@pulumi/gcp 8.36.0 → 8.37.0

package/types/output.d.ts

@@ -3898,6 +3898,147 @@ export declare namespace apihub {
          */
         pluginInstance: string;
     }
+    interface PluginActionsConfig {
+        /**
+         * The description of the operation performed by the action.
+         */
+        description: string;
+        /**
+         * The display name of the action.
+         */
+        displayName: string;
+        /**
+         * The id of the action.
+         */
+        id: string;
+        /**
+         * The trigger mode supported by the action.
+         * Possible values:
+         * TRIGGER_MODE_UNSPECIFIED
+         * API_HUB_ON_DEMAND_TRIGGER
+         * API_HUB_SCHEDULE_TRIGGER
+         * NON_API_HUB_MANAGED
+         */
+        triggerMode: string;
+    }
+    interface PluginConfigTemplate {
+        /**
+         * The list of additional configuration variables for the plugin's
+         * configuration.
+         * Structure is documented below.
+         */
+        additionalConfigTemplates?: outputs.apihub.PluginConfigTemplateAdditionalConfigTemplate[];
+        /**
+         * AuthConfigTemplate represents the authentication template for a plugin.
+         * Structure is documented below.
+         */
+        authConfigTemplate?: outputs.apihub.PluginConfigTemplateAuthConfigTemplate;
+    }
+    interface PluginConfigTemplateAdditionalConfigTemplate {
+        /**
+         * Description.
+         */
+        description?: string;
+        /**
+         * Enum options. To be populated if `ValueType` is `ENUM`.
+         * Structure is documented below.
+         */
+        enumOptions?: outputs.apihub.PluginConfigTemplateAdditionalConfigTemplateEnumOption[];
+        /**
+         * ID of the config variable. Must be unique within the configuration.
+         */
+        id: string;
+        /**
+         * Multi select options. To be populated if `ValueType` is `MULTI_SELECT`.
+         * Structure is documented below.
+         */
+        multiSelectOptions?: outputs.apihub.PluginConfigTemplateAdditionalConfigTemplateMultiSelectOption[];
+        /**
+         * Flag represents that this `ConfigVariable` must be provided for a
+         * PluginInstance.
+         */
+        required?: boolean;
+        /**
+         * Regular expression in RE2 syntax used for validating the `value` of a
+         * `ConfigVariable`.
+         */
+        validationRegex?: string;
+        /**
+         * Type of the parameter: string, int, bool etc.
+         * Possible values:
+         * VALUE_TYPE_UNSPECIFIED
+         * STRING
+         * INT
+         * BOOL
+         * SECRET
+         * ENUM
+         * MULTI_SELECT
+         * MULTI_STRING
+         * MULTI_INT
+         */
+        valueType: string;
+    }
+    interface PluginConfigTemplateAdditionalConfigTemplateEnumOption {
+        /**
+         * Description of the option.
+         */
+        description?: string;
+        /**
+         * Display name of the option.
+         */
+        displayName: string;
+        /**
+         * Id of the option.
+         */
+        id: string;
+    }
+    interface PluginConfigTemplateAdditionalConfigTemplateMultiSelectOption {
+        /**
+         * Description of the option.
+         */
+        description?: string;
+        /**
+         * Display name of the option.
+         */
+        displayName: string;
+        /**
+         * Id of the option.
+         */
+        id: string;
+    }
+    interface PluginConfigTemplateAuthConfigTemplate {
+        /**
+         * Config for Google service account authentication.
+         * Structure is documented below.
+         */
+        serviceAccount?: outputs.apihub.PluginConfigTemplateAuthConfigTemplateServiceAccount;
+        /**
+         * The list of authentication types supported by the plugin.
+         */
+        supportedAuthTypes: string[];
+    }
+    interface PluginConfigTemplateAuthConfigTemplateServiceAccount {
+        /**
+         * The service account to be used for authenticating request.
+         * The `iam.serviceAccounts.getAccessToken` permission should be granted on
+         * this service account to the impersonator service account.
+         */
+        serviceAccount: string;
+    }
+    interface PluginDocumentation {
+        /**
+         * The uri of the externally hosted documentation.
+         */
+        externalUri?: string;
+    }
+    interface PluginHostingService {
+        /**
+         * The URI of the service implemented by the plugin developer, used to
+         * invoke the plugin's functionality. This information is only required for
+         * user defined plugins.
+         */
+        serviceUri?: string;
+    }
     interface PluginInstanceAction {
         /**
          * This should map to one of the action id specified
@@ -17292,6 +17433,10 @@ export declare namespace cloudidentity {
         namespace?: string;
     }
     interface GetGroupMembershipsMembership {
+        /**
+         * If set to true, skip group member creation if a membership with the same name already exists. Defaults to false.
+         */
+        createIgnoreAlreadyExists: boolean;
         /**
          * The time when the Membership was created.
          */
@@ -19642,6 +19787,10 @@ export declare namespace cloudrunv2 {
          * Number of retries allowed per Task, before marking this Task failed. Defaults to 3. Minimum value is 0.
          */
         maxRetries: number;
+        /**
+         * Node Selector describes the hardware requirements of the resources.
+         */
+        nodeSelectors: outputs.cloudrunv2.GetJobTemplateTemplateNodeSelector[];
         /**
          * Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.
          */
@@ -19753,7 +19902,7 @@ export declare namespace cloudrunv2 {
     }
     interface GetJobTemplateTemplateContainerResource {
         /**
-         * Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
+         * Only memory, CPU, and nvidia.com/gpu are supported. Use key 'cpu' for CPU limit, 'memory' for memory limit, 'nvidia.com/gpu' for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
          */
         limits: {
             [key: string]: string;
@@ -19850,6 +19999,12 @@ export declare namespace cloudrunv2 {
          */
         name: string;
     }
+    interface GetJobTemplateTemplateNodeSelector {
+        /**
+         * The GPU to attach to an instance. See https://cloud.google.com/run/docs/configuring/jobs/gpu for configuring GPU.
+         */
+        accelerator: string;
+    }
     interface GetJobTemplateTemplateVolume {
         /**
          * For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.
@@ -21271,6 +21426,11 @@ export declare namespace cloudrunv2 {
          * Number of retries allowed per Task, before marking this Task failed. Defaults to 3. Minimum value is 0.
          */
         maxRetries?: number;
+        /**
+         * Node Selector describes the hardware requirements of the resources.
+         * Structure is documented below.
+         */
+        nodeSelector?: outputs.cloudrunv2.JobTemplateTemplateNodeSelector;
         /**
          * Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.
          */
@@ -21389,7 +21549,7 @@ export declare namespace cloudrunv2 {
     }
     interface JobTemplateTemplateContainerResources {
         /**
-         * Only memory and CPU are supported. Use key `cpu` for CPU limit and `memory` for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
+         * Only memory, CPU, and nvidia.com/gpu are supported. Use key `cpu` for CPU limit, `memory` for memory limit, `nvidia.com/gpu` for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
          */
         limits: {
             [key: string]: string;
@@ -21490,6 +21650,14 @@ export declare namespace cloudrunv2 {
          */
         name: string;
     }
+    interface JobTemplateTemplateNodeSelector {
+        /**
+         * The GPU to attach to an instance. See https://cloud.google.com/run/docs/configuring/jobs/gpu for configuring GPU.
+         *
+         * - - -
+         */
+        accelerator: string;
+    }
     interface JobTemplateTemplateVolume {
         /**
          * For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.
@@ -21628,8 +21796,6 @@ export declare namespace cloudrunv2 {
         subnetwork: string;
         /**
          * Network tags applied to this Cloud Run job.
-         *
-         * - - -
          */
         tags?: string[];
     }
@@ -25869,11 +26035,16 @@ export declare namespace compute {
          */
         srcRegionCodes?: string[];
         /**
-         * Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
+         * List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
+         * Structure is documented below.
          *
          *
          * <a name="nestedMatchLayer4Configs"></a>The `layer4Configs` block supports:
          */
+        srcSecureTags?: outputs.compute.FirewallPolicyRuleMatchSrcSecureTag[];
+        /**
+         * Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
+         */
         srcThreatIntelligences?: string[];
     }
     interface FirewallPolicyRuleMatchLayer4Config {
@@ -25888,6 +26059,30 @@ export declare namespace compute {
          */
         ports?: string[];
     }
+    interface FirewallPolicyRuleMatchSrcSecureTag {
+        /**
+         * Name of the secure tag, created with TagManager's TagValue API.
+         */
+        name?: string;
+        /**
+         * (Output)
+         * State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.
+         *
+         * - - -
+         */
+        state: string;
+    }
+    interface FirewallPolicyRuleTargetSecureTag {
+        /**
+         * Name of the secure tag, created with TagManager's TagValue API.
+         */
+        name?: string;
+        /**
+         * (Output)
+         * State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.
+         */
+        state: string;
+    }
     interface FirewallPolicyWithRulesPredefinedRule {
         /**
          * (Output)
@@ -28637,6 +28832,12 @@ export declare namespace compute {
             [key: string]: string;
         };
     }
+    interface GetInstanceGroupManagerResourcePolicy {
+        /**
+         * The URL of the workload policy that is specified for this managed instance group. It can be a full or partial URL.
+         */
+        workloadPolicy: string;
+    }
     interface GetInstanceGroupManagerStandbyPolicy {
         /**
          * Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.
@@ -34803,11 +35004,19 @@ export declare namespace compute {
     interface InstanceGroupManagerParams {
         /**
          * Resource manager tags to bind to the managed instance group. The tags are key-value pairs. Keys must be in the format tagKeys/123 and values in the format tagValues/456. For more information, see [Manage tags for resources](https://cloud.google.com/compute/docs/tag-resources)
+         *
+         * - - -
          */
         resourceManagerTags?: {
             [key: string]: string;
         };
     }
+    interface InstanceGroupManagerResourcePolicies {
+        /**
+         * The URL of the workload policy that is specified for this managed instance group. It can be a full or partial URL.
+         */
+        workloadPolicy?: string;
+    }
     interface InstanceGroupManagerStandbyPolicy {
         /**
          * Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.
@@ -37206,6 +37415,16 @@ export declare namespace compute {
          */
         state: string;
     }
+    interface NetworkParams {
+        /**
+         * Resource manager tags to be bound to the network. Tag keys and values have the
+         * same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+         * and values are in the format tagValues/456.
+         */
+        resourceManagerTags?: {
+            [key: string]: string;
+        };
+    }
     interface NodeGroupAutoscalingPolicy {
         /**
          * Maximum size of the node group. Set to a value less than or equal
@@ -47418,6 +47637,110 @@ export declare namespace compute {
          */
         pfs?: string[];
     }
+    interface WireGroupEndpoint {
+        /**
+         * The identifier for this object. Format specified above.
+         */
+        endpoint: string;
+        /**
+         * Structure is documented below.
+         */
+        interconnects?: outputs.compute.WireGroupEndpointInterconnect[];
+    }
+    interface WireGroupEndpointInterconnect {
+        /**
+         * (Optional)
+         */
+        interconnect?: string;
+        /**
+         * The identifier for this object. Format specified above.
+         */
+        interconnectName: string;
+        /**
+         * VLAN tags for the interconnect.
+         */
+        vlanTags?: number[];
+    }
+    interface WireGroupTopology {
+        /**
+         * Endpoints grouped by location, each mapping to interconnect configurations.
+         * Structure is documented below.
+         */
+        endpoints: outputs.compute.WireGroupTopologyEndpoint[];
+    }
+    interface WireGroupTopologyEndpoint {
+        /**
+         * (Output)
+         */
+        city: string;
+        /**
+         * (Output)
+         */
+        label: string;
+    }
+    interface WireGroupWire {
+        /**
+         * Indicates whether the wire group is administratively enabled.
+         */
+        adminEnabled: boolean;
+        /**
+         * Endpoints grouped by location, each mapping to interconnect configurations.
+         * Structure is documented below.
+         */
+        endpoints: outputs.compute.WireGroupWireEndpoint[];
+        /**
+         * (Output)
+         */
+        label: string;
+        /**
+         * Default properties for wires within the group.
+         * Structure is documented below.
+         */
+        wireProperties: outputs.compute.WireGroupWireWireProperty[];
+    }
+    interface WireGroupWireEndpoint {
+        /**
+         * (Output)
+         */
+        interconnect: string;
+        /**
+         * (Output)
+         */
+        vlanTag: number;
+    }
+    interface WireGroupWireGroupProperties {
+        /**
+         * Type of wire group (enum).
+         * WIRE: a single pseudowire over two Interconnect connections   with no redundancy.
+         * REDUNDANT: two pseudowires over four Interconnect connections, with two connections in one metro and two connections in another metro.
+         * BOX_AND_CROSS: four pseudowires over four Interconnect connections, with two connections in one metro and two connections in another metro.
+         */
+        type?: string;
+    }
+    interface WireGroupWireProperties {
+        /**
+         * The unmetered bandwidth setting.
+         */
+        bandwidthUnmetered?: number;
+        /**
+         * Response when a fault is detected in a pseudowire:
+         * NONE: default.
+         * DISABLE_PORT: set the port line protocol down when inline probes detect a fault. This setting is only permitted on port mode pseudowires.
+         */
+        faultResponse?: string;
+    }
+    interface WireGroupWireWireProperty {
+        /**
+         * The unmetered bandwidth setting.
+         */
+        bandwidthUnmetered: number;
+        /**
+         * Response when a fault is detected in a pseudowire:
+         * NONE: default.
+         * DISABLE_PORT: set the port line protocol down when inline probes detect a fault. This setting is only permitted on port mode pseudowires.
+         */
+        faultResponse: string;
+    }
 }
 export declare namespace config {
     interface Batching {
@@ -48639,6 +48962,11 @@ export declare namespace container {
         type: string;
     }
     interface ClusterConfidentialNodes {
+        /**
+         * Defines the type of technology used
+         * by the confidential node.
+         */
+        confidentialInstanceType?: string;
         /**
          * Enable Confidential GKE Nodes for this cluster, to
          * enforce encryption of data in-use.
@@ -48759,6 +49087,14 @@ export declare namespace container {
          */
         channel: string;
     }
+    interface ClusterGkeAutoUpgradeConfig {
+        /**
+         * The selected patch mode.
+         * Accepted values are:
+         * * ACCELERATED: Upgrades to the latest available patch version in a given minor and release channel.
+         */
+        patchMode: string;
+    }
     interface ClusterIdentityServiceConfig {
         /**
          * Whether to enable the Identity Service component. It is disabled by default. Set `enabled=true` to enable.
@@ -49321,6 +49657,11 @@ export declare namespace container {
         threadsPerCore: number;
     }
     interface ClusterNodeConfigConfidentialNodes {
+        /**
+         * Defines the type of technology used
+         * by the confidential node.
+         */
+        confidentialInstanceType?: string;
         /**
          * Enable Confidential GKE Nodes for this cluster, to
          * enforce encryption of data in-use.
@@ -50231,6 +50572,11 @@ export declare namespace container {
         threadsPerCore: number;
     }
     interface ClusterNodePoolNodeConfigConfidentialNodes {
+        /**
+         * Defines the type of technology used
+         * by the confidential node.
+         */
+        confidentialInstanceType?: string;
         /**
          * Enable Confidential GKE Nodes for this cluster, to
          * enforce encryption of data in-use.
@@ -51192,6 +51538,10 @@ export declare namespace container {
         type: string;
     }
     interface GetClusterConfidentialNode {
+        /**
+         * Defines the type of technology used by the confidential node.
+         */
+        confidentialInstanceType: string;
         /**
          * Whether Confidential Nodes feature is enabled for all nodes in this cluster.
          */
@@ -51308,6 +51658,13 @@ export declare namespace container {
          */
         channel: string;
     }
+    interface GetClusterGkeAutoUpgradeConfig {
+        /**
+         * The selected auto-upgrade patch type. Accepted values are:
+         * * ACCELERATED: Upgrades to the latest available patch version in a given minor and release channel.
+         */
+        patchMode: string;
+    }
     interface GetClusterIdentityServiceConfig {
         /**
          * Whether to enable the Identity Service component.
@@ -51712,6 +52069,10 @@ export declare namespace container {
         threadsPerCore: number;
     }
     interface GetClusterNodeConfigConfidentialNode {
+        /**
+         * Defines the type of technology used by the confidential node.
+         */
+        confidentialInstanceType: string;
         /**
          * Whether Confidential Nodes feature is enabled for all nodes in this pool.
          */
@@ -52476,6 +52837,10 @@ export declare namespace container {
         threadsPerCore: number;
     }
     interface GetClusterNodePoolNodeConfigConfidentialNode {
+        /**
+         * Defines the type of technology used by the confidential node.
+         */
+        confidentialInstanceType: string;
         /**
          * Whether Confidential Nodes feature is enabled for all nodes in this pool.
          */
@@ -53295,10 +53660,7 @@ export declare namespace container {
          */
         preemptible?: boolean;
         /**
-         * The configuration of the desired reservation which instances could take capacity from.
-         * Structure is documented below.
-         *
-         * <a name="nestedAutoscaling"></a>The `autoscaling` block supports (either total or per zone limits are required):
+         * The reservation affinity configuration for the node pool.
          */
         reservationAffinity?: outputs.container.NodePoolNodeConfigReservationAffinity;
         /**
@@ -53373,6 +53735,10 @@ export declare namespace container {
         threadsPerCore: number;
     }
     interface NodePoolNodeConfigConfidentialNodes {
+        /**
+         * Defines the type of technology used by the confidential node.
+         */
+        confidentialInstanceType?: string;
         /**
          * Whether Confidential Nodes feature is enabled for all nodes in this pool.
          */
@@ -68207,6 +68573,89 @@ export declare namespace diagflow {
          */
         value?: string;
     }
+    interface CxGenerativeSettingsFallbackSettings {
+        /**
+         * Stored prompts that can be selected, for example default templates like "conservative" or "chatty", or user defined ones.
+         * Structure is documented below.
+         */
+        promptTemplates?: outputs.diagflow.CxGenerativeSettingsFallbackSettingsPromptTemplate[];
+        /**
+         * Display name of the selected prompt.
+         */
+        selectedPrompt?: string;
+    }
+    interface CxGenerativeSettingsFallbackSettingsPromptTemplate {
+        /**
+         * Prompt name.
+         */
+        displayName?: string;
+        /**
+         * If the flag is true, the prompt is frozen and cannot be modified by users.
+         */
+        frozen?: boolean;
+        /**
+         * Prompt text that is sent to a LLM on no-match default, placeholders are filled downstream. For example: "Here is a conversation $conversation, a response is: "
+         */
+        promptText?: string;
+    }
+    interface CxGenerativeSettingsGenerativeSafetySettings {
+        /**
+         * Banned phrases for generated text.
+         * Structure is documented below.
+         */
+        bannedPhrases?: outputs.diagflow.CxGenerativeSettingsGenerativeSafetySettingsBannedPhrase[];
+        /**
+         * Optional. Default phrase match strategy for banned phrases.
+         * See [PhraseMatchStrategy](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/GenerativeSettings#phrasematchstrategy) for valid values.
+         */
+        defaultBannedPhraseMatchStrategy?: string;
+    }
+    interface CxGenerativeSettingsGenerativeSafetySettingsBannedPhrase {
+        /**
+         * Language code of the phrase.
+         */
+        languageCode: string;
+        /**
+         * Text input which can be used for prompt or banned phrases.
+         */
+        text: string;
+    }
+    interface CxGenerativeSettingsKnowledgeConnectorSettings {
+        /**
+         * Name of the virtual agent. Used for LLM prompt. Can be left empty.
+         */
+        agent?: string;
+        /**
+         * Identity of the agent, e.g. "virtual agent", "AI assistant".
+         */
+        agentIdentity?: string;
+        /**
+         * Agent scope, e.g. "Example company website", "internal Example company website for employees", "manual of car owner".
+         */
+        agentScope?: string;
+        /**
+         * Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search.
+         */
+        business?: string;
+        /**
+         * Company description, used for LLM prompt, e.g. "a family company selling freshly roasted coffee beans".``
+         */
+        businessDescription?: string;
+        /**
+         * Whether to disable fallback to Data Store search results (in case the LLM couldn't pick a proper answer). Per default the feature is enabled.
+         */
+        disableDataStoreFallback?: boolean;
+    }
+    interface CxGenerativeSettingsLlmModelSettings {
+        /**
+         * The selected LLM model.
+         */
+        model?: string;
+        /**
+         * The custom prompt to use.
+         */
+        promptText?: string;
+    }
     interface CxIntentParameter {
         /**
          * The entity type of the parameter.
@@ -79511,6 +79960,13 @@ export declare namespace iam {
          */
         pemCertificate: string;
     }
+    interface WorkloadIdentityPoolManagedIdentityAttestationRule {
+        /**
+         * A single workload operating on Google Cloud. For example:
+         * `//compute.googleapis.com/projects/123/uid/zones/us-central1-a/instances/12345678`.
+         */
+        googleCloudResource: string;
+    }
     interface WorkloadIdentityPoolNamespaceOwnerService {
         /**
          * (Output)
@@ -101349,6 +101805,7 @@ export declare namespace secretmanager {
          * Structure is documented below.
          */
         customerManagedEncryptions: outputs.secretmanager.GetRegionalSecretsSecretCustomerManagedEncryption[];
+        deletionProtection: boolean;
         effectiveAnnotations: {
             [key: string]: string;
         };
@@ -103270,6 +103727,11 @@ export declare namespace spanner {
          * Format: 'projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}'
          */
         kmsKeyName?: string;
+        /**
+         * Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
+         * in the same locations as the Spanner Database.
+         */
+        kmsKeyNames?: string[];
     }
     interface BackupScheduleFullBackupSpec {
     }
@@ -105526,7 +105988,15 @@ export declare namespace storage {
     }
     interface BucketIpFilter {
         /**
-         * The state of the IP filter configuration. Valid values are `Enabled` and `Disabled`. When set to `Enabled`, IP filtering rules are applied to a bucket and all incoming requests to the bucket are evaluated against these rules. When set to `Disabled`, IP filtering rules are not applied to a bucket.
+         * While set `true`, allows all service agents to access the bucket regardless of the IP filter configuration.
+         */
+        allowAllServiceAgentAccess?: boolean;
+        /**
+         * While set `true`, allows cross-org VPCs in the bucket's IP filter configuration.
+         */
+        allowCrossOrgVpcs?: boolean;
+        /**
+         * The state of the IP filter configuration. Valid values are `Enabled` and `Disabled`. When set to `Enabled`, IP filtering rules are applied to a bucket and all incoming requests to the bucket are evaluated against these rules. When set to `Disabled`, IP filtering rules are not applied to a bucket. **Note**: `allowAllServiceAgentAccess` must be supplied when `mode` is set to `Enabled`, it can be ommited for other values.
          */
         mode: string;
         /**
@@ -105961,6 +106431,14 @@ export declare namespace storage {
         enabled: boolean;
     }
     interface GetBucketIpFilter {
+        /**
+         * Whether to allow all service agents to access the bucket regardless of the IP filter configuration.
+         */
+        allowAllServiceAgentAccess: boolean;
+        /**
+         * Whether to allow cross-org VPCs in the bucket's IP filter configuration.
+         */
+        allowCrossOrgVpcs: boolean;
         /**
          * The mode of the IP filter. Valid values are 'Enabled' and 'Disabled'.
          */