From 68122a00820e74296ba0cb77be1e2509b64ed320 Mon Sep 17 00:00:00 2001 From: Google APIs Date: Thu, 7 Jan 2021 15:50:35 -0800 Subject: [PATCH] feat: IntroduceMembership API v1alpha2 proto PiperOrigin-RevId: 350654259 --- google/cloud/gkehub/v1alpha2/BUILD.bazel | 175 +++++ .../gkehub/v1alpha2/gkehub_v1alpha2.yaml | 61 ++ google/cloud/gkehub/v1alpha2/membership.proto | 633 ++++++++++++++++++ .../membership_grpc_service_config.json | 13 + 4 files changed, 882 insertions(+) create mode 100644 google/cloud/gkehub/v1alpha2/BUILD.bazel create mode 100644 google/cloud/gkehub/v1alpha2/gkehub_v1alpha2.yaml create mode 100644 google/cloud/gkehub/v1alpha2/membership.proto create mode 100644 google/cloud/gkehub/v1alpha2/membership_grpc_service_config.json diff --git a/google/cloud/gkehub/v1alpha2/BUILD.bazel b/google/cloud/gkehub/v1alpha2/BUILD.bazel new file mode 100644 index 00000000..9d3e3d68 --- /dev/null +++ b/google/cloud/gkehub/v1alpha2/BUILD.bazel @@ -0,0 +1,175 @@ +# This file was automatically generated by BuildFileGenerator + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") + +proto_library( + name = "gkehub_proto", + srcs = [ + "membership.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/longrunning:operations_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "gkehub_java_proto", + deps = [":gkehub_proto"], +) + +java_grpc_library( + name = "gkehub_java_grpc", + srcs = [":gkehub_proto"], + deps = [":gkehub_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_proto_library", +) + +go_proto_library( + name = "gkehub_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/gkehub/v1alpha2", + protos = [":gkehub_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/longrunning:longrunning_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "moved_proto_library", + "py_grpc_library", + "py_proto_library", +) + +moved_proto_library( + name = "gkehub_moved_proto", + srcs = [":gkehub_proto"], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/longrunning:operations_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +py_proto_library( + name = "gkehub_py_proto", + plugin = "@protoc_docs_plugin//:docs_plugin", + deps = [":gkehub_moved_proto"], +) + +py_grpc_library( + name = "gkehub_py_grpc", + srcs = [":gkehub_moved_proto"], + deps = [":gkehub_py_proto"], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "gkehub_php_proto", + deps = [":gkehub_proto"], +) + +php_grpc_library( + name = "gkehub_php_grpc", + srcs = [":gkehub_proto"], + deps = [":gkehub_php_proto"], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "gkehub_ruby_proto", + deps = [":gkehub_proto"], +) + +ruby_grpc_library( + name = "gkehub_ruby_grpc", + srcs = [":gkehub_proto"], + deps = [":gkehub_ruby_proto"], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "gkehub_csharp_proto", + deps = [":gkehub_proto"], +) + +csharp_grpc_library( + name = "gkehub_csharp_grpc", + srcs = [":gkehub_proto"], + deps = [":gkehub_csharp_proto"], +) + +############################################################################## +# C++ +############################################################################## +# Put your C++ code here diff --git a/google/cloud/gkehub/v1alpha2/gkehub_v1alpha2.yaml b/google/cloud/gkehub/v1alpha2/gkehub_v1alpha2.yaml new file mode 100644 index 00000000..90cb135f --- /dev/null +++ b/google/cloud/gkehub/v1alpha2/gkehub_v1alpha2.yaml @@ -0,0 +1,61 @@ +type: google.api.Service +config_version: 3 +name: gkehub.googleapis.com +title: GKE Hub + +apis: +- name: google.cloud.gkehub.v1alpha2.GkeHub + +types: +- name: google.cloud.gkehub.v1alpha2.OperationMetadata + +documentation: + rules: + - selector: google.iam.v1.IAMPolicy.GetIamPolicy + description: |- + Gets the access control policy for a resource. Returns an empty policy + if the resource exists and does not have a policy set. + + - selector: google.iam.v1.IAMPolicy.SetIamPolicy + description: |- + Sets the access control policy on the specified resource. Replaces + any existing policy. + + Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` + errors. + + - selector: google.iam.v1.IAMPolicy.TestIamPermissions + description: |- + Returns permissions that a caller has on the specified resource. If the + resource does not exist, this will return an empty set of + permissions, not a `NOT_FOUND` error. + + Note: This operation is designed to be used for building + permission-aware UIs and command-line tools, not for authorization + checking. This operation may "fail open" without warning. + +backend: + rules: + - selector: 'google.cloud.gkehub.v1alpha2.GkeHub.*' + deadline: 60.0 + - selector: 'google.iam.v1.IAMPolicy.*' + deadline: 60.0 + - selector: 'google.longrunning.Operations.*' + deadline: 60.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 5.0 + +authentication: + rules: + - selector: 'google.cloud.gkehub.v1alpha2.GkeHub.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.iam.v1.IAMPolicy.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.longrunning.Operations.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/google/cloud/gkehub/v1alpha2/membership.proto b/google/cloud/gkehub/v1alpha2/membership.proto new file mode 100644 index 00000000..6141af33 --- /dev/null +++ b/google/cloud/gkehub/v1alpha2/membership.proto @@ -0,0 +1,633 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.gkehub.v1alpha2; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/longrunning/operations.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/cloud/gkehub/v1alpha2;gkehub"; +option java_multiple_files = true; +option java_outer_classname = "MembershipProto"; +option java_package = "com.google.cloud.gkehub.v1alpha2"; + +// GKE Hub CRUD API for the Membership resource. +// The Membership service is currently only available in the global location. +service GkeHub { + option (google.api.default_host) = "gkehub.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Lists Memberships in a given project and location. + rpc ListMemberships(ListMembershipsRequest) returns (ListMembershipsResponse) { + option (google.api.http) = { + get: "/v1alpha2/{parent=projects/*/locations/*}/memberships" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets the details of a Membership. + rpc GetMembership(GetMembershipRequest) returns (Membership) { + option (google.api.http) = { + get: "/v1alpha2/{name=projects/*/locations/*/memberships/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Adds a new Membership. + rpc CreateMembership(CreateMembershipRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1alpha2/{parent=projects/*/locations/*}/memberships" + body: "resource" + }; + option (google.api.method_signature) = "parent,resource,membership_id"; + option (google.longrunning.operation_info) = { + response_type: "Membership" + metadata_type: "OperationMetadata" + }; + } + + // Removes a Membership. + rpc DeleteMembership(DeleteMembershipRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1alpha2/{name=projects/*/locations/*/memberships/*}" + }; + option (google.api.method_signature) = "name"; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "OperationMetadata" + }; + } + + // Updates an existing Membership. + rpc UpdateMembership(UpdateMembershipRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1alpha2/{name=projects/*/locations/*/memberships/*}" + body: "resource" + }; + option (google.api.method_signature) = "name,resource,update_mask"; + option (google.longrunning.operation_info) = { + response_type: "Membership" + metadata_type: "OperationMetadata" + }; + } + + // Generates the manifest for deployment of the GKE connect agent. + rpc GenerateConnectManifest(GenerateConnectManifestRequest) returns (GenerateConnectManifestResponse) { + option (google.api.http) = { + get: "/v1alpha2/{name=projects/*/locations/*/memberships/*}:generateConnectManifest" + }; + } + + // Initializes the Hub in this project, which includes creating the default + // Hub Service Account and the Hub Workload Identity Pool. Initialization is + // optional, and happens automatically when the first Membership is created. + // + // InitializeHub should be called when the first Membership cannot be + // registered without these resources. A common example is granting the Hub + // Service Account access to another project, which requires the account to + // exist first. + rpc InitializeHub(InitializeHubRequest) returns (InitializeHubResponse) { + option (google.api.http) = { + post: "/v1alpha2/{project=projects/*/locations/global/memberships}:initializeHub" + body: "*" + }; + } +} + +// Membership contains information about a member cluster. +message Membership { + option (google.api.resource) = { + type: "gkehub.googleapis.com/Membership" + pattern: "projects/{project}/locations/{location}/memberships/{membership}" + }; + + // Specifies the infrastructure type of a Membership. Infrastructure type is + // used by Hub to control infrastructure-specific behavior, including pricing. + // + // Each GKE distribution (on-GCP, on-Prem, on-X,...) will set this field + // automatically, but Attached Clusters customers should specify a type + // during registration. + enum InfrastructureType { + // No type was specified. Some Hub functionality may require a type be + // specified, and will not support Memberships with this value. + INFRASTRUCTURE_TYPE_UNSPECIFIED = 0; + + // Private infrastructure that is owned or operated by customer. This + // includes GKE distributions such as GKE-OnPrem and GKE-OnBareMetal. + ON_PREM = 1; + + // Public cloud infrastructure. + MULTI_CLOUD = 2; + } + + // Output only. The full, unique name of this Membership resource in the format + // `projects/*/locations/*/memberships/{membership_id}`, set during creation. + // + // `membership_id` must be a valid RFC 1123 compliant DNS label: + // + // 1. At most 63 characters in length + // 2. It must consist of lower case alphanumeric characters or `-` + // 3. It must start and end with an alphanumeric character + // + // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`, + // with a maximum length of 63 characters. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. GCP labels for this membership. + map labels = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. Description of this membership, limited to 63 characters. + // Must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.\ ]*` + // + // This field is present for legacy purposes. + string description = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Type of resource represented by this Membership + oneof type { + // Optional. Endpoint information to reach this member. + MembershipEndpoint endpoint = 4 [(google.api.field_behavior) = OPTIONAL]; + } + + // Output only. State of the Membership resource. + MembershipState state = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. When the Membership was created. + google.protobuf.Timestamp create_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. When the Membership was last updated. + google.protobuf.Timestamp update_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. When the Membership was deleted. + google.protobuf.Timestamp delete_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. An externally-generated and managed ID for this Membership. This ID may + // be modified after creation, but this is not recommended. For GKE clusters, + // external_id is managed by the Hub API and updates will be ignored. + // + // The ID must match the regex: `[a-zA-Z0-9][a-zA-Z0-9_\-\.]*` + // + // If this Membership represents a Kubernetes cluster, this value should be + // set to the UID of the `kube-system` namespace object. + string external_id = 9 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. How to identify workloads from this Membership. + // See the documentation on Workload Identity for more details: + // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity + Authority authority = 10 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. For clusters using Connect, the timestamp of the most recent connection + // established with Google Cloud. This time is updated every several minutes, + // not continuously. For clusters that do not use GKE Connect, or that have + // never connected successfully, this field will be unset. + google.protobuf.Timestamp last_connection_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Google-generated UUID for this resource. This is unique across all + // Membership resources. If a Membership resource is deleted and another + // resource with the same name is created, it gets a different unique_id. + string unique_id = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. The infrastructure type this Membership is running on. + InfrastructureType infrastructure_type = 13 [(google.api.field_behavior) = OPTIONAL]; +} + +// MembershipEndpoint contains information needed to contact a Kubernetes API, +// endpoint and any additional Kubernetes metadata. +message MembershipEndpoint { + // Optional. GKE-specific information. Only present if this Membership is a GKE cluster. + GkeCluster gke_cluster = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. Useful Kubernetes-specific metadata. + KubernetesMetadata kubernetes_metadata = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. The in-cluster Kubernetes Resources that should be applied for a correctly + // registered cluster, in the steady state. These resources: + // + // * Ensure that the cluster is exclusively registered to one and only one + // Hub Membership. + // * Propagate Workload Pool Information available in the Membership + // Authority field. + // * Ensure proper initial configuration of default Hub Features. + KubernetesResource kubernetes_resource = 3 [(google.api.field_behavior) = OPTIONAL]; +} + +// KubernetesResource contains the YAML manifests and configuration for +// Membership Kubernetes resources in the cluster. After CreateMembership or +// UpdateMembership, these resources should be re-applied in the cluster. +message KubernetesResource { + // Input only. The YAML representation of the Membership CR. This field is ignored for GKE + // clusters where Hub can read the CR directly. + // + // Callers should provide the CR that is currently present in the cluster + // during Create or Update, or leave this field empty if none exists. The CR + // manifest is used to validate the cluster has not been registered with + // another Membership. + string membership_cr_manifest = 1 [(google.api.field_behavior) = INPUT_ONLY]; + + // Output only. Additional Kubernetes resources that need to be applied to the cluster + // after Membership creation, and after every update. + // + // This field is only populated in the Membership returned from a successful + // long-running operation from CreateMembership or UpdateMembership. It is not + // populated during normal GetMembership or ListMemberships requests. To get + // the resource manifest after the initial registration, the caller should + // make a UpdateMembership call with an empty field mask. + repeated ResourceManifest membership_resources = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The Kubernetes resources for installing the GKE Connect agent. + // + // This field is only populated in the Membership returned from a successful + // long-running operation from CreateMembership or UpdateMembership. It is not + // populated during normal GetMembership or ListMemberships requests. To get + // the resource manifest after the initial registration, the caller should + // make a UpdateMembership call with an empty field mask. + repeated ResourceManifest connect_resources = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. Options for Kubernetes resource generation. + ResourceOptions resource_options = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// ResourceOptions represent options for Kubernetes resource generation. +message ResourceOptions { + // Optional. The Connect agent version to use for connect_resources. Defaults to the + // latest GKE Connect version. The version must be a currently supported + // version, obsolete versions will be rejected. + string connect_version = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for + // CustomResourceDefinition resources. + // This option should be set for clusters with Kubernetes apiserver versions + // <1.16. + bool v1beta1_crd = 2 [(google.api.field_behavior) = OPTIONAL]; +} + +// GkeCluster contains information specific to GKE clusters. +message GkeCluster { + // Immutable. Self-link of the GCP resource for the GKE cluster. For example: + // + // //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster + // + // Zonal clusters are also supported. + string resource_link = 1 [(google.api.field_behavior) = IMMUTABLE]; +} + +// KubernetesMetadata provides informational metadata for Memberships +// that are created from Kubernetes Endpoints (currently, these are equivalent +// to Kubernetes clusters). +message KubernetesMetadata { + // Output only. Kubernetes API server version string as reported by '/version'. + string kubernetes_api_server_version = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Node providerID as reported by the first node in the list of nodes on + // the Kubernetes endpoint. On Kubernetes platforms that support zero-node + // clusters (like GKE-on-GCP), the node_count will be zero and the + // node_provider_id will be empty. + string node_provider_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Node count as reported by Kubernetes nodes resources. + int32 node_count = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. vCPU count as reported by Kubernetes nodes resources. + int32 vcpu_count = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The total memory capacity as reported by the sum of all Kubernetes nodes + // resources, defined in MB. + int32 memory_mb = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which these details were last updated. This update_time is + // different from the Membership-level update_time since EndpointDetails are + // updated internally for API consumers. + google.protobuf.Timestamp update_time = 100 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// Authority encodes how Google will recognize identities from this Membership. +// See the workload identity documentation for more details: +// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +message Authority { + // Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and + // be a valid URL with length <2000 characters. + // + // If set, then Google will allow valid OIDC tokens from this issuer to + // authenticate within the workload_identity_pool. OIDC discovery will be + // performed on this URI to validate tokens from the issuer, unless + // `oidc_jwks` is set. + // + // Clearing `issuer` disables Workload Identity. `issuer` cannot be directly + // modified; it must be cleared (and Workload Identity disabled) before using + // a new issuer (and re-enabling Workload Identity). + string issuer = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. An identity provider that reflects the `issuer` in the workload identity + // pool. + string identity_provider = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The name of the workload identity pool in which `issuer` will be + // recognized. + // + // There is a single Workload Identity Pool per Hub that is shared + // between all Memberships that belong to that Hub. For a Hub hosted in + // {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`, + // although this is subject to change in newer versions of this API. + string workload_identity_pool = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// MembershipState describes the state of a Membership resource. +message MembershipState { + // Code describes the state of a Membership resource. + enum Code { + // The code is not set. + CODE_UNSPECIFIED = 0; + + // The cluster is being registered. + CREATING = 1; + + // The cluster is registered. + READY = 2; + + // The cluster is being unregistered. + DELETING = 3; + + // The Membership is being updated. + UPDATING = 4; + + // The Membership is being updated by the Hub Service. + SERVICE_UPDATING = 5; + } + + // Output only. The current state of the Membership resource. + Code code = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// Request message for `GkeHub.ListMemberships` method. +message ListMembershipsRequest { + // Required. The parent (project and location) where the Memberships will be listed. + // Specified in the format `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "gkehub.googleapis.com/Membership" + } + ]; + + // Optional. When requesting a 'page' of resources, `page_size` specifies number of + // resources to return. If unspecified or set to 0, all resources will + // be returned. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Token returned by previous call to `ListMemberships` which + // specifies the position in the list from where to continue listing the + // resources. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Lists Memberships that match the filter expression, following the syntax + // outlined in https://google.aip.dev/160. + // + // Examples: + // + // - Name is `bar` in project `foo-proj` and location `global`: + // + // name = "projects/foo-proj/locations/global/membership/bar" + // + // - Memberships that have a label called `foo`: + // + // labels.foo:* + // + // - Memberships that have a label called `foo` whose value is `bar`: + // + // labels.foo = bar + // + // - Memberships in the CREATING state: + // + // state = CREATING + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. One or more fields to compare and use to sort the output. + // See https://google.aip.dev/132#ordering. + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for the `GkeHub.ListMemberships` method. +message ListMembershipsResponse { + // The list of matching Memberships. + repeated Membership resources = 1; + + // A token to request the next page of resources from the + // `ListMemberships` method. The value of an empty string means that + // there are no more resources to return. + string next_page_token = 2; + + // List of locations that could not be reached while fetching this list. + repeated string unreachable = 3; +} + +// Request message for `GkeHub.GetMembership` method. +message GetMembershipRequest { + // Required. The Membership resource name in the format + // `projects/*/locations/*/memberships/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "gkehub.googleapis.com/Membership" + } + ]; +} + +// Request message for the `GkeHub.CreateMembership` method. +message CreateMembershipRequest { + // Required. The parent (project and location) where the Memberships will be created. + // Specified in the format `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "gkehub.googleapis.com/Membership" + } + ]; + + // Required. Client chosen ID for the membership. `membership_id` must be a valid RFC + // 1123 compliant DNS label: + // + // 1. At most 63 characters in length + // 2. It must consist of lower case alphanumeric characters or `-` + // 3. It must start and end with an alphanumeric character + // + // Which can be expressed as the regex: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`, + // with a maximum length of 63 characters. + string membership_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The membership to create. + Membership resource = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for `GkeHub.DeleteMembership` method. +message DeleteMembershipRequest { + // Required. The Membership resource name in the format + // `projects/*/locations/*/memberships/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "gkehub.googleapis.com/Membership" + } + ]; +} + +// Request message for `GkeHub.UpdateMembership` method. +message UpdateMembershipRequest { + // Required. The Membership resource name in the format + // `projects/*/locations/*/memberships/*`. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Mask of fields to update. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. Only fields specified in update_mask are updated. + // If you specify a field in the update_mask but don't specify its value here + // that field will be deleted. + // If you are updating a map field, set the value of a key to null or empty + // string to delete the key from the map. It's not possible to update a key's + // value to the empty string. + Membership resource = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for `GkeHub.GenerateConnectManifest` +// method. +// . +message GenerateConnectManifestRequest { + // Required. The Membership resource name the Agent will associate with, in the format + // `projects/*/locations/*/memberships/*`. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Namespace for GKE Connect agent resources. Defaults to `gke-connect`. + // + // The Connect Agent is authorized automatically when run in the default + // namespace. Otherwise, explicit authorization must be granted with an + // additional IAM binding. + string namespace = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. URI of a proxy if connectivity from the agent to gkeconnect.googleapis.com + // requires the use of a proxy. Format must be in the form + // `http(s)://{proxy_address}`, depending on the HTTP/HTTPS protocol + // supported by the proxy. This will direct the connect agent's outbound + // traffic through a HTTP(S) proxy. + bytes proxy = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The Connect agent version to use. Defaults to the most current version. + string version = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If true, generate the resources for upgrade only. Some resources + // generated only for installation (e.g. secrets) will be excluded. + bool is_upgrade = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The registry to fetch the connect agent image from. Defaults to + // gcr.io/gkeconnect. + string registry = 6 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The image pull secret content for the registry, if not public. + bytes image_pull_secret_content = 7 [(google.api.field_behavior) = OPTIONAL]; +} + +// GenerateConnectManifestResponse contains manifest information for +// installing/upgrading a Connect agent. +message GenerateConnectManifestResponse { + // The ordered list of Kubernetes resources that need to be applied to the + // cluster for GKE Connect agent installation/upgrade. + repeated ConnectAgentResource manifest = 1; +} + +// ConnectAgentResource represents a Kubernetes resource manifest for Connect +// Agent deployment. +message ConnectAgentResource { + // Kubernetes type of the resource. + TypeMeta type = 1; + + // YAML manifest of the resource. + string manifest = 2; +} + +// ResourceManifest represents a single Kubernetes resource to be applied to +// the cluster. +message ResourceManifest { + // YAML manifest of the resource. + string manifest = 1; + + // Whether the resource provided in the manifest is `cluster_scoped`. + // If unset, the manifest is assumed to be namespace scoped. + // + // This field is used for REST mapping when applying the resource in a + // cluster. + bool cluster_scoped = 2; +} + +// TypeMeta is the type information needed for content unmarshalling of +// Kubernetes resources in the manifest. +message TypeMeta { + // Kind of the resource (e.g. Deployment). + string kind = 1; + + // APIVersion of the resource (e.g. v1). + string api_version = 2; +} + +// Request message for the InitializeHub method. +message InitializeHubRequest { + // Required. The Hub to initialize, in the format + // `projects/*/locations/*/memberships/*`. + string project = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Response message for the InitializeHub method. +message InitializeHubResponse { + // Name of the Hub default service identity, in the format: + // + // service-@gcp-sa-gkehub.iam.gserviceaccount.com + // + // The service account has `roles/gkehub.serviceAgent` in the Hub project. + string service_identity = 1; + + // The Workload Identity Pool used for Workload Identity-enabled clusters + // registered with this Hub. Format: `.hub.id.goog` + string workload_identity_pool = 2; +} + +// Represents the metadata of the long-running operation. +message OperationMetadata { + // Output only. The time the operation was created. + google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time the operation finished running. + google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Server-defined resource path for the target of the operation. + string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Name of the verb executed by the operation. + string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Human-readable status of the operation, if any. + string status_detail = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Identifies whether the user has requested cancellation + // of the operation. Operations that have successfully been cancelled + // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1, + // corresponding to `Code.CANCELLED`. + bool cancel_requested = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. API version used to start the operation. + string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; +} diff --git a/google/cloud/gkehub/v1alpha2/membership_grpc_service_config.json b/google/cloud/gkehub/v1alpha2/membership_grpc_service_config.json new file mode 100644 index 00000000..61d769a6 --- /dev/null +++ b/google/cloud/gkehub/v1alpha2/membership_grpc_service_config.json @@ -0,0 +1,13 @@ +{ + "methodConfig": [{ + "name": [{ "service": "google.cloud.gkehub.v1alpha2.GkeHub" }], + "timeout": "60s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "1s", + "maxBackoff": "10s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": ["UNAVAILABLE"] + } + }] +}