the container.
8008
+ */
8009
+ path?: pulumi.Input<string>;
8010
+ }
8011
+ interface JobTemplateTemplateContainerLivenessProbeHttpGetHttpHeader {
8012
+ /**
8013
+ * Volume's name.
8014
+ */
8015
+ name: pulumi.Input<string>;
8016
+ /**
8017
+ * The header field value
8018
+ */
8019
+ value?: pulumi.Input<string>;
8020
+ }
8021
+ interface JobTemplateTemplateContainerLivenessProbeTcpSocket {
8022
+ /**
8023
+ * Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.
8024
+ */
8025
+ port?: pulumi.Input<number>;
8026
+ }
8027
+ interface JobTemplateTemplateContainerPort {
8028
+ /**
8029
+ * Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536.
8030
+ */
8031
+ containerPort?: pulumi.Input<number>;
8032
+ /**
8033
+ * Volume's name.
8034
+ */
8035
+ name?: pulumi.Input<string>;
8036
+ }
8037
+ interface JobTemplateTemplateContainerResources {
8038
+ /**
8039
+ * Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
8040
+ */
8041
+ limits?: pulumi.Input<{
8042
+ [key: string]: pulumi.Input<string>;
8043
+ }>;
8044
+ }
8045
+ interface JobTemplateTemplateContainerStartupProbe {
8046
+ /**
8047
+ * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
8048
+ */
8049
+ failureThreshold?: pulumi.Input<number>;
8050
+ /**
8051
+ * HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.
8052
+ * Structure is documented below.
8053
+ */
8054
+ httpGet?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerStartupProbeHttpGet>;
8055
+ /**
8056
+ * Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8057
+ */
8058
+ initialDelaySeconds?: pulumi.Input<number>;
8059
+ /**
8060
+ * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds
8061
+ */
8062
+ periodSeconds?: pulumi.Input<number>;
8063
+ /**
8064
+ * TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.
8065
+ * Structure is documented below.
8066
+ */
8067
+ tcpSocket?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerStartupProbeTcpSocket>;
8068
+ /**
8069
+ * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8070
+ */
8071
+ timeoutSeconds?: pulumi.Input<number>;
8072
+ }
8073
+ interface JobTemplateTemplateContainerStartupProbeHttpGet {
8074
+ /**
8075
+ * Custom headers to set in the request. HTTP allows repeated headers.
8076
+ * Structure is documented below.
8077
+ */
8078
+ httpHeaders?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateContainerStartupProbeHttpGetHttpHeader>[]>;
8079
+ /**
8080
+ * The relative path of the secret in the container.
8081
+ */
8082
+ path?: pulumi.Input<string>;
8083
+ }
8084
+ interface JobTemplateTemplateContainerStartupProbeHttpGetHttpHeader {
8085
+ /**
8086
+ * Volume's name.
8087
+ */
8088
+ name: pulumi.Input<string>;
8089
+ /**
8090
+ * The header field value
8091
+ */
8092
+ value?: pulumi.Input<string>;
8093
+ }
8094
+ interface JobTemplateTemplateContainerStartupProbeTcpSocket {
8095
+ /**
8096
+ * Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.
8097
+ */
8098
+ port?: pulumi.Input<number>;
8099
+ }
8100
+ interface JobTemplateTemplateContainerVolumeMount {
8101
+ /**
8102
+ * Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run
8103
+ */
8104
+ mountPath: pulumi.Input<string>;
8105
+ /**
8106
+ * Volume's name.
8107
+ */
8108
+ name: pulumi.Input<string>;
8109
+ }
8110
+ interface JobTemplateTemplateVolume {
8111
+ /**
8112
+ * For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.
8113
+ * Structure is documented below.
8114
+ */
8115
+ cloudSqlInstance?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateVolumeCloudSqlInstance>;
8116
+ /**
8117
+ * Volume's name.
8118
+ */
8119
+ name: pulumi.Input<string>;
8120
+ /**
8121
+ * The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.
8122
+ */
8123
+ secret?: pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateVolumeSecret>;
8124
+ }
8125
+ interface JobTemplateTemplateVolumeCloudSqlInstance {
8126
+ /**
8127
+ * The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}
8128
+ */
8129
+ instances?: pulumi.Input<pulumi.Input<string>[]>;
8130
+ }
8131
+ interface JobTemplateTemplateVolumeSecret {
8132
+ /**
8133
+ * Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.
8134
+ */
8135
+ defaultMode?: pulumi.Input<number>;
8136
+ /**
8137
+ * If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.
8138
+ * Structure is documented below.
8139
+ */
8140
+ items?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.JobTemplateTemplateVolumeSecretItem>[]>;
8141
+ /**
8142
+ * The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.
8143
+ */
8144
+ secret: pulumi.Input<string>;
8145
+ }
8146
+ interface JobTemplateTemplateVolumeSecretItem {
8147
+ /**
8148
+ * Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.
8149
+ */
8150
+ mode: pulumi.Input<number>;
8151
+ /**
8152
+ * The relative path of the secret in the container.
8153
+ */
8154
+ path: pulumi.Input<string>;
8155
+ /**
8156
+ * The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version
8157
+ */
8158
+ version: pulumi.Input<string>;
8159
+ }
8160
+ interface JobTemplateTemplateVpcAccess {
8161
+ /**
8162
+ * VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.
8163
+ */
8164
+ connector?: pulumi.Input<string>;
8165
+ /**
8166
+ * Traffic VPC egress settings.
8167
+ * Possible values are `ALL_TRAFFIC` and `PRIVATE_RANGES_ONLY`.
8168
+ */
8169
+ egress?: pulumi.Input<string>;
8170
+ }
8171
+ interface JobTerminalCondition {
8172
+ executionReason?: pulumi.Input<string>;
8173
+ lastTransitionTime?: pulumi.Input<string>;
8174
+ message?: pulumi.Input<string>;
8175
+ reason?: pulumi.Input<string>;
8176
+ revisionReason?: pulumi.Input<string>;
8177
+ severity?: pulumi.Input<string>;
8178
+ state?: pulumi.Input<string>;
8179
+ type?: pulumi.Input<string>;
8180
+ }
8181
+ interface ServiceBinaryAuthorization {
8182
+ /**
8183
+ * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass
8184
+ */
8185
+ breakglassJustification?: pulumi.Input<string>;
8186
+ /**
8187
+ * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.
8188
+ */
8189
+ useDefault?: pulumi.Input<boolean>;
8190
+ }
8191
+ interface ServiceCondition {
8192
+ executionReason?: pulumi.Input<string>;
8193
+ lastTransitionTime?: pulumi.Input<string>;
8194
+ message?: pulumi.Input<string>;
8195
+ reason?: pulumi.Input<string>;
8196
+ revisionReason?: pulumi.Input<string>;
8197
+ severity?: pulumi.Input<string>;
8198
+ state?: pulumi.Input<string>;
8199
+ /**
8200
+ * The allocation type for this traffic target.
8201
+ * Possible values are `TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST` and `TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION`.
8202
+ */
8203
+ type?: pulumi.Input<string>;
8204
+ }
8205
+ interface ServiceTemplate {
8206
+ /**
8207
+ * Holds the single container that defines the unit of execution for this task.
8208
+ * Structure is documented below.
8209
+ */
8210
+ containers?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainer>[]>;
8211
+ /**
8212
+ * A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
8213
+ */
8214
+ encryptionKey?: pulumi.Input<string>;
8215
+ /**
8216
+ * The sandbox environment to host this Revision.
8217
+ * Possible values are `EXECUTION_ENVIRONMENT_GEN1` and `EXECUTION_ENVIRONMENT_GEN2`.
8218
+ */
8219
+ executionEnvironment?: pulumi.Input<string>;
8220
+ /**
8221
+ * Map of string keys and values that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved.
8222
+ */
8223
+ labels?: pulumi.Input<{
8224
+ [key: string]: pulumi.Input<string>;
8225
+ }>;
8226
+ /**
8227
+ * Sets the maximum number of requests that each serving instance can receive.
8228
+ */
8229
+ maxInstanceRequestConcurrency?: pulumi.Input<number>;
8230
+ /**
8231
+ * Revision to which to send this portion of traffic, if traffic allocation is by revision.
8232
+ */
8233
+ revision?: pulumi.Input<string>;
8234
+ /**
8235
+ * Scaling settings for this Revision.
8236
+ * Structure is documented below.
8237
+ */
8238
+ scaling?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateScaling>;
8239
+ /**
8240
+ * Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.
8241
+ */
8242
+ serviceAccount?: pulumi.Input<string>;
8243
+ /**
8244
+ * Max allowed time for an instance to respond to a request.
8245
+ * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
8246
+ */
8247
+ timeout?: pulumi.Input<string>;
8248
+ /**
8249
+ * A list of Volumes to make available to containers.
8250
+ * Structure is documented below.
8251
+ */
8252
+ volumes?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateVolume>[]>;
8253
+ /**
8254
+ * VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.
8255
+ * Structure is documented below.
8256
+ */
8257
+ vpcAccess?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateVpcAccess>;
8258
+ }
8259
+ interface ServiceTemplateContainer {
8260
+ /**
8261
+ * Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
8262
+ */
8263
+ args?: pulumi.Input<pulumi.Input<string>[]>;
8264
+ /**
8265
+ * Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
8266
+ */
8267
+ commands?: pulumi.Input<pulumi.Input<string>[]>;
8268
+ /**
8269
+ * List of environment variables to set in the container.
8270
+ * Structure is documented below.
8271
+ */
8272
+ envs?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerEnv>[]>;
8273
+ /**
8274
+ * URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images
8275
+ */
8276
+ image: pulumi.Input<string>;
8277
+ /**
8278
+ * Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8279
+ * Structure is documented below.
8280
+ */
8281
+ livenessProbe?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerLivenessProbe>;
8282
+ /**
8283
+ * Volume's name.
8284
+ */
8285
+ name?: pulumi.Input<string>;
8286
+ /**
8287
+ * List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.
8288
+ * If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on
8289
+ * Structure is documented below.
8290
+ */
8291
+ ports?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerPort>[]>;
8292
+ /**
8293
+ * Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
8294
+ * Structure is documented below.
8295
+ */
8296
+ resources?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerResources>;
8297
+ /**
8298
+ * Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8299
+ * Structure is documented below.
8300
+ */
8301
+ startupProbe?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerStartupProbe>;
8302
+ /**
8303
+ * Volume to mount into the container's filesystem.
8304
+ * Structure is documented below.
8305
+ */
8306
+ volumeMounts?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerVolumeMount>[]>;
8307
+ /**
8308
+ * Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.
8309
+ */
8310
+ workingDir?: pulumi.Input<string>;
8311
+ }
8312
+ interface ServiceTemplateContainerEnv {
8313
+ /**
8314
+ * Volume's name.
8315
+ */
8316
+ name: pulumi.Input<string>;
8317
+ /**
8318
+ * The header field value
8319
+ */
8320
+ value?: pulumi.Input<string>;
8321
+ /**
8322
+ * Source for the environment variable's value.
8323
+ * Structure is documented below.
8324
+ */
8325
+ valueSource?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerEnvValueSource>;
8326
+ }
8327
+ interface ServiceTemplateContainerEnvValueSource {
8328
+ /**
8329
+ * Selects a secret and a specific version from Cloud Secret Manager.
8330
+ * Structure is documented below.
8331
+ */
8332
+ secretKeyRef?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerEnvValueSourceSecretKeyRef>;
8333
+ }
8334
+ interface ServiceTemplateContainerEnvValueSourceSecretKeyRef {
8335
+ /**
8336
+ * The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.
8337
+ */
8338
+ secret: pulumi.Input<string>;
8339
+ /**
8340
+ * The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version
8341
+ */
8342
+ version?: pulumi.Input<string>;
8343
+ }
8344
+ interface ServiceTemplateContainerLivenessProbe {
8345
+ /**
8346
+ * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
8347
+ */
8348
+ failureThreshold?: pulumi.Input<number>;
8349
+ /**
8350
+ * HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.
8351
+ * Structure is documented below.
8352
+ */
8353
+ httpGet?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerLivenessProbeHttpGet>;
8354
+ /**
8355
+ * Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8356
+ */
8357
+ initialDelaySeconds?: pulumi.Input<number>;
8358
+ /**
8359
+ * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds
8360
+ */
8361
+ periodSeconds?: pulumi.Input<number>;
8362
+ /**
8363
+ * TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.
8364
+ * Structure is documented below.
8365
+ */
8366
+ tcpSocket?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerLivenessProbeTcpSocket>;
8367
+ /**
8368
+ * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8369
+ */
8370
+ timeoutSeconds?: pulumi.Input<number>;
8371
+ }
8372
+ interface ServiceTemplateContainerLivenessProbeHttpGet {
8373
+ /**
8374
+ * Custom headers to set in the request. HTTP allows repeated headers.
8375
+ * Structure is documented below.
8376
+ */
8377
+ httpHeaders?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerLivenessProbeHttpGetHttpHeader>[]>;
8378
+ /**
8379
+ * The relative path of the secret in the container.
8380
+ */
8381
+ path?: pulumi.Input<string>;
8382
+ }
8383
+ interface ServiceTemplateContainerLivenessProbeHttpGetHttpHeader {
8384
+ /**
8385
+ * Volume's name.
8386
+ */
8387
+ name: pulumi.Input<string>;
8388
+ /**
8389
+ * The header field value
8390
+ */
8391
+ value?: pulumi.Input<string>;
8392
+ }
8393
+ interface ServiceTemplateContainerLivenessProbeTcpSocket {
8394
+ /**
8395
+ * Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.
8396
+ */
8397
+ port?: pulumi.Input<number>;
8398
+ }
8399
+ interface ServiceTemplateContainerPort {
8400
+ /**
8401
+ * Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536.
8402
+ */
8403
+ containerPort?: pulumi.Input<number>;
8404
+ /**
8405
+ * Volume's name.
8406
+ */
8407
+ name?: pulumi.Input<string>;
8408
+ }
8409
+ interface ServiceTemplateContainerResources {
8410
+ /**
8411
+ * Determines whether CPU should be throttled or not outside of requests.
8412
+ */
8413
+ cpuIdle?: pulumi.Input<boolean>;
8414
+ /**
8415
+ * Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
8416
+ */
8417
+ limits?: pulumi.Input<{
8418
+ [key: string]: pulumi.Input<string>;
8419
+ }>;
8420
+ }
8421
+ interface ServiceTemplateContainerStartupProbe {
8422
+ /**
8423
+ * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
8424
+ */
8425
+ failureThreshold?: pulumi.Input<number>;
8426
+ /**
8427
+ * HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.
8428
+ * Structure is documented below.
8429
+ */
8430
+ httpGet?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerStartupProbeHttpGet>;
8431
+ /**
8432
+ * Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8433
+ */
8434
+ initialDelaySeconds?: pulumi.Input<number>;
8435
+ /**
8436
+ * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds
8437
+ */
8438
+ periodSeconds?: pulumi.Input<number>;
8439
+ /**
8440
+ * TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.
8441
+ * Structure is documented below.
8442
+ */
8443
+ tcpSocket?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerStartupProbeTcpSocket>;
8444
+ /**
8445
+ * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
8446
+ */
8447
+ timeoutSeconds?: pulumi.Input<number>;
8448
+ }
8449
+ interface ServiceTemplateContainerStartupProbeHttpGet {
8450
+ /**
8451
+ * Custom headers to set in the request. HTTP allows repeated headers.
8452
+ * Structure is documented below.
8453
+ */
8454
+ httpHeaders?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateContainerStartupProbeHttpGetHttpHeader>[]>;
8455
+ /**
8456
+ * The relative path of the secret in the container.
8457
+ */
8458
+ path?: pulumi.Input<string>;
8459
+ }
8460
+ interface ServiceTemplateContainerStartupProbeHttpGetHttpHeader {
8461
+ /**
8462
+ * Volume's name.
8463
+ */
8464
+ name: pulumi.Input<string>;
8465
+ /**
8466
+ * The header field value
8467
+ */
8468
+ value?: pulumi.Input<string>;
8469
+ }
8470
+ interface ServiceTemplateContainerStartupProbeTcpSocket {
8471
+ /**
8472
+ * Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.
8473
+ */
8474
+ port?: pulumi.Input<number>;
8475
+ }
8476
+ interface ServiceTemplateContainerVolumeMount {
8477
+ /**
8478
+ * Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run
8479
+ */
8480
+ mountPath: pulumi.Input<string>;
8481
+ /**
8482
+ * Volume's name.
8483
+ */
8484
+ name: pulumi.Input<string>;
8485
+ }
8486
+ interface ServiceTemplateScaling {
8487
+ /**
8488
+ * Maximum number of serving instances that this resource should have.
8489
+ */
8490
+ maxInstanceCount?: pulumi.Input<number>;
8491
+ /**
8492
+ * Minimum number of serving instances that this resource should have.
8493
+ */
8494
+ minInstanceCount?: pulumi.Input<number>;
8495
+ }
8496
+ interface ServiceTemplateVolume {
8497
+ /**
8498
+ * For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.
8499
+ * Structure is documented below.
8500
+ */
8501
+ cloudSqlInstance?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateVolumeCloudSqlInstance>;
8502
+ /**
8503
+ * Volume's name.
8504
+ */
8505
+ name: pulumi.Input<string>;
8506
+ /**
8507
+ * The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.
8508
+ */
8509
+ secret?: pulumi.Input<inputs.cloudrunv2.ServiceTemplateVolumeSecret>;
8510
+ }
8511
+ interface ServiceTemplateVolumeCloudSqlInstance {
8512
+ /**
8513
+ * The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}
8514
+ */
8515
+ instances?: pulumi.Input<pulumi.Input<string>[]>;
8516
+ }
8517
+ interface ServiceTemplateVolumeSecret {
8518
+ /**
8519
+ * Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.
8520
+ */
8521
+ defaultMode?: pulumi.Input<number>;
8522
+ /**
8523
+ * If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.
8524
+ * Structure is documented below.
8525
+ */
8526
+ items?: pulumi.Input<pulumi.Input<inputs.cloudrunv2.ServiceTemplateVolumeSecretItem>[]>;
8527
+ /**
8528
+ * The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.
8529
+ */
8530
+ secret: pulumi.Input<string>;
8531
+ }
8532
+ interface ServiceTemplateVolumeSecretItem {
8533
+ /**
8534
+ * Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.
8535
+ */
8536
+ mode: pulumi.Input<number>;
8537
+ /**
8538
+ * The relative path of the secret in the container.
8539
+ */
8540
+ path: pulumi.Input<string>;
8541
+ /**
8542
+ * The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version
8543
+ */
8544
+ version?: pulumi.Input<string>;
8545
+ }
8546
+ interface ServiceTemplateVpcAccess {
8547
+ /**
8548
+ * VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.
8549
+ */
8550
+ connector?: pulumi.Input<string>;
8551
+ /**
8552
+ * Traffic VPC egress settings.
8553
+ * Possible values are `ALL_TRAFFIC` and `PRIVATE_RANGES_ONLY`.
8554
+ */
8555
+ egress?: pulumi.Input<string>;
8556
+ }
8557
+ interface ServiceTerminalCondition {
8558
+ executionReason?: pulumi.Input<string>;
8559
+ lastTransitionTime?: pulumi.Input<string>;
8560
+ message?: pulumi.Input<string>;
8561
+ reason?: pulumi.Input<string>;
8562
+ revisionReason?: pulumi.Input<string>;
8563
+ severity?: pulumi.Input<string>;
8564
+ state?: pulumi.Input<string>;
8565
+ /**
8566
+ * The allocation type for this traffic target.
8567
+ * Possible values are `TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST` and `TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION`.
8568
+ */
8569
+ type?: pulumi.Input<string>;
8570
+ }
8571
+ interface ServiceTraffic {
8572
+ /**
8573
+ * Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.
8574
+ */
8575
+ percent?: pulumi.Input<number>;
8576
+ /**
8577
+ * Revision to which to send this portion of traffic, if traffic allocation is by revision.
8578
+ */
8579
+ revision?: pulumi.Input<string>;
8580
+ /**
8581
+ * Indicates a string to be part of the URI to exclusively reference this target.
8582
+ */
8583
+ tag?: pulumi.Input<string>;
8584
+ /**
8585
+ * The allocation type for this traffic target.
8586
+ * Possible values are `TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST` and `TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION`.
8587
+ */
8588
+ type?: pulumi.Input<string>;
8589
+ }
8590
+ interface ServiceTrafficStatus {
8591
+ /**
8592
+ * Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.
8593
+ */
8594
+ percent?: pulumi.Input<number>;
8595
+ /**
8596
+ * Revision to which to send this portion of traffic, if traffic allocation is by revision.
8597
+ */
8598
+ revision?: pulumi.Input<string>;
8599
+ /**
8600
+ * Indicates a string to be part of the URI to exclusively reference this target.
8601
+ */
8602
+ tag?: pulumi.Input<string>;
8603
+ /**
8604
+ * The allocation type for this traffic target.
8605
+ * Possible values are `TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST` and `TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION`.
8606
+ */
8607
+ type?: pulumi.Input<string>;
8608
+ uri?: pulumi.Input<string>;
8609
+ }
8610
+ }
7798
8611
  export declare namespace cloudscheduler {
7799
8612
  interface JobAppEngineHttpTarget {
7800
8613
  /**
@@ -8898,6 +9711,11 @@ export declare namespace compute {
8898
9711
  * If true requests to different hosts will be cached separately.
8899
9712
  */
8900
9713
  includeHost?: pulumi.Input<boolean>;
9714
+ /**
9715
+ * Allows HTTP request headers (by name) to be used in the
9716
+ * cache key.
9717
+ */
9718
+ includeHttpHeaders?: pulumi.Input<pulumi.Input<string>[]>;
8901
9719
  /**
8902
9720
  * Names of cookies to include in cache keys.
8903
9721
  */
@@ -12673,6 +13491,21 @@ export declare namespace compute {
12673
13491
  source: pulumi.Input<string>;
12674
13492
  }
12675
13493
  interface RegionUrlMapDefaultRouteAction {
13494
+ /**
13495
+ * The specification for allowing client side cross-origin requests. Please see
13496
+ * [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)
13497
+ * Structure is documented below.
13498
+ */
13499
+ corsPolicy?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionCorsPolicy>;
13500
+ /**
13501
+ * The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.
13502
+ * As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.
13503
+ * Similarly requests from clients can be aborted by the load balancer for a percentage of requests.
13504
+ * timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.
13505
+ * Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).
13506
+ * Structure is documented below.
13507
+ */
13508
+ faultInjectionPolicy?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionFaultInjectionPolicy>;
12676
13509
  /**
12677
13510
  * Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.
12678
13511
  * The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.
@@ -12685,6 +13518,20 @@ export declare namespace compute {
12685
13518
  * Structure is documented below.
12686
13519
  */
12687
13520
  retryPolicy?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionRetryPolicy>;
13521
+ /**
13522
+ * Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.
13523
+ * If not specified, this field uses the largest timeout among all backend services associated with the route.
13524
+ * Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.
13525
+ * Structure is documented below.
13526
+ */
13527
+ timeout?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionTimeout>;
13528
+ /**
13529
+ * The spec to modify the URL of the request, before forwarding the request to the matched service.
13530
+ * urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.
13531
+ * Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.
13532
+ * Structure is documented below.
13533
+ */
13534
+ urlRewrite?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionUrlRewrite>;
12688
13535
  /**
12689
13536
  * A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.
12690
13537
  * After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.
@@ -12692,6 +13539,93 @@ export declare namespace compute {
12692
13539
  */
12693
13540
  weightedBackendServices?: pulumi.Input<pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionWeightedBackendService>[]>;
12694
13541
  }
13542
+ interface RegionUrlMapDefaultRouteActionCorsPolicy {
13543
+ /**
13544
+ * In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.
13545
+ * Default is false.
13546
+ */
13547
+ allowCredentials?: pulumi.Input<boolean>;
13548
+ /**
13549
+ * Specifies the content for the Access-Control-Allow-Headers header.
13550
+ */
13551
+ allowHeaders?: pulumi.Input<pulumi.Input<string>[]>;
13552
+ /**
13553
+ * Specifies the content for the Access-Control-Allow-Methods header.
13554
+ */
13555
+ allowMethods?: pulumi.Input<pulumi.Input<string>[]>;
13556
+ /**
13557
+ * Specifies the regualar expression patterns that match allowed origins. For regular expression grammar
13558
+ * please see en.cppreference.com/w/cpp/regex/ecmascript
13559
+ * An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.
13560
+ */
13561
+ allowOriginRegexes?: pulumi.Input<pulumi.Input<string>[]>;
13562
+ /**
13563
+ * Specifies the list of origins that will be allowed to do CORS requests.
13564
+ * An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.
13565
+ */
13566
+ allowOrigins?: pulumi.Input<pulumi.Input<string>[]>;
13567
+ /**
13568
+ * If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.
13569
+ */
13570
+ disabled?: pulumi.Input<boolean>;
13571
+ /**
13572
+ * Specifies the content for the Access-Control-Expose-Headers header.
13573
+ */
13574
+ exposeHeaders?: pulumi.Input<pulumi.Input<string>[]>;
13575
+ /**
13576
+ * Specifies how long results of a preflight request can be cached in seconds.
13577
+ * This translates to the Access-Control-Max-Age header.
13578
+ */
13579
+ maxAge?: pulumi.Input<number>;
13580
+ }
13581
+ interface RegionUrlMapDefaultRouteActionFaultInjectionPolicy {
13582
+ /**
13583
+ * The specification for how client requests are aborted as part of fault injection.
13584
+ * Structure is documented below.
13585
+ */
13586
+ abort?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionFaultInjectionPolicyAbort>;
13587
+ /**
13588
+ * The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.
13589
+ * Structure is documented below.
13590
+ */
13591
+ delay?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionFaultInjectionPolicyDelay>;
13592
+ }
13593
+ interface RegionUrlMapDefaultRouteActionFaultInjectionPolicyAbort {
13594
+ /**
13595
+ * The HTTP status code used to abort the request.
13596
+ * The value must be between 200 and 599 inclusive.
13597
+ */
13598
+ httpStatus?: pulumi.Input<number>;
13599
+ /**
13600
+ * The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.
13601
+ * The value must be between 0.0 and 100.0 inclusive.
13602
+ */
13603
+ percentage?: pulumi.Input<number>;
13604
+ }
13605
+ interface RegionUrlMapDefaultRouteActionFaultInjectionPolicyDelay {
13606
+ /**
13607
+ * Specifies the value of the fixed delay interval.
13608
+ * Structure is documented below.
13609
+ */
13610
+ fixedDelay?: pulumi.Input<inputs.compute.RegionUrlMapDefaultRouteActionFaultInjectionPolicyDelayFixedDelay>;
13611
+ /**
13612
+ * The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.
13613
+ * The value must be between 0.0 and 100.0 inclusive.
13614
+ */
13615
+ percentage?: pulumi.Input<number>;
13616
+ }
13617
+ interface RegionUrlMapDefaultRouteActionFaultInjectionPolicyDelayFixedDelay {
13618
+ /**
13619
+ * Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are
13620
+ * represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
13621
+ */
13622
+ nanos?: pulumi.Input<number>;
13623
+ /**
13624
+ * Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
13625
+ * Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
13626
+ */
13627
+ seconds?: pulumi.Input<string>;
13628
+ }
12695
13629
  interface RegionUrlMapDefaultRouteActionRequestMirrorPolicy {
12696
13630
  /**
12697
13631
  * The full or partial URL to the RegionBackendService resource being mirrored to.
@@ -12740,6 +13674,30 @@ export declare namespace compute {
12740
13674
  */
12741
13675
  seconds?: pulumi.Input<string>;
12742
13676
  }
13677
+ interface RegionUrlMapDefaultRouteActionTimeout {
13678
+ /**
13679
+ * Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are
13680
+ * represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
13681
+ */
13682
+ nanos?: pulumi.Input<number>;
13683
+ /**
13684
+ * Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
13685
+ * Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
13686
+ */
13687
+ seconds?: pulumi.Input<string>;
13688
+ }
13689
+ interface RegionUrlMapDefaultRouteActionUrlRewrite {
13690
+ /**
13691
+ * Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.
13692
+ * The value must be from 1 to 255 characters.
13693
+ */
13694
+ hostRewrite?: pulumi.Input<string>;
13695
+ /**
13696
+ * Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.
13697
+ * The value must be from 1 to 1024 characters.
13698
+ */
13699
+ pathPrefixRewrite?: pulumi.Input<string>;
13700
+ }
12743
13701
  interface RegionUrlMapDefaultRouteActionWeightedBackendService {
12744
13702
  /**
12745
13703
  * The full or partial URL to the RegionBackendService resource being mirrored to.
@@ -13002,19 +13960,17 @@ export declare namespace compute {
13002
13960
  }
13003
13961
  interface RegionUrlMapPathMatcherPathRuleRouteAction {
13004
13962
  /**
13005
- * The specification for allowing client side cross-origin requests. Please see W3C
13006
- * Recommendation for Cross Origin Resource Sharing
13963
+ * The specification for allowing client side cross-origin requests. Please see
13964
+ * [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)
13007
13965
  * Structure is documented below.
13008
13966
  */
13009
13967
  corsPolicy?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionCorsPolicy>;
13010
13968
  /**
13011
- * The specification for fault injection introduced into traffic to test the
13012
- * resiliency of clients to backend service failure. As part of fault injection,
13013
- * when clients send requests to a backend service, delays can be introduced by
13014
- * Loadbalancer on a percentage of requests before sending those request to the
13015
- * backend service. Similarly requests from clients can be aborted by the
13016
- * Loadbalancer for a percentage of requests. timeout and retryPolicy will be
13017
- * ignored by clients that are configured with a fault_injection_policy.
13969
+ * The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.
13970
+ * As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.
13971
+ * Similarly requests from clients can be aborted by the load balancer for a percentage of requests.
13972
+ * timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.
13973
+ * Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).
13018
13974
  * Structure is documented below.
13019
13975
  */
13020
13976
  faultInjectionPolicy?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionFaultInjectionPolicy>;
@@ -13031,16 +13987,16 @@ export declare namespace compute {
13031
13987
  */
13032
13988
  retryPolicy?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionRetryPolicy>;
13033
13989
  /**
13034
- * Specifies the timeout for the selected route. Timeout is computed from the time
13035
- * the request is has been fully processed (i.e. end-of-stream) up until the
13036
- * response has been completely processed. Timeout includes all retries. If not
13037
- * specified, the default value is 15 seconds.
13990
+ * Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.
13991
+ * If not specified, this field uses the largest timeout among all backend services associated with the route.
13992
+ * Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.
13038
13993
  * Structure is documented below.
13039
13994
  */
13040
13995
  timeout?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionTimeout>;
13041
13996
  /**
13042
- * The spec to modify the URL of the request, prior to forwarding the request to
13043
- * the matched service
13997
+ * The spec to modify the URL of the request, before forwarding the request to the matched service.
13998
+ * urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.
13999
+ * Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.
13044
14000
  * Structure is documented below.
13045
14001
  */
13046
14002
  urlRewrite?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionUrlRewrite>;
@@ -13053,9 +14009,8 @@ export declare namespace compute {
13053
14009
  }
13054
14010
  interface RegionUrlMapPathMatcherPathRuleRouteActionCorsPolicy {
13055
14011
  /**
13056
- * In response to a preflight request, setting this to true indicates that the
13057
- * actual request can include user credentials. This translates to the Access-
13058
- * Control-Allow-Credentials header. Defaults to false.
14012
+ * In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.
14013
+ * Default is false.
13059
14014
  */
13060
14015
  allowCredentials?: pulumi.Input<boolean>;
13061
14016
  /**
@@ -13067,18 +14022,18 @@ export declare namespace compute {
13067
14022
  */
13068
14023
  allowMethods?: pulumi.Input<pulumi.Input<string>[]>;
13069
14024
  /**
13070
- * Specifies the regular expression patterns that match allowed origins. For
13071
- * regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript
13072
- * An origin is allowed if it matches either allowOrigins or allow_origin_regex.
14025
+ * Specifies the regualar expression patterns that match allowed origins. For regular expression grammar
14026
+ * please see en.cppreference.com/w/cpp/regex/ecmascript
14027
+ * An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.
13073
14028
  */
13074
14029
  allowOriginRegexes?: pulumi.Input<pulumi.Input<string>[]>;
13075
14030
  /**
13076
- * Specifies the list of origins that will be allowed to do CORS requests. An
13077
- * origin is allowed if it matches either allowOrigins or allow_origin_regex.
14031
+ * Specifies the list of origins that will be allowed to do CORS requests.
14032
+ * An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.
13078
14033
  */
13079
14034
  allowOrigins?: pulumi.Input<pulumi.Input<string>[]>;
13080
14035
  /**
13081
- * If true, specifies the CORS policy is disabled.
14036
+ * If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.
13082
14037
  */
13083
14038
  disabled: pulumi.Input<boolean>;
13084
14039
  /**
@@ -13086,35 +14041,32 @@ export declare namespace compute {
13086
14041
  */
13087
14042
  exposeHeaders?: pulumi.Input<pulumi.Input<string>[]>;
13088
14043
  /**
13089
- * Specifies how long the results of a preflight request can be cached. This
13090
- * translates to the content for the Access-Control-Max-Age header.
14044
+ * Specifies how long results of a preflight request can be cached in seconds.
14045
+ * This translates to the Access-Control-Max-Age header.
13091
14046
  */
13092
14047
  maxAge?: pulumi.Input<number>;
13093
14048
  }
13094
14049
  interface RegionUrlMapPathMatcherPathRuleRouteActionFaultInjectionPolicy {
13095
14050
  /**
13096
- * The specification for how client requests are aborted as part of fault
13097
- * injection.
14051
+ * The specification for how client requests are aborted as part of fault injection.
13098
14052
  * Structure is documented below.
13099
14053
  */
13100
14054
  abort?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionFaultInjectionPolicyAbort>;
13101
14055
  /**
13102
- * The specification for how client requests are delayed as part of fault
13103
- * injection, before being sent to a backend service.
14056
+ * The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.
13104
14057
  * Structure is documented below.
13105
14058
  */
13106
14059
  delay?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionFaultInjectionPolicyDelay>;
13107
14060
  }
13108
14061
  interface RegionUrlMapPathMatcherPathRuleRouteActionFaultInjectionPolicyAbort {
13109
14062
  /**
13110
- * The HTTP status code used to abort the request. The value must be between 200
13111
- * and 599 inclusive.
14063
+ * The HTTP status code used to abort the request.
14064
+ * The value must be between 200 and 599 inclusive.
13112
14065
  */
13113
14066
  httpStatus: pulumi.Input<number>;
13114
14067
  /**
13115
- * The percentage of traffic (connections/operations/requests) on which delay will
13116
- * be introduced as part of fault injection. The value must be between 0.0 and
13117
- * 100.0 inclusive.
14068
+ * The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.
14069
+ * The value must be between 0.0 and 100.0 inclusive.
13118
14070
  */
13119
14071
  percentage: pulumi.Input<number>;
13120
14072
  }
@@ -13125,9 +14077,8 @@ export declare namespace compute {
13125
14077
  */
13126
14078
  fixedDelay: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherPathRuleRouteActionFaultInjectionPolicyDelayFixedDelay>;
13127
14079
  /**
13128
- * The percentage of traffic (connections/operations/requests) on which delay will
13129
- * be introduced as part of fault injection. The value must be between 0.0 and
13130
- * 100.0 inclusive.
14080
+ * The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.
14081
+ * The value must be between 0.0 and 100.0 inclusive.
13131
14082
  */
13132
14083
  percentage: pulumi.Input<number>;
13133
14084
  }
@@ -13205,15 +14156,13 @@ export declare namespace compute {
13205
14156
  }
13206
14157
  interface RegionUrlMapPathMatcherPathRuleRouteActionUrlRewrite {
13207
14158
  /**
13208
- * Prior to forwarding the request to the selected service, the request's host
13209
- * header is replaced with contents of hostRewrite. The value must be between 1 and
13210
- * 255 characters.
14159
+ * Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.
14160
+ * The value must be from 1 to 255 characters.
13211
14161
  */
13212
14162
  hostRewrite?: pulumi.Input<string>;
13213
14163
  /**
13214
- * Prior to forwarding the request to the selected backend service, the matching
13215
- * portion of the request's path is replaced by pathPrefixRewrite. The value must
13216
- * be between 1 and 1024 characters.
14164
+ * Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.
14165
+ * The value must be from 1 to 1024 characters.
13217
14166
  */
13218
14167
  pathPrefixRewrite?: pulumi.Input<string>;
13219
14168
  }
@@ -13619,19 +14568,17 @@ export declare namespace compute {
13619
14568
  }
13620
14569
  interface RegionUrlMapPathMatcherRouteRuleRouteAction {
13621
14570
  /**
13622
- * The specification for allowing client side cross-origin requests. Please see W3C
13623
- * Recommendation for Cross Origin Resource Sharing
14571
+ * The specification for allowing client side cross-origin requests. Please see
14572
+ * [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)
13624
14573
  * Structure is documented below.
13625
14574
  */
13626
14575
  corsPolicy?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionCorsPolicy>;
13627
14576
  /**
13628
- * The specification for fault injection introduced into traffic to test the
13629
- * resiliency of clients to backend service failure. As part of fault injection,
13630
- * when clients send requests to a backend service, delays can be introduced by
13631
- * Loadbalancer on a percentage of requests before sending those request to the
13632
- * backend service. Similarly requests from clients can be aborted by the
13633
- * Loadbalancer for a percentage of requests. timeout and retryPolicy will be
13634
- * ignored by clients that are configured with a fault_injection_policy.
14577
+ * The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.
14578
+ * As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.
14579
+ * Similarly requests from clients can be aborted by the load balancer for a percentage of requests.
14580
+ * timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.
14581
+ * Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).
13635
14582
  * Structure is documented below.
13636
14583
  */
13637
14584
  faultInjectionPolicy?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionFaultInjectionPolicy>;
@@ -13648,16 +14595,16 @@ export declare namespace compute {
13648
14595
  */
13649
14596
  retryPolicy?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionRetryPolicy>;
13650
14597
  /**
13651
- * Specifies the timeout for the selected route. Timeout is computed from the time
13652
- * the request is has been fully processed (i.e. end-of-stream) up until the
13653
- * response has been completely processed. Timeout includes all retries. If not
13654
- * specified, the default value is 15 seconds.
14598
+ * Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.
14599
+ * If not specified, this field uses the largest timeout among all backend services associated with the route.
14600
+ * Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.
13655
14601
  * Structure is documented below.
13656
14602
  */
13657
14603
  timeout?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionTimeout>;
13658
14604
  /**
13659
- * The spec to modify the URL of the request, prior to forwarding the request to
13660
- * the matched service
14605
+ * The spec to modify the URL of the request, before forwarding the request to the matched service.
14606
+ * urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.
14607
+ * Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.
13661
14608
  * Structure is documented below.
13662
14609
  */
13663
14610
  urlRewrite?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionUrlRewrite>;
@@ -13670,9 +14617,8 @@ export declare namespace compute {
13670
14617
  }
13671
14618
  interface RegionUrlMapPathMatcherRouteRuleRouteActionCorsPolicy {
13672
14619
  /**
13673
- * In response to a preflight request, setting this to true indicates that the
13674
- * actual request can include user credentials. This translates to the Access-
13675
- * Control-Allow-Credentials header. Defaults to false.
14620
+ * In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.
14621
+ * Default is false.
13676
14622
  */
13677
14623
  allowCredentials?: pulumi.Input<boolean>;
13678
14624
  /**
@@ -13684,18 +14630,18 @@ export declare namespace compute {
13684
14630
  */
13685
14631
  allowMethods?: pulumi.Input<pulumi.Input<string>[]>;
13686
14632
  /**
13687
- * Specifies the regular expression patterns that match allowed origins. For
13688
- * regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript
13689
- * An origin is allowed if it matches either allowOrigins or allow_origin_regex.
14633
+ * Specifies the regualar expression patterns that match allowed origins. For regular expression grammar
14634
+ * please see en.cppreference.com/w/cpp/regex/ecmascript
14635
+ * An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.
13690
14636
  */
13691
14637
  allowOriginRegexes?: pulumi.Input<pulumi.Input<string>[]>;
13692
14638
  /**
13693
- * Specifies the list of origins that will be allowed to do CORS requests. An
13694
- * origin is allowed if it matches either allowOrigins or allow_origin_regex.
14639
+ * Specifies the list of origins that will be allowed to do CORS requests.
14640
+ * An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.
13695
14641
  */
13696
14642
  allowOrigins?: pulumi.Input<pulumi.Input<string>[]>;
13697
14643
  /**
13698
- * If true, specifies the CORS policy is disabled.
14644
+ * If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.
13699
14645
  */
13700
14646
  disabled?: pulumi.Input<boolean>;
13701
14647
  /**
@@ -13703,35 +14649,32 @@ export declare namespace compute {
13703
14649
  */
13704
14650
  exposeHeaders?: pulumi.Input<pulumi.Input<string>[]>;
13705
14651
  /**
13706
- * Specifies how long the results of a preflight request can be cached. This
13707
- * translates to the content for the Access-Control-Max-Age header.
14652
+ * Specifies how long results of a preflight request can be cached in seconds.
14653
+ * This translates to the Access-Control-Max-Age header.
13708
14654
  */
13709
14655
  maxAge?: pulumi.Input<number>;
13710
14656
  }
13711
14657
  interface RegionUrlMapPathMatcherRouteRuleRouteActionFaultInjectionPolicy {
13712
14658
  /**
13713
- * The specification for how client requests are aborted as part of fault
13714
- * injection.
14659
+ * The specification for how client requests are aborted as part of fault injection.
13715
14660
  * Structure is documented below.
13716
14661
  */
13717
14662
  abort?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionFaultInjectionPolicyAbort>;
13718
14663
  /**
13719
- * The specification for how client requests are delayed as part of fault
13720
- * injection, before being sent to a backend service.
14664
+ * The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.
13721
14665
  * Structure is documented below.
13722
14666
  */
13723
14667
  delay?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionFaultInjectionPolicyDelay>;
13724
14668
  }
13725
14669
  interface RegionUrlMapPathMatcherRouteRuleRouteActionFaultInjectionPolicyAbort {
13726
14670
  /**
13727
- * The HTTP status code used to abort the request. The value must be between 200
13728
- * and 599 inclusive.
14671
+ * The HTTP status code used to abort the request.
14672
+ * The value must be between 200 and 599 inclusive.
13729
14673
  */
13730
14674
  httpStatus?: pulumi.Input<number>;
13731
14675
  /**
13732
- * The percentage of traffic (connections/operations/requests) on which delay will
13733
- * be introduced as part of fault injection. The value must be between 0.0 and
13734
- * 100.0 inclusive.
14676
+ * The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.
14677
+ * The value must be between 0.0 and 100.0 inclusive.
13735
14678
  */
13736
14679
  percentage?: pulumi.Input<number>;
13737
14680
  }
@@ -13742,9 +14685,8 @@ export declare namespace compute {
13742
14685
  */
13743
14686
  fixedDelay?: pulumi.Input<inputs.compute.RegionUrlMapPathMatcherRouteRuleRouteActionFaultInjectionPolicyDelayFixedDelay>;
13744
14687
  /**
13745
- * The percentage of traffic (connections/operations/requests) on which delay will
13746
- * be introduced as part of fault injection. The value must be between 0.0 and
13747
- * 100.0 inclusive.
14688
+ * The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.
14689
+ * The value must be between 0.0 and 100.0 inclusive.
13748
14690
  */
13749
14691
  percentage?: pulumi.Input<number>;
13750
14692
  }
@@ -13822,15 +14764,13 @@ export declare namespace compute {
13822
14764
  }
13823
14765
  interface RegionUrlMapPathMatcherRouteRuleRouteActionUrlRewrite {
13824
14766
  /**
13825
- * Prior to forwarding the request to the selected service, the request's host
13826
- * header is replaced with contents of hostRewrite. The value must be between 1 and
13827
- * 255 characters.
14767
+ * Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.
14768
+ * The value must be from 1 to 255 characters.
13828
14769
  */
13829
14770
  hostRewrite?: pulumi.Input<string>;
13830
14771
  /**
13831
- * Prior to forwarding the request to the selected backend service, the matching
13832
- * portion of the request's path is replaced by pathPrefixRewrite. The value must
13833
- * be between 1 and 1024 characters.
14772
+ * Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.
14773
+ * The value must be from 1 to 1024 characters.
13834
14774
  */
13835
14775
  pathPrefixRewrite?: pulumi.Input<string>;
13836
14776
  }
@@ -14437,6 +15377,12 @@ export declare namespace compute {
14437
15377
  */
14438
15378
  contentTypes: pulumi.Input<pulumi.Input<string>[]>;
14439
15379
  }
15380
+ interface SecurityPolicyRecaptchaOptionsConfig {
15381
+ /**
15382
+ * A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.
15383
+ */
15384
+ redirectSiteKey: pulumi.Input<string>;
15385
+ }
14440
15386
  interface SecurityPolicyRule {
14441
15387
  /**
14442
15388
  * Action to take when `match` matches the request. Valid values:
@@ -14451,6 +15397,10 @@ export declare namespace compute {
14451
15397
  * An optional description of this rule. Max size is 64.
14452
15398
  */
14453
15399
  description?: pulumi.Input<string>;
15400
+ /**
15401
+ * Additional actions that are performed on headers. Structure is documented below.
15402
+ */
15403
+ headerAction?: pulumi.Input<inputs.compute.SecurityPolicyRuleHeaderAction>;
14454
15404
  /**
14455
15405
  * A match condition that incoming traffic is evaluated against.
14456
15406
  * If it evaluates to true, the corresponding `action` is enforced. Structure is documented below.
@@ -14471,13 +15421,29 @@ export declare namespace compute {
14471
15421
  */
14472
15422
  priority: pulumi.Input<number>;
14473
15423
  /**
14474
- * Must be specified if the `action` is "rateBasedBan" or "throttle". Cannot be specified for other actions. Structure is documented below.
15424
+ * Must be specified if the `action` is "rateBasedBan" or "throttle". Cannot be specified for other actions. Structure is documented below.
15425
+ */
15426
+ rateLimitOptions?: pulumi.Input<inputs.compute.SecurityPolicyRuleRateLimitOptions>;
15427
+ /**
15428
+ * Can be specified if the `action` is "redirect". Cannot be specified for other actions. Structure is documented below.
15429
+ */
15430
+ redirectOptions?: pulumi.Input<inputs.compute.SecurityPolicyRuleRedirectOptions>;
15431
+ }
15432
+ interface SecurityPolicyRuleHeaderAction {
15433
+ /**
15434
+ * The list of request headers to add or overwrite if they're already present. Structure is documented below.
15435
+ */
15436
+ requestHeadersToAdds: pulumi.Input<pulumi.Input<inputs.compute.SecurityPolicyRuleHeaderActionRequestHeadersToAdd>[]>;
15437
+ }
15438
+ interface SecurityPolicyRuleHeaderActionRequestHeadersToAdd {
15439
+ /**
15440
+ * The name of the header to set.
14475
15441
  */
14476
- rateLimitOptions?: pulumi.Input<inputs.compute.SecurityPolicyRuleRateLimitOptions>;
15442
+ headerName: pulumi.Input<string>;
14477
15443
  /**
14478
- * Can be specified if the `action` is "redirect". Cannot be specified for other actions. Structure is documented below.
15444
+ * The value to set the named header to.
14479
15445
  */
14480
- redirectOptions?: pulumi.Input<inputs.compute.SecurityPolicyRuleRedirectOptions>;
15446
+ headerValue?: pulumi.Input<string>;
14481
15447
  }
14482
15448
  interface SecurityPolicyRuleMatch {
14483
15449
  /**
@@ -14619,6 +15585,9 @@ export declare namespace compute {
14619
15585
  * Valid options are "deny()" where valid values for status are 403, 404, 429, and 502.
14620
15586
  */
14621
15587
  exceedAction: pulumi.Input<string>;
15588
+ /**
15589
+ * Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. Structure is documented below.
15590
+ */
14622
15591
  exceedRedirectOptions?: pulumi.Input<inputs.compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptions>;
14623
15592
  /**
14624
15593
  * Threshold at which to begin ratelimiting. Structure is documented below.
@@ -17695,6 +18664,11 @@ export declare namespace container {
17695
18664
  * Kubernetes cluster master through HTTPS.
17696
18665
  */
17697
18666
  cidrBlocks?: pulumi.Input<pulumi.Input<inputs.container.ClusterMasterAuthorizedNetworksConfigCidrBlock>[]>;
18667
+ /**
18668
+ * Whether Kubernetes master is
18669
+ * accessible via Google Compute Engine Public IPs.
18670
+ */
18671
+ gcpPublicCidrsAccessEnabled?: pulumi.Input<boolean>;
17698
18672
  }
17699
18673
  interface ClusterMasterAuthorizedNetworksConfigCidrBlock {
17700
18674
  /**
@@ -17852,6 +18826,13 @@ export declare namespace container {
17852
18826
  * The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
17853
18827
  */
17854
18828
  reservationAffinity?: pulumi.Input<inputs.container.ClusterNodeConfigReservationAffinity>;
18829
+ /**
18830
+ * The GCP labels (key/value pairs) to be applied to each node. Refer [here](https://cloud.google.com/kubernetes-engine/docs/how-to/creating-managing-labels)
18831
+ * for how these labels are applied to clusters, node pools and nodes.
18832
+ */
18833
+ resourceLabels?: pulumi.Input<{
18834
+ [key: string]: pulumi.Input<string>;
18835
+ }>;
17855
18836
  sandboxConfig?: pulumi.Input<inputs.container.ClusterNodeConfigSandboxConfig>;
17856
18837
  /**
17857
18838
  * The service account to be used by the Node VMs.
@@ -18131,6 +19112,13 @@ export declare namespace container {
18131
19112
  * Whether to create a new range for pod IPs in this node pool. Defaults are provided for `podRange` and `podIpv4CidrBlock` if they are not specified.
18132
19113
  */
18133
19114
  createPodRange?: pulumi.Input<boolean>;
19115
+ /**
19116
+ * Enables the private cluster feature,
19117
+ * creating a private endpoint on the cluster. In a private cluster, nodes only
19118
+ * have RFC 1918 private addresses and communicate with the master's private
19119
+ * endpoint via private networking.
19120
+ */
19121
+ enablePrivateNodes?: pulumi.Input<boolean>;
18134
19122
  /**
18135
19123
  * The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
18136
19124
  */
@@ -18138,7 +19126,7 @@ export declare namespace container {
18138
19126
  /**
18139
19127
  * The ID of the secondary range for pod IPs. If `createPodRange` is true, this ID is used for the new range. If `createPodRange` is false, uses an existing secondary range with this ID.
18140
19128
  */
18141
- podRange: pulumi.Input<string>;
19129
+ podRange?: pulumi.Input<string>;
18142
19130
  }
18143
19131
  interface ClusterNodePoolNodeConfig {
18144
19132
  /**
@@ -18251,6 +19239,13 @@ export declare namespace container {
18251
19239
  * The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
18252
19240
  */
18253
19241
  reservationAffinity?: pulumi.Input<inputs.container.ClusterNodePoolNodeConfigReservationAffinity>;
19242
+ /**
19243
+ * The GCP labels (key/value pairs) to be applied to each node. Refer [here](https://cloud.google.com/kubernetes-engine/docs/how-to/creating-managing-labels)
19244
+ * for how these labels are applied to clusters, node pools and nodes.
19245
+ */
19246
+ resourceLabels?: pulumi.Input<{
19247
+ [key: string]: pulumi.Input<string>;
19248
+ }>;
18254
19249
  sandboxConfig?: pulumi.Input<inputs.container.ClusterNodePoolNodeConfigSandboxConfig>;
18255
19250
  /**
18256
19251
  * The service account to be used by the Node VMs.
@@ -18486,7 +19481,7 @@ export declare namespace container {
18486
19481
  * is disabled. When `false`, either endpoint can be used. This field only applies
18487
19482
  * to private clusters, when `enablePrivateNodes` is `true`.
18488
19483
  */
18489
- enablePrivateEndpoint: pulumi.Input<boolean>;
19484
+ enablePrivateEndpoint?: pulumi.Input<boolean>;
18490
19485
  /**
18491
19486
  * Enables the private cluster feature,
18492
19487
  * creating a private endpoint on the cluster. In a private cluster, nodes only
@@ -18518,6 +19513,10 @@ export declare namespace container {
18518
19513
  * The internal IP address of this cluster's master endpoint.
18519
19514
  */
18520
19515
  privateEndpoint?: pulumi.Input<string>;
19516
+ /**
19517
+ * Subnetwork in cluster's network where master's endpoint will be provisioned.
19518
+ */
19519
+ privateEndpointSubnetwork?: pulumi.Input<string>;
18521
19520
  /**
18522
19521
  * The external IP address of this cluster's master endpoint.
18523
19522
  */
@@ -18635,9 +19634,22 @@ export declare namespace container {
18635
19634
  autoUpgrade?: pulumi.Input<boolean>;
18636
19635
  }
18637
19636
  interface NodePoolNetworkConfig {
19637
+ /**
19638
+ * Whether to create a new range for pod IPs in this node pool. Defaults are provided for `podRange` and `podIpv4CidrBlock` if they are not specified.
19639
+ */
18638
19640
  createPodRange?: pulumi.Input<boolean>;
19641
+ /**
19642
+ * Whether nodes have internal IP addresses only.
19643
+ */
19644
+ enablePrivateNodes?: pulumi.Input<boolean>;
19645
+ /**
19646
+ * The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
19647
+ */
18639
19648
  podIpv4CidrBlock?: pulumi.Input<string>;
18640
- podRange: pulumi.Input<string>;
19649
+ /**
19650
+ * The ID of the secondary range for pod IPs. If `createPodRange` is true, this ID is used for the new range. If `createPodRange` is false, uses an existing secondary range with this ID.
19651
+ */
19652
+ podRange?: pulumi.Input<string>;
18641
19653
  }
18642
19654
  interface NodePoolNodeConfig {
18643
19655
  bootDiskKmsKey?: pulumi.Input<string>;
@@ -18664,6 +19676,9 @@ export declare namespace container {
18664
19676
  oauthScopes?: pulumi.Input<pulumi.Input<string>[]>;
18665
19677
  preemptible?: pulumi.Input<boolean>;
18666
19678
  reservationAffinity?: pulumi.Input<inputs.container.NodePoolNodeConfigReservationAffinity>;
19679
+ resourceLabels?: pulumi.Input<{
19680
+ [key: string]: pulumi.Input<string>;
19681
+ }>;
18667
19682
  sandboxConfig?: pulumi.Input<inputs.container.NodePoolNodeConfigSandboxConfig>;
18668
19683
  serviceAccount?: pulumi.Input<string>;
18669
19684
  shieldedInstanceConfig?: pulumi.Input<inputs.container.NodePoolNodeConfigShieldedInstanceConfig>;
@@ -19080,6 +20095,16 @@ export declare namespace datafusion {
19080
20095
  */
19081
20096
  keyReference: pulumi.Input<string>;
19082
20097
  }
20098
+ interface InstanceEventPublishConfig {
20099
+ /**
20100
+ * Option to enable Event Publishing.
20101
+ */
20102
+ enabled: pulumi.Input<boolean>;
20103
+ /**
20104
+ * The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}
20105
+ */
20106
+ topic: pulumi.Input<string>;
20107
+ }
19083
20108
  interface InstanceNetworkConfig {
19084
20109
  /**
19085
20110
  * The IP range in CIDR notation to use for the managed Data Fusion instance
@@ -21368,6 +22393,27 @@ export declare namespace dataproc {
21368
22393
  */
21369
22394
  enabled: pulumi.Input<boolean>;
21370
22395
  }
22396
+ interface MetastoreServiceNetworkConfig {
22397
+ /**
22398
+ * The consumer-side network configuration for the Dataproc Metastore instance.
22399
+ * Structure is documented below.
22400
+ */
22401
+ consumers: pulumi.Input<pulumi.Input<inputs.dataproc.MetastoreServiceNetworkConfigConsumer>[]>;
22402
+ }
22403
+ interface MetastoreServiceNetworkConfigConsumer {
22404
+ /**
22405
+ * -
22406
+ * The URI of the endpoint used to access the metastore service.
22407
+ */
22408
+ endpointUri?: pulumi.Input<string>;
22409
+ /**
22410
+ * The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.
22411
+ * It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.
22412
+ * There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:
22413
+ * `projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}
22414
+ */
22415
+ subnetwork: pulumi.Input<string>;
22416
+ }
21371
22417
  interface WorkflowTemplateJob {
21372
22418
  /**
21373
22419
  * Optional. Job is a Hadoop job.
@@ -22545,6 +23591,12 @@ export declare namespace datastream {
22545
23591
  */
22546
23592
  privateConnection: pulumi.Input<string>;
22547
23593
  }
23594
+ interface PrivateConnectionError {
23595
+ details?: pulumi.Input<{
23596
+ [key: string]: pulumi.Input<string>;
23597
+ }>;
23598
+ message?: pulumi.Input<string>;
23599
+ }
22548
23600
  interface PrivateConnectionVpcPeeringConfig {
22549
23601
  /**
22550
23602
  * A free subnet for peering. (CIDR of /29)
@@ -24111,6 +25163,111 @@ export declare namespace gameservices {
24111
25163
  realms?: pulumi.Input<pulumi.Input<string>[]>;
24112
25164
  }
24113
25165
  }
25166
+ export declare namespace gkebackup {
25167
+ interface BackupPlanBackupConfig {
25168
+ /**
25169
+ * If True, include all namespaced resources.
25170
+ */
25171
+ allNamespaces?: pulumi.Input<boolean>;
25172
+ /**
25173
+ * This defines a customer managed encryption key that will be used to encrypt the "config"
25174
+ * portion (the Kubernetes resources) of Backups created via this plan.
25175
+ * Structure is documented below.
25176
+ */
25177
+ encryptionKey?: pulumi.Input<inputs.gkebackup.BackupPlanBackupConfigEncryptionKey>;
25178
+ /**
25179
+ * This flag specifies whether Kubernetes Secret resources should be included
25180
+ * when they fall into the scope of Backups.
25181
+ */
25182
+ includeSecrets?: pulumi.Input<boolean>;
25183
+ /**
25184
+ * This flag specifies whether volume data should be backed up when PVCs are
25185
+ * included in the scope of a Backup.
25186
+ */
25187
+ includeVolumeData?: pulumi.Input<boolean>;
25188
+ /**
25189
+ * A list of namespaced Kubernetes Resources.
25190
+ * Structure is documented below.
25191
+ */
25192
+ selectedApplications?: pulumi.Input<inputs.gkebackup.BackupPlanBackupConfigSelectedApplications>;
25193
+ /**
25194
+ * If set, include just the resources in the listed namespaces.
25195
+ * Structure is documented below.
25196
+ */
25197
+ selectedNamespaces?: pulumi.Input<inputs.gkebackup.BackupPlanBackupConfigSelectedNamespaces>;
25198
+ }
25199
+ interface BackupPlanBackupConfigEncryptionKey {
25200
+ /**
25201
+ * Google Cloud KMS encryption key. Format: projects/*&#47;locations/*&#47;keyRings/*&#47;cryptoKeys/*
25202
+ */
25203
+ gcpKmsEncryptionKey: pulumi.Input<string>;
25204
+ }
25205
+ interface BackupPlanBackupConfigSelectedApplications {
25206
+ /**
25207
+ * A list of namespaced Kubernetes resources.
25208
+ * Structure is documented below.
25209
+ */
25210
+ namespacedNames: pulumi.Input<pulumi.Input<inputs.gkebackup.BackupPlanBackupConfigSelectedApplicationsNamespacedName>[]>;
25211
+ }
25212
+ interface BackupPlanBackupConfigSelectedApplicationsNamespacedName {
25213
+ /**
25214
+ * The name of a Kubernetes Resource.
25215
+ */
25216
+ name: pulumi.Input<string>;
25217
+ /**
25218
+ * The namespace of a Kubernetes Resource.
25219
+ */
25220
+ namespace: pulumi.Input<string>;
25221
+ }
25222
+ interface BackupPlanBackupConfigSelectedNamespaces {
25223
+ /**
25224
+ * A list of Kubernetes Namespaces.
25225
+ */
25226
+ namespaces: pulumi.Input<pulumi.Input<string>[]>;
25227
+ }
25228
+ interface BackupPlanBackupSchedule {
25229
+ /**
25230
+ * A standard cron string that defines a repeating schedule for
25231
+ * creating Backups via this BackupPlan.
25232
+ * If this is defined, then backupRetainDays must also be defined.
25233
+ */
25234
+ cronSchedule?: pulumi.Input<string>;
25235
+ /**
25236
+ * This flag denotes whether automatic Backup creation is paused for this BackupPlan.
25237
+ */
25238
+ paused?: pulumi.Input<boolean>;
25239
+ }
25240
+ interface BackupPlanRetentionPolicy {
25241
+ /**
25242
+ * Minimum age for a Backup created via this BackupPlan (in days).
25243
+ * Must be an integer value between 0-90 (inclusive).
25244
+ * A Backup created under this BackupPlan will not be deletable
25245
+ * until it reaches Backup's (create time + backup_delete_lock_days).
25246
+ * Updating this field of a BackupPlan does not affect existing Backups.
25247
+ * Backups created after a successful update will inherit this new value.
25248
+ */
25249
+ backupDeleteLockDays?: pulumi.Input<number>;
25250
+ /**
25251
+ * The default maximum age of a Backup created via this BackupPlan.
25252
+ * This field MUST be an integer value >= 0 and <= 365. If specified,
25253
+ * a Backup created under this BackupPlan will be automatically deleted
25254
+ * after its age reaches (createTime + backupRetainDays).
25255
+ * If not specified, Backups created under this BackupPlan will NOT be
25256
+ * subject to automatic deletion. Updating this field does NOT affect
25257
+ * existing Backups under it. Backups created AFTER a successful update
25258
+ * will automatically pick up the new value.
25259
+ * NOTE: backupRetainDays must be >= backupDeleteLockDays.
25260
+ * If cronSchedule is defined, then this must be <= 360 * the creation interval.]
25261
+ */
25262
+ backupRetainDays?: pulumi.Input<number>;
25263
+ /**
25264
+ * This flag denotes whether the retention policy of this BackupPlan is locked.
25265
+ * If set to True, no further update is allowed on this policy, including
25266
+ * the locked field itself.
25267
+ */
25268
+ locked?: pulumi.Input<boolean>;
25269
+ }
25270
+ }
24114
25271
  export declare namespace gkehub {
24115
25272
  interface FeatureMembershipConfigmanagement {
24116
25273
  /**
@@ -24241,6 +25398,10 @@ export declare namespace gkehub {
24241
25398
  backends?: pulumi.Input<pulumi.Input<string>[]>;
24242
25399
  }
24243
25400
  interface FeatureMembershipMesh {
25401
+ /**
25402
+ * Whether to automatically manage Service Mesh Control Plane. Can either be `AUTOMATIC` or `MANUAL`.
25403
+ */
25404
+ controlPlane?: pulumi.Input<string>;
24244
25405
  /**
24245
25406
  * Whether to automatically manage Service Mesh. Can either be `MANAGEMENT_AUTOMATIC` or `MANAGEMENT_MANUAL`.
24246
25407
  */
@@ -24554,6 +25715,34 @@ export declare namespace iam {
24554
25715
  */
24555
25716
  title?: pulumi.Input<string>;
24556
25717
  }
25718
+ interface WorkforcePoolProviderOidc {
25719
+ /**
25720
+ * The client ID. Must match the audience claim of the JWT issued by the identity provider.
25721
+ */
25722
+ clientId: pulumi.Input<string>;
25723
+ /**
25724
+ * The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
25725
+ */
25726
+ issuerUri: pulumi.Input<string>;
25727
+ }
25728
+ interface WorkforcePoolProviderSaml {
25729
+ /**
25730
+ * SAML Identity provider configuration metadata xml doc.
25731
+ * The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).
25732
+ * The max size of the acceptable xml document will be bounded to 128k characters.
25733
+ * The metadata xml document should satisfy the following constraints:
25734
+ * 1) Must contain an Identity Provider Entity ID.
25735
+ * 2) Must contain at least one non-expired signing key certificate.
25736
+ * 3) For each signing key:
25737
+ * a) Valid from should be no more than 7 days from now.
25738
+ * b) Valid to should be no more than 10 years in the future.
25739
+ * 4) Up to 3 IdP signing keys are allowed in the metadata xml.
25740
+ * When updating the provider's metadata xml, at least one non-expired signing key
25741
+ * must overlap with the existing metadata. This requirement is skipped if there are
25742
+ * no non-expired signing keys present in the existing metadata.
25743
+ */
25744
+ idpMetadataXml: pulumi.Input<string>;
25745
+ }
24557
25746
  interface WorkloadIdentityPoolProviderAws {
24558
25747
  /**
24559
25748
  * The AWS account ID.
@@ -25200,6 +26389,15 @@ export declare namespace kms {
25200
26389
  }
25201
26390
  }
25202
26391
  export declare namespace logging {
26392
+ interface BillingAccountBucketConfigCmekSettings {
26393
+ kmsKeyName: pulumi.Input<string>;
26394
+ kmsKeyVersionName?: pulumi.Input<string>;
26395
+ /**
26396
+ * The resource name of the bucket. For example: "projects/my-project-id/locations/my-location/buckets/my-bucket-id"
26397
+ */
26398
+ name?: pulumi.Input<string>;
26399
+ serviceAccountId?: pulumi.Input<string>;
26400
+ }
25203
26401
  interface BillingAccountSinkBigqueryOptions {
25204
26402
  /**
25205
26403
  * Whether to use [BigQuery's partition tables](https://cloud.google.com/bigquery/docs/partitioned-tables).
@@ -25228,6 +26426,15 @@ export declare namespace logging {
25228
26426
  */
25229
26427
  name: pulumi.Input<string>;
25230
26428
  }
26429
+ interface FolderBucketConfigCmekSettings {
26430
+ kmsKeyName: pulumi.Input<string>;
26431
+ kmsKeyVersionName?: pulumi.Input<string>;
26432
+ /**
26433
+ * The resource name of the bucket. For example: "folders/my-folder-id/locations/my-location/buckets/my-bucket-id"
26434
+ */
26435
+ name?: pulumi.Input<string>;
26436
+ serviceAccountId?: pulumi.Input<string>;
26437
+ }
25231
26438
  interface FolderSinkBigqueryOptions {
25232
26439
  /**
25233
26440
  * Whether to use [BigQuery's partition tables](https://cloud.google.com/bigquery/docs/partitioned-tables).
@@ -25361,6 +26568,15 @@ export declare namespace logging {
25361
26568
  */
25362
26569
  valueType?: pulumi.Input<string>;
25363
26570
  }
26571
+ interface OrganizationBucketConfigCmekSettings {
26572
+ kmsKeyName: pulumi.Input<string>;
26573
+ kmsKeyVersionName?: pulumi.Input<string>;
26574
+ /**
26575
+ * The resource name of the bucket. For example: "organizations/my-organization-id/locations/my-location/buckets/my-bucket-id"
26576
+ */
26577
+ name?: pulumi.Input<string>;
26578
+ serviceAccountId?: pulumi.Input<string>;
26579
+ }
25364
26580
  interface OrganizationSinkBigqueryOptions {
25365
26581
  /**
25366
26582
  * Whether to use [BigQuery's partition tables](https://cloud.google.com/bigquery/docs/partitioned-tables).
@@ -25389,6 +26605,36 @@ export declare namespace logging {
25389
26605
  */
25390
26606
  name: pulumi.Input<string>;
25391
26607
  }
26608
+ interface ProjectBucketConfigCmekSettings {
26609
+ /**
26610
+ * The resource name for the configured Cloud KMS key.
26611
+ * KMS key name format:
26612
+ * `'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'`
26613
+ * To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.
26614
+ * The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.
26615
+ * See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.
26616
+ */
26617
+ kmsKeyName: pulumi.Input<string>;
26618
+ /**
26619
+ * The CryptoKeyVersion resource name for the configured Cloud KMS key.
26620
+ * KMS key name format:
26621
+ * `'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'`
26622
+ * For example:
26623
+ * "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1"
26624
+ * This is a read-only field used to convey the specific configured CryptoKeyVersion of kmsKey that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
26625
+ */
26626
+ kmsKeyVersionName?: pulumi.Input<string>;
26627
+ /**
26628
+ * The resource name of the CMEK settings.
26629
+ */
26630
+ name?: pulumi.Input<string>;
26631
+ /**
26632
+ * The service account associated with a project for which CMEK will apply.
26633
+ * Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.
26634
+ * See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.
26635
+ */
26636
+ serviceAccountId?: pulumi.Input<string>;
26637
+ }
25392
26638
  interface ProjectSinkBigqueryOptions {
25393
26639
  /**
25394
26640
  * Whether to use [BigQuery's partition tables](https://cloud.google.com/bigquery/docs/partitioned-tables).
@@ -26933,6 +28179,65 @@ export declare namespace networkservices {
26933
28179
  */
26934
28180
  secretAccessKeyVersion: pulumi.Input<string>;
26935
28181
  }
28182
+ interface EdgeCacheOriginOriginOverrideAction {
28183
+ /**
28184
+ * The header actions, including adding and removing
28185
+ * headers, for request handled by this origin.
28186
+ * Structure is documented below.
28187
+ */
28188
+ headerAction?: pulumi.Input<inputs.networkservices.EdgeCacheOriginOriginOverrideActionHeaderAction>;
28189
+ /**
28190
+ * The URL rewrite configuration for request that are
28191
+ * handled by this origin.
28192
+ * Structure is documented below.
28193
+ */
28194
+ urlRewrite?: pulumi.Input<inputs.networkservices.EdgeCacheOriginOriginOverrideActionUrlRewrite>;
28195
+ }
28196
+ interface EdgeCacheOriginOriginOverrideActionHeaderAction {
28197
+ /**
28198
+ * Describes a header to add.
28199
+ * You may add a maximum of 5 request headers.
28200
+ * Structure is documented below.
28201
+ */
28202
+ requestHeadersToAdds?: pulumi.Input<pulumi.Input<inputs.networkservices.EdgeCacheOriginOriginOverrideActionHeaderActionRequestHeadersToAdd>[]>;
28203
+ }
28204
+ interface EdgeCacheOriginOriginOverrideActionHeaderActionRequestHeadersToAdd {
28205
+ /**
28206
+ * The name of the header to add.
28207
+ */
28208
+ headerName: pulumi.Input<string>;
28209
+ /**
28210
+ * The value of the header to add.
28211
+ */
28212
+ headerValue: pulumi.Input<string>;
28213
+ /**
28214
+ * Whether to replace all existing headers with the same name.
28215
+ * By default, added header values are appended
28216
+ * to the response or request headers with the
28217
+ * same field names. The added values are
28218
+ * separated by commas.
28219
+ * To overwrite existing values, set `replace` to `true`.
28220
+ */
28221
+ replace?: pulumi.Input<boolean>;
28222
+ }
28223
+ interface EdgeCacheOriginOriginOverrideActionUrlRewrite {
28224
+ /**
28225
+ * Prior to forwarding the request to the selected
28226
+ * origin, the request's host header is replaced with
28227
+ * contents of the hostRewrite.
28228
+ * This value must be between 1 and 255 characters.
28229
+ */
28230
+ hostRewrite?: pulumi.Input<string>;
28231
+ }
28232
+ interface EdgeCacheOriginOriginRedirect {
28233
+ /**
28234
+ * The set of redirect response codes that the CDN
28235
+ * follows. Values of
28236
+ * [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)
28237
+ * are accepted.
28238
+ */
28239
+ redirectConditions?: pulumi.Input<pulumi.Input<string>[]>;
28240
+ }
26936
28241
  interface EdgeCacheOriginTimeout {
26937
28242
  /**
26938
28243
  * The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.
@@ -30679,6 +31984,22 @@ export declare namespace secretmanager {
30679
31984
  }
30680
31985
  }
30681
31986
  export declare namespace securitycenter {
31987
+ interface InstanceIamBindingCondition {
31988
+ /**
31989
+ * An optional description of the instance.
31990
+ */
31991
+ description?: pulumi.Input<string>;
31992
+ expression: pulumi.Input<string>;
31993
+ title: pulumi.Input<string>;
31994
+ }
31995
+ interface InstanceIamMemberCondition {
31996
+ /**
31997
+ * An optional description of the instance.
31998
+ */
31999
+ description?: pulumi.Input<string>;
32000
+ expression: pulumi.Input<string>;
32001
+ title: pulumi.Input<string>;
32002
+ }
30682
32003
  interface NotificationConfigStreamingConfig {
30683
32004
  /**
30684
32005
  * Expression that defines the filter to apply across create/update
@@ -30958,6 +32279,7 @@ export declare namespace sql {
30958
32279
  */
30959
32280
  connectorEnforcement?: pulumi.Input<string>;
30960
32281
  databaseFlags?: pulumi.Input<pulumi.Input<inputs.sql.DatabaseInstanceSettingsDatabaseFlag>[]>;
32282
+ denyMaintenancePeriod?: pulumi.Input<inputs.sql.DatabaseInstanceSettingsDenyMaintenancePeriod>;
30961
32283
  /**
30962
32284
  * Enables auto-resizing of the storage size. Defaults to `true`.
30963
32285
  */
@@ -31064,6 +32386,20 @@ export declare namespace sql {
31064
32386
  */
31065
32387
  value: pulumi.Input<string>;
31066
32388
  }
32389
+ interface DatabaseInstanceSettingsDenyMaintenancePeriod {
32390
+ /**
32391
+ * "deny maintenance period" end date. If the year of the end date is empty, the year of the start date also must be empty. In this case, it means the no maintenance interval recurs every year. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01
32392
+ */
32393
+ endDate: pulumi.Input<string>;
32394
+ /**
32395
+ * "deny maintenance period" start date. If the year of the start date is empty, the year of the end date also must be empty. In this case, it means the deny maintenance period recurs every year. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01
32396
+ */
32397
+ startDate: pulumi.Input<string>;
32398
+ /**
32399
+ * Time in UTC when the "deny maintenance period" starts on startDate and ends on endDate. The time is in format: HH:mm:SS, i.e., 00:00:00
32400
+ */
32401
+ time: pulumi.Input<string>;
32402
+ }
31067
32403
  interface DatabaseInstanceSettingsInsightsConfig {
31068
32404
  /**
31069
32405
  * True if Query Insights feature is enabled.
@@ -31234,6 +32570,12 @@ export declare namespace sql {
31234
32570
  }
31235
32571
  }
31236
32572
  export declare namespace storage {
32573
+ interface BucketAutoclass {
32574
+ /**
32575
+ * While set to `true`, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.
32576
+ */
32577
+ enabled: pulumi.Input<boolean>;
32578
+ }
31237
32579
  interface BucketCor {
31238
32580
  /**
31239
32581
  * The value, in seconds, to return in the [Access-Control-Max-Age header](https://www.w3.org/TR/cors/#access-control-max-age-response-header) used in preflight responses.
@@ -31305,7 +32647,7 @@ export declare namespace storage {
31305
32647
  */
31306
32648
  storageClass?: pulumi.Input<string>;
31307
32649
  /**
31308
- * The type of the action of this Lifecycle Rule. Supported values include: `Delete` and `SetStorageClass`.
32650
+ * The type of the action of this Lifecycle Rule. Supported values include: `Delete`, `SetStorageClass` and `AbortIncompleteMultipartUpload`.
31309
32651
  */
31310
32652
  type: pulumi.Input<string>;
31311
32653
  }
@@ -31388,7 +32730,7 @@ export declare namespace storage {
31388
32730
  }
31389
32731
  interface BucketVersioning {
31390
32732
  /**
31391
- * While set to `true`, versioning is fully enabled for this bucket.
32733
+ * While set to `true`, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.
31392
32734
  */
31393
32735
  enabled: pulumi.Input<boolean>;
31394
32736
  }
@@ -31757,6 +33099,16 @@ export declare namespace vertex {
31757
33099
  */
31758
33100
  kmsKeyName: pulumi.Input<string>;
31759
33101
  }
33102
+ interface AiFeatureStoreEntityTypeIamBindingCondition {
33103
+ description?: pulumi.Input<string>;
33104
+ expression: pulumi.Input<string>;
33105
+ title: pulumi.Input<string>;
33106
+ }
33107
+ interface AiFeatureStoreEntityTypeIamMemberCondition {
33108
+ description?: pulumi.Input<string>;
33109
+ expression: pulumi.Input<string>;
33110
+ title: pulumi.Input<string>;
33111
+ }
31760
33112
  interface AiFeatureStoreEntityTypeMonitoringConfig {
31761
33113
  /**
31762
33114
  * Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).
@@ -31842,6 +33194,93 @@ export declare namespace vertex {
31842
33194
  */
31843
33195
  fixedNodeCount: pulumi.Input<number>;
31844
33196
  }
33197
+ interface AiIndexDeployedIndex {
33198
+ deployedIndexId?: pulumi.Input<string>;
33199
+ indexEndpoint?: pulumi.Input<string>;
33200
+ }
33201
+ interface AiIndexIndexStat {
33202
+ shardsCount?: pulumi.Input<number>;
33203
+ vectorsCount?: pulumi.Input<string>;
33204
+ }
33205
+ interface AiIndexMetadata {
33206
+ /**
33207
+ * The configuration of the Matching Engine Index.
33208
+ * Structure is documented below.
33209
+ */
33210
+ config?: pulumi.Input<inputs.vertex.AiIndexMetadataConfig>;
33211
+ /**
33212
+ * Allows inserting, updating or deleting the contents of the Matching Engine Index.
33213
+ * The string must be a valid Cloud Storage directory path. If this
33214
+ * field is set when calling IndexService.UpdateIndex, then no other
33215
+ * Index field can be also updated as part of the same call.
33216
+ * The expected structure and format of the files this URI points to is
33217
+ * described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format
33218
+ */
33219
+ contentsDeltaUri?: pulumi.Input<string>;
33220
+ /**
33221
+ * If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,
33222
+ * then existing content of the Index will be replaced by the data from the contentsDeltaUri.
33223
+ */
33224
+ isCompleteOverwrite?: pulumi.Input<boolean>;
33225
+ }
33226
+ interface AiIndexMetadataConfig {
33227
+ /**
33228
+ * The configuration with regard to the algorithms used for efficient search.
33229
+ * Structure is documented below.
33230
+ */
33231
+ algorithmConfig?: pulumi.Input<inputs.vertex.AiIndexMetadataConfigAlgorithmConfig>;
33232
+ /**
33233
+ * The default number of neighbors to find via approximate search before exact reordering is
33234
+ * performed. Exact reordering is a procedure where results returned by an
33235
+ * approximate search algorithm are reordered via a more expensive distance computation.
33236
+ * Required if tree-AH algorithm is used.
33237
+ */
33238
+ approximateNeighborsCount?: pulumi.Input<number>;
33239
+ /**
33240
+ * The number of dimensions of the input vectors.
33241
+ */
33242
+ dimensions: pulumi.Input<number>;
33243
+ /**
33244
+ * The distance measure used in nearest neighbor search. The value must be one of the followings:
33245
+ * * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance
33246
+ * * L1_DISTANCE: Manhattan (L_1) Distance
33247
+ * * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.
33248
+ * * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product
33249
+ */
33250
+ distanceMeasureType?: pulumi.Input<string>;
33251
+ /**
33252
+ * Type of normalization to be carried out on each vector. The value must be one of the followings:
33253
+ * * UNIT_L2_NORM: Unit L2 normalization type
33254
+ * * NONE: No normalization type is specified.
33255
+ */
33256
+ featureNormType?: pulumi.Input<string>;
33257
+ }
33258
+ interface AiIndexMetadataConfigAlgorithmConfig {
33259
+ /**
33260
+ * Configuration options for using brute force search, which simply implements the
33261
+ * standard linear search in the database for each query.
33262
+ */
33263
+ bruteForceConfig?: pulumi.Input<inputs.vertex.AiIndexMetadataConfigAlgorithmConfigBruteForceConfig>;
33264
+ /**
33265
+ * Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).
33266
+ * Please refer to this paper for more details: https://arxiv.org/abs/1908.10396
33267
+ * Structure is documented below.
33268
+ */
33269
+ treeAhConfig?: pulumi.Input<inputs.vertex.AiIndexMetadataConfigAlgorithmConfigTreeAhConfig>;
33270
+ }
33271
+ interface AiIndexMetadataConfigAlgorithmConfigBruteForceConfig {
33272
+ }
33273
+ interface AiIndexMetadataConfigAlgorithmConfigTreeAhConfig {
33274
+ /**
33275
+ * Number of embeddings on each leaf node. The default value is 1000 if not set.
33276
+ */
33277
+ leafNodeEmbeddingCount?: pulumi.Input<number>;
33278
+ /**
33279
+ * The default percentage of leaf nodes that any query may be searched. Must be in
33280
+ * range 1-100, inclusive. The default value is 10 (means 10%) if not set.
33281
+ */
33282
+ leafNodesToSearchPercent?: pulumi.Input<number>;
33283
+ }
31845
33284
  interface AiMetadataStoreEncryptionSpec {
31846
33285
  /**
31847
33286
  * Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.
@@ -31852,6 +33291,13 @@ export declare namespace vertex {
31852
33291
  interface AiMetadataStoreState {
31853
33292
  diskUtilizationBytes?: pulumi.Input<string>;
31854
33293
  }
33294
+ interface AiTensorboardEncryptionSpec {
33295
+ /**
33296
+ * The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.
33297
+ * Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.
33298
+ */
33299
+ kmsKeyName: pulumi.Input<string>;
33300
+ }
31855
33301
  }
31856
33302
  export declare namespace vpcaccess {
31857
33303
  interface ConnectorSubnet {