From 57e19b358ef4dede327cbd53394c5c6bd3ce8a04 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Sun, 24 Mar 2024 00:22:16 -0700 Subject: [PATCH] feat(all): auto-regenerate discovery clients (#2488) --- alloydb/v1/alloydb-api.json | 49 +- alloydb/v1/alloydb-gen.go | 81 +- alloydb/v1alpha/alloydb-api.json | 6 +- alloydb/v1alpha/alloydb-gen.go | 4 +- alloydb/v1beta/alloydb-api.json | 6 +- alloydb/v1beta/alloydb-gen.go | 4 +- batch/v1/batch-api.json | 8 +- batch/v1/batch-gen.go | 6 +- .../v1/certificatemanager-api.json | 20 +- .../v1/certificatemanager-gen.go | 64 +- connectors/v1/connectors-api.json | 59 +- connectors/v1/connectors-gen.go | 190 ++++- connectors/v2/connectors-api.json | 4 +- connectors/v2/connectors-gen.go | 3 +- container/v1beta1/container-api.json | 61 +- container/v1beta1/container-gen.go | 73 +- datamigration/v1/datamigration-api.json | 4 +- datamigration/v1/datamigration-gen.go | 6 +- dataplex/v1/dataplex-api.json | 71 +- dataplex/v1/dataplex-gen.go | 104 +-- gkehub/v1/gkehub-api.json | 243 +++++- gkehub/v1/gkehub-gen.go | 740 ++++++++++++++++++ gkehub/v1alpha/gkehub-api.json | 123 ++- gkehub/v1alpha/gkehub-gen.go | 253 ++++++ gkehub/v1beta/gkehub-api.json | 243 +++++- gkehub/v1beta/gkehub-gen.go | 740 ++++++++++++++++++ networkservices/v1/networkservices-api.json | 8 +- networkservices/v1/networkservices-gen.go | 11 +- .../v1beta1/networkservices-api.json | 8 +- .../v1beta1/networkservices-gen.go | 11 +- redis/v1/redis-api.json | 101 ++- redis/v1/redis-gen.go | 134 +++- storage/v1/storage-api.json | 7 +- storage/v1/storage-gen.go | 6 +- 34 files changed, 3207 insertions(+), 244 deletions(-) diff --git a/alloydb/v1/alloydb-api.json b/alloydb/v1/alloydb-api.json index 3937da4e5fc..536f43ee930 100644 --- a/alloydb/v1/alloydb-api.json +++ b/alloydb/v1/alloydb-api.json @@ -1461,9 +1461,20 @@ } } }, - "revision": "20240306", + "revision": "20240315", "rootUrl": "https://alloydb.googleapis.com/", "schemas": { + "AuthorizedNetwork": { + "description": "AuthorizedNetwork contains metadata for an authorized network.", + "id": "AuthorizedNetwork", + "properties": { + "cidrRange": { + "description": "CIDR range for one authorzied network of the instance.", + "type": "string" + } + }, + "type": "object" + }, "AutomatedBackupPolicy": { "description": "Message describing the user-specified automated backup policy. All fields in the automated backup policy are optional. Defaults for each field are provided if they are not set.", "id": "AutomatedBackupPolicy", @@ -1947,6 +1958,11 @@ "name": { "description": "The name of the ConnectionInfo singleton resource, e.g.: projects/{project}/locations/{location}/clusters/*/instances/*/connectionInfo This field currently has no semantic meaning.", "type": "string" + }, + "publicIpAddress": { + "description": "Output only. The public IP addresses for the Instance. This is available ONLY when enable_public_ip is set. This is the connection endpoint for an end-user application.", + "readOnly": true, + "type": "string" } }, "type": "object" @@ -2304,6 +2320,10 @@ "readOnly": true, "type": "string" }, + "networkConfig": { + "$ref": "InstanceNetworkConfig", + "description": "Optional. Instance level network configuration." + }, "nodes": { "description": "Output only. List of available read-only VMs in this instance, including the standby for a PRIMARY instance.", "items": { @@ -2312,6 +2332,11 @@ "readOnly": true, "type": "array" }, + "publicIpAddress": { + "description": "Output only. The public IP addresses for the Instance. This is available ONLY when enable_public_ip is set. This is the connection endpoint for an end-user application.", + "readOnly": true, + "type": "string" + }, "queryInsightsConfig": { "$ref": "QueryInsightsInstanceConfig", "description": "Configuration for query insights." @@ -2376,6 +2401,24 @@ }, "type": "object" }, + "InstanceNetworkConfig": { + "description": "Metadata related to instance level network configuration.", + "id": "InstanceNetworkConfig", + "properties": { + "authorizedExternalNetworks": { + "description": "Optional. A list of external network authorized to access this instance.", + "items": { + "$ref": "AuthorizedNetwork" + }, + "type": "array" + }, + "enablePublicIp": { + "description": "Optional. Enabling public ip for the instance.", + "type": "boolean" + } + }, + "type": "object" + }, "IntegerRestrictions": { "description": "Restrictions on INTEGER type values.", "id": "IntegerRestrictions", @@ -3257,7 +3300,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", @@ -3736,7 +3779,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", diff --git a/alloydb/v1/alloydb-gen.go b/alloydb/v1/alloydb-gen.go index ad7f4df69f0..79ee408f6c1 100644 --- a/alloydb/v1/alloydb-gen.go +++ b/alloydb/v1/alloydb-gen.go @@ -248,6 +248,35 @@ type ProjectsLocationsSupportedDatabaseFlagsService struct { s *Service } +// AuthorizedNetwork: AuthorizedNetwork contains metadata for an +// authorized network. +type AuthorizedNetwork struct { + // CidrRange: CIDR range for one authorzied network of the instance. + CidrRange string `json:"cidrRange,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CidrRange") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CidrRange") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *AuthorizedNetwork) MarshalJSON() ([]byte, error) { + type NoMethod AuthorizedNetwork + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // AutomatedBackupPolicy: Message describing the user-specified // automated backup policy. All fields in the automated backup policy // are optional. Defaults for each field are provided if they are not @@ -778,6 +807,11 @@ type ConnectionInfo struct { // ionInfo This field currently has no semantic meaning. Name string `json:"name,omitempty"` + // PublicIpAddress: Output only. The public IP addresses for the + // Instance. This is available ONLY when enable_public_ip is set. This + // is the connection endpoint for an end-user application. + PublicIpAddress string `json:"publicIpAddress,omitempty"` + // ServerResponse contains the HTTP response code and headers from the // server. googleapi.ServerResponse `json:"-"` @@ -1348,10 +1382,18 @@ type Instance struct { // projects/{project}/locations/{region}/clusters/{cluster_id} Name string `json:"name,omitempty"` + // NetworkConfig: Optional. Instance level network configuration. + NetworkConfig *InstanceNetworkConfig `json:"networkConfig,omitempty"` + // Nodes: Output only. List of available read-only VMs in this instance, // including the standby for a PRIMARY instance. Nodes []*Node `json:"nodes,omitempty"` + // PublicIpAddress: Output only. The public IP addresses for the + // Instance. This is available ONLY when enable_public_ip is set. This + // is the connection endpoint for an end-user application. + PublicIpAddress string `json:"publicIpAddress,omitempty"` + // QueryInsightsConfig: Configuration for query insights. QueryInsightsConfig *QueryInsightsInstanceConfig `json:"queryInsightsConfig,omitempty"` @@ -1430,6 +1472,41 @@ func (s *Instance) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// InstanceNetworkConfig: Metadata related to instance level network +// configuration. +type InstanceNetworkConfig struct { + // AuthorizedExternalNetworks: Optional. A list of external network + // authorized to access this instance. + AuthorizedExternalNetworks []*AuthorizedNetwork `json:"authorizedExternalNetworks,omitempty"` + + // EnablePublicIp: Optional. Enabling public ip for the instance. + EnablePublicIp bool `json:"enablePublicIp,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "AuthorizedExternalNetworks") to unconditionally include in API + // requests. By default, fields with empty or default values are omitted + // from API requests. However, any non-pointer, non-interface field + // appearing in ForceSendFields will be sent to the server regardless of + // whether the field is empty or not. This may be used to include empty + // fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. + // "AuthorizedExternalNetworks") to include in API requests with the + // JSON null value. By default, fields with empty values are omitted + // from API requests. However, any field with an empty value appearing + // in NullFields will be sent to the server as null. It is an error if a + // field in this list has a non-empty value. This may be used to include + // null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *InstanceNetworkConfig) MarshalJSON() ([]byte, error) { + type NoMethod InstanceNetworkConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // IntegerRestrictions: Restrictions on INTEGER type values. type IntegerRestrictions struct { // MaxValue: The maximum value that can be specified, if applicable. @@ -2947,7 +3024,7 @@ type StorageDatabasecenterPartnerapiV1mainDatabaseResourceHealthSignalData struc // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact @@ -3396,7 +3473,7 @@ type StorageDatabasecenterPartnerapiV1mainDatabaseResourceRecommendationSignalDa // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact diff --git a/alloydb/v1alpha/alloydb-api.json b/alloydb/v1alpha/alloydb-api.json index a26278d903d..00be991caf8 100644 --- a/alloydb/v1alpha/alloydb-api.json +++ b/alloydb/v1alpha/alloydb-api.json @@ -1461,7 +1461,7 @@ } } }, - "revision": "20240306", + "revision": "20240315", "rootUrl": "https://alloydb.googleapis.com/", "schemas": { "AuthorizedNetwork": { @@ -3598,7 +3598,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", @@ -4077,7 +4077,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", diff --git a/alloydb/v1alpha/alloydb-gen.go b/alloydb/v1alpha/alloydb-gen.go index c84f35726e3..3169eff1a17 100644 --- a/alloydb/v1alpha/alloydb-gen.go +++ b/alloydb/v1alpha/alloydb-gen.go @@ -3512,7 +3512,7 @@ type StorageDatabasecenterPartnerapiV1mainDatabaseResourceHealthSignalData struc // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact @@ -3961,7 +3961,7 @@ type StorageDatabasecenterPartnerapiV1mainDatabaseResourceRecommendationSignalDa // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact diff --git a/alloydb/v1beta/alloydb-api.json b/alloydb/v1beta/alloydb-api.json index 088cda09a7e..68cb9d76308 100644 --- a/alloydb/v1beta/alloydb-api.json +++ b/alloydb/v1beta/alloydb-api.json @@ -1458,7 +1458,7 @@ } } }, - "revision": "20240306", + "revision": "20240315", "rootUrl": "https://alloydb.googleapis.com/", "schemas": { "AuthorizedNetwork": { @@ -3574,7 +3574,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", @@ -4053,7 +4053,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", diff --git a/alloydb/v1beta/alloydb-gen.go b/alloydb/v1beta/alloydb-gen.go index 8d5a3004848..85fd79a7192 100644 --- a/alloydb/v1beta/alloydb-gen.go +++ b/alloydb/v1beta/alloydb-gen.go @@ -3498,7 +3498,7 @@ type StorageDatabasecenterPartnerapiV1mainDatabaseResourceHealthSignalData struc // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact @@ -3947,7 +3947,7 @@ type StorageDatabasecenterPartnerapiV1mainDatabaseResourceRecommendationSignalDa // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact diff --git a/batch/v1/batch-api.json b/batch/v1/batch-api.json index 7fce374cb98..2c4dccb5eff 100644 --- a/batch/v1/batch-api.json +++ b/batch/v1/batch-api.json @@ -12,7 +12,7 @@ "baseUrl": "https://batch.googleapis.com/", "batchPath": "batch", "canonicalName": "Batch", - "description": "An API to manage the running of batch resources on Google Cloud Platform.", + "description": "An API to manage the running of Batch resources on Google Cloud Platform.", "discoveryVersion": "v1", "documentationLink": "https://cloud.google.com/batch/", "fullyEncodeReservedExpansion": true, @@ -561,7 +561,7 @@ } } }, - "revision": "20240206", + "revision": "20240315", "rootUrl": "https://batch.googleapis.com/", "schemas": { "Accelerator": { @@ -907,7 +907,7 @@ "description": "Environment variables to set before running the Task." }, "maxRunDuration": { - "description": "Maximum duration the task should run. The task will be killed and marked as FAILED if over this limit.", + "description": "Maximum duration the task should run. The task will be killed and marked as FAILED if over this limit. The valid value range for max_run_duration in seconds is [0, 315576000000.999999999],", "format": "google-duration", "type": "string" }, @@ -2193,7 +2193,7 @@ "type": "integer" }, "maxRunDuration": { - "description": "Maximum duration the task should run. The task will be killed and marked as FAILED if over this limit.", + "description": "Maximum duration the task should run. The task will be killed and marked as FAILED if over this limit. The valid value range for max_run_duration in seconds is [0, 315576000000.999999999],", "format": "google-duration", "type": "string" }, diff --git a/batch/v1/batch-gen.go b/batch/v1/batch-gen.go index 1535492b677..c5d0d2f5e59 100644 --- a/batch/v1/batch-gen.go +++ b/batch/v1/batch-gen.go @@ -750,7 +750,8 @@ type AgentTaskSpec struct { Environment *AgentEnvironment `json:"environment,omitempty"` // MaxRunDuration: Maximum duration the task should run. The task will - // be killed and marked as FAILED if over this limit. + // be killed and marked as FAILED if over this limit. The valid value + // range for max_run_duration in seconds is [0, 315576000000.999999999], MaxRunDuration string `json:"maxRunDuration,omitempty"` // Runnables: AgentTaskRunnable is runanbles that will be executed on @@ -2904,7 +2905,8 @@ type TaskSpec struct { MaxRetryCount int64 `json:"maxRetryCount,omitempty"` // MaxRunDuration: Maximum duration the task should run. The task will - // be killed and marked as FAILED if over this limit. + // be killed and marked as FAILED if over this limit. The valid value + // range for max_run_duration in seconds is [0, 315576000000.999999999], MaxRunDuration string `json:"maxRunDuration,omitempty"` // Runnables: The sequence of scripts or containers to run for this diff --git a/certificatemanager/v1/certificatemanager-api.json b/certificatemanager/v1/certificatemanager-api.json index 14ac07a0fbb..5eba3557789 100644 --- a/certificatemanager/v1/certificatemanager-api.json +++ b/certificatemanager/v1/certificatemanager-api.json @@ -1280,9 +1280,20 @@ } } }, - "revision": "20240209", + "revision": "20240313", "rootUrl": "https://certificatemanager.googleapis.com/", "schemas": { + "AllowlistedCertificate": { + "description": "Defines an allowlisted certificate.", + "id": "AllowlistedCertificate", + "properties": { + "pemCertificate": { + "description": "Required. PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.", + "type": "string" + } + }, + "type": "object" + }, "AuthorizationAttemptInfo": { "description": "State of the latest attempt to authorize a domain for certificate issuance.", "id": "AuthorizationAttemptInfo", @@ -2185,6 +2196,13 @@ "description": "Defines a trust config.", "id": "TrustConfig", "properties": { + "allowlistedCertificates": { + "description": "Optional. A certificate matching an allowlisted certificate is always considered valid as long as the certificate is parseable, proof of private key possession is established, and constraints on the certificate’s SAN field are met.", + "items": { + "$ref": "AllowlistedCertificate" + }, + "type": "array" + }, "createTime": { "description": "Output only. The creation timestamp of a TrustConfig.", "format": "google-datetime", diff --git a/certificatemanager/v1/certificatemanager-gen.go b/certificatemanager/v1/certificatemanager-gen.go index 25ac9600a9a..cbdc2f28d03 100644 --- a/certificatemanager/v1/certificatemanager-gen.go +++ b/certificatemanager/v1/certificatemanager-gen.go @@ -260,6 +260,37 @@ type ProjectsLocationsTrustConfigsService struct { s *Service } +// AllowlistedCertificate: Defines an allowlisted certificate. +type AllowlistedCertificate struct { + // PemCertificate: Required. PEM certificate that is allowlisted. The + // certificate can be up to 5k bytes, and must be a parseable X.509 + // certificate. + PemCertificate string `json:"pemCertificate,omitempty"` + + // ForceSendFields is a list of field names (e.g. "PemCertificate") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "PemCertificate") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *AllowlistedCertificate) MarshalJSON() ([]byte, error) { + type NoMethod AllowlistedCertificate + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // AuthorizationAttemptInfo: State of the latest attempt to authorize a // domain for certificate issuance. type AuthorizationAttemptInfo struct { @@ -1620,6 +1651,13 @@ func (s *TrustAnchor) MarshalJSON() ([]byte, error) { // TrustConfig: Defines a trust config. type TrustConfig struct { + // AllowlistedCertificates: Optional. A certificate matching an + // allowlisted certificate is always considered valid as long as the + // certificate is parseable, proof of private key possession is + // established, and constraints on the certificate’s SAN field are + // met. + AllowlistedCertificates []*AllowlistedCertificate `json:"allowlistedCertificates,omitempty"` + // CreateTime: Output only. The creation timestamp of a TrustConfig. CreateTime string `json:"createTime,omitempty"` @@ -1653,20 +1691,22 @@ type TrustConfig struct { // server. googleapi.ServerResponse `json:"-"` - // ForceSendFields is a list of field names (e.g. "CreateTime") to - // unconditionally include in API requests. By default, fields with - // empty or default values are omitted from API requests. However, any - // non-pointer, non-interface field appearing in ForceSendFields will be - // sent to the server regardless of whether the field is empty or not. - // This may be used to include empty fields in Patch requests. + // ForceSendFields is a list of field names (e.g. + // "AllowlistedCertificates") to unconditionally include in API + // requests. By default, fields with empty or default values are omitted + // from API requests. However, any non-pointer, non-interface field + // appearing in ForceSendFields will be sent to the server regardless of + // whether the field is empty or not. This may be used to include empty + // fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "CreateTime") to include in - // API requests with the JSON null value. By default, fields with empty - // values are omitted from API requests. However, any field with an - // empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. + // NullFields is a list of field names (e.g. "AllowlistedCertificates") + // to include in API requests with the JSON null value. By default, + // fields with empty values are omitted from API requests. However, any + // field with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. NullFields []string `json:"-"` } diff --git a/connectors/v1/connectors-api.json b/connectors/v1/connectors-api.json index a442a0d70a4..ff212ed2200 100644 --- a/connectors/v1/connectors-api.json +++ b/connectors/v1/connectors-api.json @@ -1143,6 +1143,37 @@ "https://www.googleapis.com/auth/cloud-platform" ] } + }, + "resources": { + "customConnectorVersions": { + "methods": { + "delete": { + "description": "Deletes a single CustomConnectorVersion.", + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customConnectors/{customConnectorsId}/customConnectorVersions/{customConnectorVersionsId}", + "httpMethod": "DELETE", + "id": "connectors.projects.locations.customConnectors.customConnectorVersions.delete", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. Resource name of the form: `projects/{project}/locations/{location}/customConnectors/{custom_connector}/customConnectorVersions/{custom_connector_version}`", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+/customConnectors/[^/]+/customConnectorVersions/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}", + "response": { + "$ref": "Operation" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + } + } } }, "endpointAttachments": { @@ -2327,7 +2358,7 @@ } } }, - "revision": "20240305", + "revision": "20240319", "rootUrl": "https://connectors.googleapis.com/", "schemas": { "AuditConfig": { @@ -3117,6 +3148,11 @@ "readOnly": true, "type": "array" }, + "authOverrideEnabled": { + "description": "Output only. Flag to mark the dynamic auth override.", + "readOnly": true, + "type": "boolean" + }, "configVariableTemplates": { "description": "Output only. List of config variables needed to create a connection.", "items": { @@ -3209,6 +3245,10 @@ "readOnly": true, "type": "array" }, + "schemaRefreshConfig": { + "$ref": "SchemaRefreshConfig", + "description": "Connection Schema Refresh Config" + }, "sslConfigTemplate": { "$ref": "SslConfigTemplate", "description": "Output only. Ssl configuration supported by the Connector.", @@ -5501,7 +5541,7 @@ "type": "object" }, "MaintenancePolicy": { - "description": "LINT.IfChange Defines policies to service maintenance events.", + "description": "Defines policies to service maintenance events.", "id": "MaintenancePolicy", "properties": { "createTime": { @@ -6532,6 +6572,21 @@ }, "type": "object" }, + "SchemaRefreshConfig": { + "description": "Config for connection schema refresh", + "id": "SchemaRefreshConfig", + "properties": { + "useActionDisplayNames": { + "description": "Whether to use displayName for actions in UI.", + "type": "boolean" + }, + "useSynchronousSchemaRefresh": { + "description": "Whether to use synchronous schema refresh.", + "type": "boolean" + } + }, + "type": "object" + }, "Secret": { "description": "Secret provides a reference to entries in Secret Manager.", "id": "Secret", diff --git a/connectors/v1/connectors-gen.go b/connectors/v1/connectors-gen.go index 324efba7f73..6f6c0ed200f 100644 --- a/connectors/v1/connectors-gen.go +++ b/connectors/v1/connectors-gen.go @@ -253,11 +253,23 @@ type ProjectsLocationsConnectionsRuntimeEntitySchemasService struct { func NewProjectsLocationsCustomConnectorsService(s *Service) *ProjectsLocationsCustomConnectorsService { rs := &ProjectsLocationsCustomConnectorsService{s: s} + rs.CustomConnectorVersions = NewProjectsLocationsCustomConnectorsCustomConnectorVersionsService(s) return rs } type ProjectsLocationsCustomConnectorsService struct { s *Service + + CustomConnectorVersions *ProjectsLocationsCustomConnectorsCustomConnectorVersionsService +} + +func NewProjectsLocationsCustomConnectorsCustomConnectorVersionsService(s *Service) *ProjectsLocationsCustomConnectorsCustomConnectorVersionsService { + rs := &ProjectsLocationsCustomConnectorsCustomConnectorVersionsService{s: s} + return rs +} + +type ProjectsLocationsCustomConnectorsCustomConnectorVersionsService struct { + s *Service } func NewProjectsLocationsEndpointAttachmentsService(s *Service) *ProjectsLocationsEndpointAttachmentsService { @@ -1299,6 +1311,10 @@ type ConnectorVersion struct { // the Connector Version. AuthConfigTemplates []*AuthConfigTemplate `json:"authConfigTemplates,omitempty"` + // AuthOverrideEnabled: Output only. Flag to mark the dynamic auth + // override. + AuthOverrideEnabled bool `json:"authOverrideEnabled,omitempty"` + // ConfigVariableTemplates: Output only. List of config variables needed // to create a connection. ConfigVariableTemplates []*ConfigVariableTemplate `json:"configVariableTemplates,omitempty"` @@ -1358,6 +1374,9 @@ type ConnectorVersion struct { // version. RoleGrants []*RoleGrant `json:"roleGrants,omitempty"` + // SchemaRefreshConfig: Connection Schema Refresh Config + SchemaRefreshConfig *SchemaRefreshConfig `json:"schemaRefreshConfig,omitempty"` + // SslConfigTemplate: Output only. Ssl configuration supported by the // Connector. SslConfigTemplate *SslConfigTemplate `json:"sslConfigTemplate,omitempty"` @@ -4209,8 +4228,7 @@ func (s *LogicalExpression) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// MaintenancePolicy: LINT.IfChange Defines policies to service -// maintenance events. +// MaintenancePolicy: Defines policies to service maintenance events. type MaintenancePolicy struct { // CreateTime: Output only. The time when the resource was created. CreateTime string `json:"createTime,omitempty"` @@ -5611,6 +5629,40 @@ func (s *Schedule) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// SchemaRefreshConfig: Config for connection schema refresh +type SchemaRefreshConfig struct { + // UseActionDisplayNames: Whether to use displayName for actions in UI. + UseActionDisplayNames bool `json:"useActionDisplayNames,omitempty"` + + // UseSynchronousSchemaRefresh: Whether to use synchronous schema + // refresh. + UseSynchronousSchemaRefresh bool `json:"useSynchronousSchemaRefresh,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "UseActionDisplayNames") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "UseActionDisplayNames") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *SchemaRefreshConfig) MarshalJSON() ([]byte, error) { + type NoMethod SchemaRefreshConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Secret: Secret provides a reference to entries in Secret Manager. type Secret struct { // SecretVersion: The resource name of the secret version in the format, @@ -11452,6 +11504,140 @@ func (c *ProjectsLocationsCustomConnectorsValidateCustomConnectorSpecCall) Do(op } +// method id "connectors.projects.locations.customConnectors.customConnectorVersions.delete": + +type ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Delete: Deletes a single CustomConnectorVersion. +// +// - name: Resource name of the form: +// `projects/{project}/locations/{location}/customConnectors/{custom_co +// nnector}/customConnectorVersions/{custom_connector_version}`. +func (r *ProjectsLocationsCustomConnectorsCustomConnectorVersionsService) Delete(name string) *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall { + c := &ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall) Context(ctx context.Context) *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("DELETE", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "connectors.projects.locations.customConnectors.customConnectorVersions.delete" call. +// Exactly one of *Operation or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *Operation.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsCustomConnectorsCustomConnectorVersionsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &Operation{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Deletes a single CustomConnectorVersion.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customConnectors/{customConnectorsId}/customConnectorVersions/{customConnectorVersionsId}", + // "httpMethod": "DELETE", + // "id": "connectors.projects.locations.customConnectors.customConnectorVersions.delete", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Required. Resource name of the form: `projects/{project}/locations/{location}/customConnectors/{custom_connector}/customConnectorVersions/{custom_connector_version}`", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/customConnectors/[^/]+/customConnectorVersions/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "response": { + // "$ref": "Operation" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + // method id "connectors.projects.locations.endpointAttachments.create": type ProjectsLocationsEndpointAttachmentsCreateCall struct { diff --git a/connectors/v2/connectors-api.json b/connectors/v2/connectors-api.json index f1d2326fd1f..a8211fef41f 100644 --- a/connectors/v2/connectors-api.json +++ b/connectors/v2/connectors-api.json @@ -660,7 +660,7 @@ } } }, - "revision": "20231213", + "revision": "20240319", "rootUrl": "https://connectors.googleapis.com/", "schemas": { "AccessCredentials": { @@ -1707,7 +1707,7 @@ "type": "object" }, "MaintenancePolicy": { - "description": "LINT.IfChange Defines policies to service maintenance events.", + "description": "Defines policies to service maintenance events.", "id": "MaintenancePolicy", "properties": { "createTime": { diff --git a/connectors/v2/connectors-gen.go b/connectors/v2/connectors-gen.go index a2544febef6..3f33efea6a8 100644 --- a/connectors/v2/connectors-gen.go +++ b/connectors/v2/connectors-gen.go @@ -1363,8 +1363,7 @@ func (s *ListEntityTypesResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// MaintenancePolicy: LINT.IfChange Defines policies to service -// maintenance events. +// MaintenancePolicy: Defines policies to service maintenance events. type MaintenancePolicy struct { // CreateTime: Output only. The time when the resource was created. CreateTime string `json:"createTime,omitempty"` diff --git a/container/v1beta1/container-api.json b/container/v1beta1/container-api.json index cdacf1e12ac..eb018649b79 100644 --- a/container/v1beta1/container-api.json +++ b/container/v1beta1/container-api.json @@ -2565,7 +2565,7 @@ } } }, - "revision": "20240304", + "revision": "20240313", "rootUrl": "https://container.googleapis.com/", "schemas": { "AcceleratorConfig": { @@ -4143,10 +4143,49 @@ "description": "Configuration of etcd encryption.", "id": "DatabaseEncryption", "properties": { + "currentState": { + "description": "Output only. The current state of etcd encryption.", + "enum": [ + "CURRENT_STATE_UNSPECIFIED", + "CURRENT_STATE_ENCRYPTED", + "CURRENT_STATE_DECRYPTED", + "CURRENT_STATE_ENCRYPTION_PENDING", + "CURRENT_STATE_ENCRYPTION_ERROR", + "CURRENT_STATE_DECRYPTION_PENDING", + "CURRENT_STATE_DECRYPTION_ERROR" + ], + "enumDescriptions": [ + "Should never be set", + "Secrets in etcd are encrypted.", + "Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption.", + "Encryption (or re-encryption with a different CloudKMS key) of Secrets is in progress.", + "Encryption (or re-encryption with a different CloudKMS key) of Secrets in etcd encountered an error.", + "De-crypting Secrets to plain text in etcd is in progress.", + "De-crypting Secrets to plain text in etcd encountered an error." + ], + "readOnly": true, + "type": "string" + }, + "decryptionKeys": { + "description": "Output only. Keys in use by the cluster for decrypting existing objects, in addition to the key in `key_name`. Each item is a CloudKMS key resource.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, "keyName": { "description": "Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key", "type": "string" }, + "lastOperationErrors": { + "description": "Output only. Records errors seen during DatabaseEncryption update operations.", + "items": { + "$ref": "OperationError" + }, + "readOnly": true, + "type": "array" + }, "state": { "description": "The desired state of etcd encryption.", "enum": [ @@ -6277,6 +6316,26 @@ }, "type": "object" }, + "OperationError": { + "description": "OperationError records errors seen from CloudKMS keys encountered during updates to DatabaseEncryption configuration.", + "id": "OperationError", + "properties": { + "errorMessage": { + "description": "Description of the error seen during the operation.", + "type": "string" + }, + "keyName": { + "description": "CloudKMS key resource that had the error.", + "type": "string" + }, + "timestamp": { + "description": "Time when the CloudKMS error was seen.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, "OperationProgress": { "description": "Information about operation (or operation stage) progress.", "id": "OperationProgress", diff --git a/container/v1beta1/container-gen.go b/container/v1beta1/container-gen.go index c2fa35e09f6..6920f0afd50 100644 --- a/container/v1beta1/container-gen.go +++ b/container/v1beta1/container-gen.go @@ -2618,12 +2618,40 @@ func (s *DailyMaintenanceWindow) MarshalJSON() ([]byte, error) { // DatabaseEncryption: Configuration of etcd encryption. type DatabaseEncryption struct { + // CurrentState: Output only. The current state of etcd encryption. + // + // Possible values: + // "CURRENT_STATE_UNSPECIFIED" - Should never be set + // "CURRENT_STATE_ENCRYPTED" - Secrets in etcd are encrypted. + // "CURRENT_STATE_DECRYPTED" - Secrets in etcd are stored in plain + // text (at etcd level) - this is unrelated to Compute Engine level full + // disk encryption. + // "CURRENT_STATE_ENCRYPTION_PENDING" - Encryption (or re-encryption + // with a different CloudKMS key) of Secrets is in progress. + // "CURRENT_STATE_ENCRYPTION_ERROR" - Encryption (or re-encryption + // with a different CloudKMS key) of Secrets in etcd encountered an + // error. + // "CURRENT_STATE_DECRYPTION_PENDING" - De-crypting Secrets to plain + // text in etcd is in progress. + // "CURRENT_STATE_DECRYPTION_ERROR" - De-crypting Secrets to plain + // text in etcd encountered an error. + CurrentState string `json:"currentState,omitempty"` + + // DecryptionKeys: Output only. Keys in use by the cluster for + // decrypting existing objects, in addition to the key in `key_name`. + // Each item is a CloudKMS key resource. + DecryptionKeys []string `json:"decryptionKeys,omitempty"` + // KeyName: Name of CloudKMS key to use for the encryption of secrets in // etcd. Ex. // projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-ke // y KeyName string `json:"keyName,omitempty"` + // LastOperationErrors: Output only. Records errors seen during + // DatabaseEncryption update operations. + LastOperationErrors []*OperationError `json:"lastOperationErrors,omitempty"` + // State: The desired state of etcd encryption. // // Possible values: @@ -2634,7 +2662,7 @@ type DatabaseEncryption struct { // encryption. State string `json:"state,omitempty"` - // ForceSendFields is a list of field names (e.g. "KeyName") to + // ForceSendFields is a list of field names (e.g. "CurrentState") to // unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any // non-pointer, non-interface field appearing in ForceSendFields will be @@ -2642,10 +2670,10 @@ type DatabaseEncryption struct { // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "KeyName") to include in - // API requests with the JSON null value. By default, fields with empty - // values are omitted from API requests. However, any field with an - // empty value appearing in NullFields will be sent to the server as + // NullFields is a list of field names (e.g. "CurrentState") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` @@ -6286,6 +6314,41 @@ func (s *Operation) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// OperationError: OperationError records errors seen from CloudKMS keys +// encountered during updates to DatabaseEncryption configuration. +type OperationError struct { + // ErrorMessage: Description of the error seen during the operation. + ErrorMessage string `json:"errorMessage,omitempty"` + + // KeyName: CloudKMS key resource that had the error. + KeyName string `json:"keyName,omitempty"` + + // Timestamp: Time when the CloudKMS error was seen. + Timestamp string `json:"timestamp,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ErrorMessage") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ErrorMessage") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *OperationError) MarshalJSON() ([]byte, error) { + type NoMethod OperationError + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // OperationProgress: Information about operation (or operation stage) // progress. type OperationProgress struct { diff --git a/datamigration/v1/datamigration-api.json b/datamigration/v1/datamigration-api.json index 09c5ea3247b..bc7d672e431 100644 --- a/datamigration/v1/datamigration-api.json +++ b/datamigration/v1/datamigration-api.json @@ -2125,7 +2125,7 @@ } } }, - "revision": "20240312", + "revision": "20240315", "rootUrl": "https://datamigration.googleapis.com/", "schemas": { "AlloyDbConnectionProfile": { @@ -5692,7 +5692,7 @@ "id": "SqlServerHomogeneousMigrationJobConfig", "properties": { "backupFilePattern": { - "description": "Required. Pattern that describes the default backup naming strategy. The specified pattern should ensure lexicographical order of backups. The pattern must define one of the following capture group sets: Capture group set #1 yy/yyyy - year, 2 or 4 digits mm - month number, 1-12 dd - day of month, 1-31 hh - hour of day, 00-23 mi - minutes, 00-59 ss - seconds, 00-59 Example: For backup file TestDB_backup_20230802_155400.trn, use pattern: (?.*)_backup_(?\\d{4})(?\\d{2})(?\\d{2})_(?\\d{2})(?\\d{2})(?\\d{2}).trn Capture group set #2 timestamp - unix timestamp Example: For backup file TestDB_backup_1691448254.trn, use pattern: (?.*)_backup_(?.*).trn", + "description": "Required. Pattern that describes the default backup naming strategy. The specified pattern should ensure lexicographical order of backups. The pattern must define one of the following capture group sets: Capture group set #1 yy/yyyy - year, 2 or 4 digits mm - month number, 1-12 dd - day of month, 1-31 hh - hour of day, 00-23 mi - minutes, 00-59 ss - seconds, 00-59 Example: For backup file TestDB_20230802_155400.trn, use pattern: (?.*)_backup_(?\\d{4})(?\\d{2})(?\\d{2})_(?\\d{2})(?\\d{2})(?\\d{2}).trn Capture group set #2 timestamp - unix timestamp Example: For backup file TestDB.1691448254.trn, use pattern: (?.*)\\.(?\\d*).trn or (?.*)\\.(?\\d*).trn", "type": "string" }, "databaseBackups": { diff --git a/datamigration/v1/datamigration-gen.go b/datamigration/v1/datamigration-gen.go index d688ae590c6..5b17117950c 100644 --- a/datamigration/v1/datamigration-gen.go +++ b/datamigration/v1/datamigration-gen.go @@ -5442,11 +5442,11 @@ type SqlServerHomogeneousMigrationJobConfig struct { // following capture group sets: Capture group set #1 yy/yyyy - year, 2 // or 4 digits mm - month number, 1-12 dd - day of month, 1-31 hh - hour // of day, 00-23 mi - minutes, 00-59 ss - seconds, 00-59 Example: For - // backup file TestDB_backup_20230802_155400.trn, use pattern: + // backup file TestDB_20230802_155400.trn, use pattern: // (?.*)_backup_(?\d{4})(?\d{2})(?\d{2})_(?\d{2})(?\d{2})(?\d{2}).trn // Capture group set #2 timestamp - unix timestamp Example: For backup - // file TestDB_backup_1691448254.trn, use pattern: - // (?.*)_backup_(?.*).trn + // file TestDB.1691448254.trn, use pattern: (?.*)\.(?\d*).trn or + // (?.*)\.(?\d*).trn BackupFilePattern string `json:"backupFilePattern,omitempty"` // DatabaseBackups: Required. Backup details per database in Cloud diff --git a/dataplex/v1/dataplex-api.json b/dataplex/v1/dataplex-api.json index d6f9fd138a2..6c1fce4c63b 100644 --- a/dataplex/v1/dataplex-api.json +++ b/dataplex/v1/dataplex-api.json @@ -5271,7 +5271,7 @@ } } }, - "revision": "20240311", + "revision": "20240317", "rootUrl": "https://dataplex.googleapis.com/", "schemas": { "Empty": { @@ -6381,44 +6381,6 @@ }, "type": "object" }, - "GoogleCloudDataplexV1DataDocumentationResult": { - "description": "The output of a DataDocumentation scan.", - "id": "GoogleCloudDataplexV1DataDocumentationResult", - "properties": { - "queries": { - "description": "Output only. The list of generated queries.", - "items": { - "$ref": "GoogleCloudDataplexV1DataDocumentationResultQuery" - }, - "readOnly": true, - "type": "array" - } - }, - "type": "object" - }, - "GoogleCloudDataplexV1DataDocumentationResultQuery": { - "description": "A query in data documentation", - "id": "GoogleCloudDataplexV1DataDocumentationResultQuery", - "properties": { - "description": { - "description": "Output only. The description for the query.", - "readOnly": true, - "type": "string" - }, - "sql": { - "description": "Output only. The SQL query string which can be executed.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "GoogleCloudDataplexV1DataDocumentationSpec": { - "description": "DataDocumentation scan related spec.", - "id": "GoogleCloudDataplexV1DataDocumentationSpec", - "properties": {}, - "type": "object" - }, "GoogleCloudDataplexV1DataProfileResult": { "description": "DataProfileResult defines the output of DataProfileScan. Each field of the table will have field type specific profile result.", "id": "GoogleCloudDataplexV1DataProfileResult", @@ -7333,15 +7295,6 @@ "$ref": "GoogleCloudDataplexV1DataSource", "description": "Required. The data source for DataScan." }, - "dataDocumentationResult": { - "$ref": "GoogleCloudDataplexV1DataDocumentationResult", - "description": "Output only. The result of the data documentation scan.", - "readOnly": true - }, - "dataDocumentationSpec": { - "$ref": "GoogleCloudDataplexV1DataDocumentationSpec", - "description": "DataDocumentationScan related setting." - }, "dataProfileResult": { "$ref": "GoogleCloudDataplexV1DataProfileResult", "description": "Output only. The result of the data profile scan.", @@ -7413,14 +7366,12 @@ "enum": [ "DATA_SCAN_TYPE_UNSPECIFIED", "DATA_QUALITY", - "DATA_PROFILE", - "DATA_DOCUMENTATION" + "DATA_PROFILE" ], "enumDescriptions": [ "The DataScan type is unspecified.", "Data Quality scan.", - "Data Profile scan.", - "Data Documentation scan." + "Data Profile scan." ], "readOnly": true, "type": "string" @@ -7725,16 +7676,6 @@ "description": "A DataScanJob represents an instance of DataScan execution.", "id": "GoogleCloudDataplexV1DataScanJob", "properties": { - "dataDocumentationResult": { - "$ref": "GoogleCloudDataplexV1DataDocumentationResult", - "description": "Output only. The result of the data documentation scan.", - "readOnly": true - }, - "dataDocumentationSpec": { - "$ref": "GoogleCloudDataplexV1DataDocumentationSpec", - "description": "Output only. DataDocumentationScan related setting.", - "readOnly": true - }, "dataProfileResult": { "$ref": "GoogleCloudDataplexV1DataProfileResult", "description": "Output only. The result of the data profile scan.", @@ -7805,14 +7746,12 @@ "enum": [ "DATA_SCAN_TYPE_UNSPECIFIED", "DATA_QUALITY", - "DATA_PROFILE", - "DATA_DOCUMENTATION" + "DATA_PROFILE" ], "enumDescriptions": [ "The DataScan type is unspecified.", "Data Quality scan.", - "Data Profile scan.", - "Data Documentation scan." + "Data Profile scan." ], "readOnly": true, "type": "string" diff --git a/dataplex/v1/dataplex-gen.go b/dataplex/v1/dataplex-gen.go index 6e0df0a14af..2b9639cf4b1 100644 --- a/dataplex/v1/dataplex-gen.go +++ b/dataplex/v1/dataplex-gen.go @@ -2058,72 +2058,6 @@ func (s *GoogleCloudDataplexV1DataAttributeBindingPath) MarshalJSON() ([]byte, e return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// GoogleCloudDataplexV1DataDocumentationResult: The output of a -// DataDocumentation scan. -type GoogleCloudDataplexV1DataDocumentationResult struct { - // Queries: Output only. The list of generated queries. - Queries []*GoogleCloudDataplexV1DataDocumentationResultQuery `json:"queries,omitempty"` - - // ForceSendFields is a list of field names (e.g. "Queries") to - // unconditionally include in API requests. By default, fields with - // empty or default values are omitted from API requests. However, any - // non-pointer, non-interface field appearing in ForceSendFields will be - // sent to the server regardless of whether the field is empty or not. - // This may be used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "Queries") to include in - // API requests with the JSON null value. By default, fields with empty - // values are omitted from API requests. However, any field with an - // empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. - NullFields []string `json:"-"` -} - -func (s *GoogleCloudDataplexV1DataDocumentationResult) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudDataplexV1DataDocumentationResult - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - -// GoogleCloudDataplexV1DataDocumentationResultQuery: A query in data -// documentation -type GoogleCloudDataplexV1DataDocumentationResultQuery struct { - // Description: Output only. The description for the query. - Description string `json:"description,omitempty"` - - // Sql: Output only. The SQL query string which can be executed. - Sql string `json:"sql,omitempty"` - - // ForceSendFields is a list of field names (e.g. "Description") to - // unconditionally include in API requests. By default, fields with - // empty or default values are omitted from API requests. However, any - // non-pointer, non-interface field appearing in ForceSendFields will be - // sent to the server regardless of whether the field is empty or not. - // This may be used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "Description") to include - // in API requests with the JSON null value. By default, fields with - // empty values are omitted from API requests. However, any field with - // an empty value appearing in NullFields will be sent to the server as - // null. It is an error if a field in this list has a non-empty value. - // This may be used to include null fields in Patch requests. - NullFields []string `json:"-"` -} - -func (s *GoogleCloudDataplexV1DataDocumentationResultQuery) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudDataplexV1DataDocumentationResultQuery - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - -// GoogleCloudDataplexV1DataDocumentationSpec: DataDocumentation scan -// related spec. -type GoogleCloudDataplexV1DataDocumentationSpec struct { -} - // GoogleCloudDataplexV1DataProfileResult: DataProfileResult defines the // output of DataProfileScan. Each field of the table will have field // type specific profile result. @@ -3858,13 +3792,6 @@ type GoogleCloudDataplexV1DataScan struct { // Data: Required. The data source for DataScan. Data *GoogleCloudDataplexV1DataSource `json:"data,omitempty"` - // DataDocumentationResult: Output only. The result of the data - // documentation scan. - DataDocumentationResult *GoogleCloudDataplexV1DataDocumentationResult `json:"dataDocumentationResult,omitempty"` - - // DataDocumentationSpec: DataDocumentationScan related setting. - DataDocumentationSpec *GoogleCloudDataplexV1DataDocumentationSpec `json:"dataDocumentationSpec,omitempty"` - // DataProfileResult: Output only. The result of the data profile scan. DataProfileResult *GoogleCloudDataplexV1DataProfileResult `json:"dataProfileResult,omitempty"` @@ -3918,7 +3845,6 @@ type GoogleCloudDataplexV1DataScan struct { // "DATA_SCAN_TYPE_UNSPECIFIED" - The DataScan type is unspecified. // "DATA_QUALITY" - Data Quality scan. // "DATA_PROFILE" - Data Profile scan. - // "DATA_DOCUMENTATION" - Data Documentation scan. Type string `json:"type,omitempty"` // Uid: Output only. System generated globally unique ID for the scan. @@ -4399,14 +4325,6 @@ func (s *GoogleCloudDataplexV1DataScanExecutionStatus) MarshalJSON() ([]byte, er // GoogleCloudDataplexV1DataScanJob: A DataScanJob represents an // instance of DataScan execution. type GoogleCloudDataplexV1DataScanJob struct { - // DataDocumentationResult: Output only. The result of the data - // documentation scan. - DataDocumentationResult *GoogleCloudDataplexV1DataDocumentationResult `json:"dataDocumentationResult,omitempty"` - - // DataDocumentationSpec: Output only. DataDocumentationScan related - // setting. - DataDocumentationSpec *GoogleCloudDataplexV1DataDocumentationSpec `json:"dataDocumentationSpec,omitempty"` - // DataProfileResult: Output only. The result of the data profile scan. DataProfileResult *GoogleCloudDataplexV1DataProfileResult `json:"dataProfileResult,omitempty"` @@ -4454,7 +4372,6 @@ type GoogleCloudDataplexV1DataScanJob struct { // "DATA_SCAN_TYPE_UNSPECIFIED" - The DataScan type is unspecified. // "DATA_QUALITY" - Data Quality scan. // "DATA_PROFILE" - Data Profile scan. - // "DATA_DOCUMENTATION" - Data Documentation scan. Type string `json:"type,omitempty"` // Uid: Output only. System generated globally unique ID for the @@ -4465,19 +4382,18 @@ type GoogleCloudDataplexV1DataScanJob struct { // server. googleapi.ServerResponse `json:"-"` - // ForceSendFields is a list of field names (e.g. - // "DataDocumentationResult") to unconditionally include in API - // requests. By default, fields with empty or default values are omitted - // from API requests. However, any non-pointer, non-interface field - // appearing in ForceSendFields will be sent to the server regardless of - // whether the field is empty or not. This may be used to include empty - // fields in Patch requests. + // ForceSendFields is a list of field names (e.g. "DataProfileResult") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "DataDocumentationResult") - // to include in API requests with the JSON null value. By default, - // fields with empty values are omitted from API requests. However, any - // field with an empty value appearing in NullFields will be sent to the + // NullFields is a list of field names (e.g. "DataProfileResult") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the // server as null. It is an error if a field in this list has a // non-empty value. This may be used to include null fields in Patch // requests. diff --git a/gkehub/v1/gkehub-api.json b/gkehub/v1/gkehub-api.json index c3d687ae3d2..44026358562 100644 --- a/gkehub/v1/gkehub-api.json +++ b/gkehub/v1/gkehub-api.json @@ -1421,6 +1421,83 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, + "listMemberships": { + "description": "Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.", + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}:listMemberships", + "httpMethod": "GET", + "id": "gkehub.projects.locations.scopes.listMemberships", + "parameterOrder": [ + "scopeName" + ], + "parameters": { + "filter": { + "description": "Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's `name`, `labels`, `create_time`, `update_time`, and `unique_id`.", + "location": "query", + "type": "string" + }, + "pageSize": { + "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned. Pagination is currently not supported; therefore, setting this field does not have any impact for now.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional. Token returned by previous call to `ListBoundMemberships` which specifies the position in the list from where to continue listing the resources.", + "location": "query", + "type": "string" + }, + "scopeName": { + "description": "Required. Name of the Scope, in the format `projects/*/locations/global/scopes/*`, to which the Memberships are bound.", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+/scopes/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+scopeName}:listMemberships", + "response": { + "$ref": "ListBoundMembershipsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "listPermitted": { + "description": "Lists permitted Scopes.", + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes:listPermitted", + "httpMethod": "GET", + "id": "gkehub.projects.locations.scopes.listPermitted", + "parameterOrder": [ + "parent" + ], + "parameters": { + "pageSize": { + "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional. Token returned by previous call to `ListPermittedScopes` which specifies the position in the list from where to continue listing the resources.", + "location": "query", + "type": "string" + }, + "parent": { + "description": "Required. The parent (project and location) where the Scope will be listed. Specified in the format `projects/*/locations/*`.", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+parent}/scopes:listPermitted", + "response": { + "$ref": "ListPermittedScopesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, "patch": { "description": "Updates a scopes.", "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}", @@ -1834,7 +1911,7 @@ } } }, - "revision": "20240229", + "revision": "20240318", "rootUrl": "https://gkehub.googleapis.com/", "schemas": { "AppDevExperienceFeatureSpec": { @@ -3722,6 +3799,10 @@ "$ref": "IdentityServiceGoogleConfig", "description": "GoogleConfig specific configuration." }, + "ldapConfig": { + "$ref": "IdentityServiceLdapConfig", + "description": "LDAP specific configuration." + }, "name": { "description": "Identifier for auth config.", "type": "string" @@ -3789,6 +3870,48 @@ }, "type": "object" }, + "IdentityServiceGroupConfig": { + "description": "Contains the properties for locating and authenticating groups in the directory.", + "id": "IdentityServiceGroupConfig", + "properties": { + "baseDn": { + "description": "Required. The location of the subtree in the LDAP directory to search for group entries.", + "type": "string" + }, + "filter": { + "description": "Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to \"(objectClass=Group)\".", + "type": "string" + }, + "idAttribute": { + "description": "Optional. The identifying name of each group a user belongs to. For example, if this is set to \"distinguishedName\" then RBACs and other group expectations should be written as full DNs. This defaults to \"distinguishedName\".", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceLdapConfig": { + "description": "Configuration for the LDAP Auth flow.", + "id": "IdentityServiceLdapConfig", + "properties": { + "group": { + "$ref": "IdentityServiceGroupConfig", + "description": "Optional. Contains the properties for locating and authenticating groups in the directory." + }, + "server": { + "$ref": "IdentityServiceServerConfig", + "description": "Required. Server settings for the external LDAP server." + }, + "serviceAccount": { + "$ref": "IdentityServiceServiceAccountConfig", + "description": "Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate." + }, + "user": { + "$ref": "IdentityServiceUserConfig", + "description": "Required. Defines where users exist in the LDAP directory." + } + }, + "type": "object" + }, "IdentityServiceMembershipSpec": { "description": "**Anthos Identity Service**: Configuration for a single Membership.", "id": "IdentityServiceMembershipSpec", @@ -3946,6 +4069,81 @@ }, "type": "object" }, + "IdentityServiceServerConfig": { + "description": "Server settings for the external LDAP server.", + "id": "IdentityServiceServerConfig", + "properties": { + "certificateAuthorityData": { + "description": "Optional. Contains a Base64 encoded, PEM formatted certificate authority certificate for the LDAP server. This must be provided for the \"ldaps\" and \"startTLS\" connections.", + "format": "byte", + "type": "string" + }, + "connectionType": { + "description": "Optional. Defines the connection type to communicate with the LDAP server. If `starttls` or `ldaps` is specified, the certificate_authority_data should not be empty.", + "type": "string" + }, + "host": { + "description": "Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, \"ldap.server.example\" or \"10.10.10.10:389\".", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceServiceAccountConfig": { + "description": "Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.", + "id": "IdentityServiceServiceAccountConfig", + "properties": { + "simpleBindCredentials": { + "$ref": "IdentityServiceSimpleBindCredentials", + "description": "Credentials for basic auth." + } + }, + "type": "object" + }, + "IdentityServiceSimpleBindCredentials": { + "description": "The structure holds the LDAP simple binding credential.", + "id": "IdentityServiceSimpleBindCredentials", + "properties": { + "dn": { + "description": "Required. The distinguished name(DN) of the service account object/user.", + "type": "string" + }, + "encryptedPassword": { + "description": "Output only. The encrypted password of the service account object/user.", + "format": "byte", + "readOnly": true, + "type": "string" + }, + "password": { + "description": "Required. Input only. The password of the service account object/user.", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceUserConfig": { + "description": "Defines where users exist in the LDAP directory.", + "id": "IdentityServiceUserConfig", + "properties": { + "baseDn": { + "description": "Required. The location of the subtree in the LDAP directory to search for user entries.", + "type": "string" + }, + "filter": { + "description": "Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to \"(objectClass=User)\".", + "type": "string" + }, + "idAttribute": { + "description": "Optional. Determines which attribute to use as the user's identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to \"sAMAccountName\" and identifierAttribute to \"userPrincipalName\" would allow a user to login as \"bsmith\", but actual RBAC policies for the user would be written as \"bsmith@example.com\". Using \"userPrincipalName\" is recommended since this will be unique for each user. This defaults to \"userPrincipalName\".", + "type": "string" + }, + "loginAttribute": { + "description": "Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. \"(=)\" and is combined with the optional filter field. This defaults to \"userPrincipalName\".", + "type": "string" + } + }, + "type": "object" + }, "KubernetesMetadata": { "description": "KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.", "id": "KubernetesMetadata", @@ -4018,6 +4216,31 @@ }, "type": "object" }, + "ListBoundMembershipsResponse": { + "description": "List of Memberships bound to a Scope.", + "id": "ListBoundMembershipsResponse", + "properties": { + "memberships": { + "description": "The list of Memberships bound to the given Scope.", + "items": { + "$ref": "Membership" + }, + "type": "array" + }, + "nextPageToken": { + "description": "A token to request the next page of resources from the `ListBoundMemberships` method. The value of an empty string means that there are no more resources to return.", + "type": "string" + }, + "unreachable": { + "description": "List of locations that could not be reached while fetching this list.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "ListFeaturesResponse": { "description": "Response message for the `GkeHub.ListFeatures` method.", "id": "ListFeaturesResponse", @@ -4133,6 +4356,24 @@ }, "type": "object" }, + "ListPermittedScopesResponse": { + "description": "List of permitted Scopes.", + "id": "ListPermittedScopesResponse", + "properties": { + "nextPageToken": { + "description": "A token to request the next page of resources from the `ListPermittedScopes` method. The value of an empty string means that there are no more resources to return.", + "type": "string" + }, + "scopes": { + "description": "The list of permitted Scopes", + "items": { + "$ref": "Scope" + }, + "type": "array" + } + }, + "type": "object" + }, "ListScopeNamespacesResponse": { "description": "List of fleet namespaces.", "id": "ListScopeNamespacesResponse", diff --git a/gkehub/v1/gkehub-gen.go b/gkehub/v1/gkehub-gen.go index 420c3e6155e..c30840b2517 100644 --- a/gkehub/v1/gkehub-gen.go +++ b/gkehub/v1/gkehub-gen.go @@ -3356,6 +3356,9 @@ type IdentityServiceAuthMethod struct { // GoogleConfig: GoogleConfig specific configuration. GoogleConfig *IdentityServiceGoogleConfig `json:"googleConfig,omitempty"` + // LdapConfig: LDAP specific configuration. + LdapConfig *IdentityServiceLdapConfig `json:"ldapConfig,omitempty"` + // Name: Identifier for auth config. Name string `json:"name,omitempty"` @@ -3474,6 +3477,89 @@ func (s *IdentityServiceGoogleConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// IdentityServiceGroupConfig: Contains the properties for locating and +// authenticating groups in the directory. +type IdentityServiceGroupConfig struct { + // BaseDn: Required. The location of the subtree in the LDAP directory + // to search for group entries. + BaseDn string `json:"baseDn,omitempty"` + + // Filter: Optional. Optional filter to be used when searching for + // groups a user belongs to. This can be used to explicitly match only + // certain groups in order to reduce the amount of groups returned for + // each user. This defaults to "(objectClass=Group)". + Filter string `json:"filter,omitempty"` + + // IdAttribute: Optional. The identifying name of each group a user + // belongs to. For example, if this is set to "distinguishedName" then + // RBACs and other group expectations should be written as full DNs. + // This defaults to "distinguishedName". + IdAttribute string `json:"idAttribute,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseDn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseDn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceGroupConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceGroupConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceLdapConfig: Configuration for the LDAP Auth flow. +type IdentityServiceLdapConfig struct { + // Group: Optional. Contains the properties for locating and + // authenticating groups in the directory. + Group *IdentityServiceGroupConfig `json:"group,omitempty"` + + // Server: Required. Server settings for the external LDAP server. + Server *IdentityServiceServerConfig `json:"server,omitempty"` + + // ServiceAccount: Required. Contains the credentials of the service + // account which is authorized to perform the LDAP search in the + // directory. The credentials can be supplied by the combination of the + // DN and password or the client certificate. + ServiceAccount *IdentityServiceServiceAccountConfig `json:"serviceAccount,omitempty"` + + // User: Required. Defines where users exist in the LDAP directory. + User *IdentityServiceUserConfig `json:"user,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Group") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Group") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceLdapConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceLdapConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // IdentityServiceMembershipSpec: **Anthos Identity Service**: // Configuration for a single Membership. type IdentityServiceMembershipSpec struct { @@ -3684,6 +3770,173 @@ func (s *IdentityServiceSamlConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// IdentityServiceServerConfig: Server settings for the external LDAP +// server. +type IdentityServiceServerConfig struct { + // CertificateAuthorityData: Optional. Contains a Base64 encoded, PEM + // formatted certificate authority certificate for the LDAP server. This + // must be provided for the "ldaps" and "startTLS" connections. + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // ConnectionType: Optional. Defines the connection type to communicate + // with the LDAP server. If `starttls` or `ldaps` is specified, the + // certificate_authority_data should not be empty. + ConnectionType string `json:"connectionType,omitempty"` + + // Host: Required. Defines the hostname or IP of the LDAP server. Port + // is optional and will default to 389, if unspecified. For example, + // "ldap.server.example" or "10.10.10.10:389". + Host string `json:"host,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "CertificateAuthorityData") to unconditionally include in API + // requests. By default, fields with empty or default values are omitted + // from API requests. However, any non-pointer, non-interface field + // appearing in ForceSendFields will be sent to the server regardless of + // whether the field is empty or not. This may be used to include empty + // fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CertificateAuthorityData") + // to include in API requests with the JSON null value. By default, + // fields with empty values are omitted from API requests. However, any + // field with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceServerConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceServerConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceServiceAccountConfig: Contains the credentials of the +// service account which is authorized to perform the LDAP search in the +// directory. The credentials can be supplied by the combination of the +// DN and password or the client certificate. +type IdentityServiceServiceAccountConfig struct { + // SimpleBindCredentials: Credentials for basic auth. + SimpleBindCredentials *IdentityServiceSimpleBindCredentials `json:"simpleBindCredentials,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "SimpleBindCredentials") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "SimpleBindCredentials") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceServiceAccountConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceServiceAccountConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceSimpleBindCredentials: The structure holds the LDAP +// simple binding credential. +type IdentityServiceSimpleBindCredentials struct { + // Dn: Required. The distinguished name(DN) of the service account + // object/user. + Dn string `json:"dn,omitempty"` + + // EncryptedPassword: Output only. The encrypted password of the service + // account object/user. + EncryptedPassword string `json:"encryptedPassword,omitempty"` + + // Password: Required. Input only. The password of the service account + // object/user. + Password string `json:"password,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Dn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Dn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceSimpleBindCredentials) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceSimpleBindCredentials + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceUserConfig: Defines where users exist in the LDAP +// directory. +type IdentityServiceUserConfig struct { + // BaseDn: Required. The location of the subtree in the LDAP directory + // to search for user entries. + BaseDn string `json:"baseDn,omitempty"` + + // Filter: Optional. Filter to apply when searching for the user. This + // can be used to further restrict the user accounts which are allowed + // to login. This defaults to "(objectClass=User)". + Filter string `json:"filter,omitempty"` + + // IdAttribute: Optional. Determines which attribute to use as the + // user's identity after they are authenticated. This is distinct from + // the loginAttribute field to allow users to login with a username, but + // then have their actual identifier be an email address or full + // Distinguished Name (DN). For example, setting loginAttribute to + // "sAMAccountName" and identifierAttribute to "userPrincipalName" would + // allow a user to login as "bsmith", but actual RBAC policies for the + // user would be written as "bsmith@example.com". Using + // "userPrincipalName" is recommended since this will be unique for each + // user. This defaults to "userPrincipalName". + IdAttribute string `json:"idAttribute,omitempty"` + + // LoginAttribute: Optional. The name of the attribute which matches + // against the input username. This is used to find the user in the LDAP + // database e.g. "(=)" and is combined with the optional filter field. + // This defaults to "userPrincipalName". + LoginAttribute string `json:"loginAttribute,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseDn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseDn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceUserConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceUserConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // KubernetesMetadata: KubernetesMetadata provides informational // metadata for Memberships representing Kubernetes clusters. type KubernetesMetadata struct { @@ -3800,6 +4053,47 @@ func (s *KubernetesResource) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ListBoundMembershipsResponse: List of Memberships bound to a Scope. +type ListBoundMembershipsResponse struct { + // Memberships: The list of Memberships bound to the given Scope. + Memberships []*Membership `json:"memberships,omitempty"` + + // NextPageToken: A token to request the next page of resources from the + // `ListBoundMemberships` method. The value of an empty string means + // that there are no more resources to return. + NextPageToken string `json:"nextPageToken,omitempty"` + + // Unreachable: List of locations that could not be reached while + // fetching this list. + Unreachable []string `json:"unreachable,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Memberships") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Memberships") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListBoundMembershipsResponse) MarshalJSON() ([]byte, error) { + type NoMethod ListBoundMembershipsResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // ListFeaturesResponse: Response message for the `GkeHub.ListFeatures` // method. type ListFeaturesResponse struct { @@ -4030,6 +4324,43 @@ func (s *ListOperationsResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ListPermittedScopesResponse: List of permitted Scopes. +type ListPermittedScopesResponse struct { + // NextPageToken: A token to request the next page of resources from the + // `ListPermittedScopes` method. The value of an empty string means that + // there are no more resources to return. + NextPageToken string `json:"nextPageToken,omitempty"` + + // Scopes: The list of permitted Scopes + Scopes []*Scope `json:"scopes,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "NextPageToken") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "NextPageToken") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListPermittedScopesResponse) MarshalJSON() ([]byte, error) { + type NoMethod ListPermittedScopesResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // ListScopeNamespacesResponse: List of fleet namespaces. type ListScopeNamespacesResponse struct { // NextPageToken: A token to request the next page of resources from the @@ -13109,6 +13440,415 @@ func (c *ProjectsLocationsScopesListCall) Pages(ctx context.Context, f func(*Lis } } +// method id "gkehub.projects.locations.scopes.listMemberships": + +type ProjectsLocationsScopesListMembershipsCall struct { + s *Service + scopeName string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// ListMemberships: Lists Memberships bound to a Scope. The response +// includes relevant Memberships from all regions. +// +// - scopeName: Name of the Scope, in the format +// `projects/*/locations/global/scopes/*`, to which the Memberships +// are bound. +func (r *ProjectsLocationsScopesService) ListMemberships(scopeName string) *ProjectsLocationsScopesListMembershipsCall { + c := &ProjectsLocationsScopesListMembershipsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.scopeName = scopeName + return c +} + +// Filter sets the optional parameter "filter": Lists Memberships that +// match the filter expression, following the syntax outlined in +// https://google.aip.dev/160. Currently, filtering can be done only +// based on Memberships's `name`, `labels`, `create_time`, +// `update_time`, and `unique_id`. +func (c *ProjectsLocationsScopesListMembershipsCall) Filter(filter string) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("filter", filter) + return c +} + +// PageSize sets the optional parameter "pageSize": When requesting a +// 'page' of resources, `page_size` specifies number of resources to +// return. If unspecified or set to 0, all resources will be returned. +// Pagination is currently not supported; therefore, setting this field +// does not have any impact for now. +func (c *ProjectsLocationsScopesListMembershipsCall) PageSize(pageSize int64) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Token returned by +// previous call to `ListBoundMemberships` which specifies the position +// in the list from where to continue listing the resources. +func (c *ProjectsLocationsScopesListMembershipsCall) PageToken(pageToken string) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsScopesListMembershipsCall) Fields(s ...googleapi.Field) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsScopesListMembershipsCall) IfNoneMatch(entityTag string) *ProjectsLocationsScopesListMembershipsCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsScopesListMembershipsCall) Context(ctx context.Context) *ProjectsLocationsScopesListMembershipsCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsScopesListMembershipsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsScopesListMembershipsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+scopeName}:listMemberships") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "scopeName": c.scopeName, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "gkehub.projects.locations.scopes.listMemberships" call. +// Exactly one of *ListBoundMembershipsResponse or error will be +// non-nil. Any non-2xx status code is an error. Response headers are in +// either *ListBoundMembershipsResponse.ServerResponse.Header or (if a +// response was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsScopesListMembershipsCall) Do(opts ...googleapi.CallOption) (*ListBoundMembershipsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &ListBoundMembershipsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}:listMemberships", + // "httpMethod": "GET", + // "id": "gkehub.projects.locations.scopes.listMemberships", + // "parameterOrder": [ + // "scopeName" + // ], + // "parameters": { + // "filter": { + // "description": "Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's `name`, `labels`, `create_time`, `update_time`, and `unique_id`.", + // "location": "query", + // "type": "string" + // }, + // "pageSize": { + // "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned. Pagination is currently not supported; therefore, setting this field does not have any impact for now.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional. Token returned by previous call to `ListBoundMemberships` which specifies the position in the list from where to continue listing the resources.", + // "location": "query", + // "type": "string" + // }, + // "scopeName": { + // "description": "Required. Name of the Scope, in the format `projects/*/locations/global/scopes/*`, to which the Memberships are bound.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/scopes/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+scopeName}:listMemberships", + // "response": { + // "$ref": "ListBoundMembershipsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsScopesListMembershipsCall) Pages(ctx context.Context, f func(*ListBoundMembershipsResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + +// method id "gkehub.projects.locations.scopes.listPermitted": + +type ProjectsLocationsScopesListPermittedCall struct { + s *Service + parent string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// ListPermitted: Lists permitted Scopes. +// +// - parent: The parent (project and location) where the Scope will be +// listed. Specified in the format `projects/*/locations/*`. +func (r *ProjectsLocationsScopesService) ListPermitted(parent string) *ProjectsLocationsScopesListPermittedCall { + c := &ProjectsLocationsScopesListPermittedCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + return c +} + +// PageSize sets the optional parameter "pageSize": When requesting a +// 'page' of resources, `page_size` specifies number of resources to +// return. If unspecified or set to 0, all resources will be returned. +func (c *ProjectsLocationsScopesListPermittedCall) PageSize(pageSize int64) *ProjectsLocationsScopesListPermittedCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Token returned by +// previous call to `ListPermittedScopes` which specifies the position +// in the list from where to continue listing the resources. +func (c *ProjectsLocationsScopesListPermittedCall) PageToken(pageToken string) *ProjectsLocationsScopesListPermittedCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsScopesListPermittedCall) Fields(s ...googleapi.Field) *ProjectsLocationsScopesListPermittedCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsScopesListPermittedCall) IfNoneMatch(entityTag string) *ProjectsLocationsScopesListPermittedCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsScopesListPermittedCall) Context(ctx context.Context) *ProjectsLocationsScopesListPermittedCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsScopesListPermittedCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsScopesListPermittedCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/scopes:listPermitted") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "gkehub.projects.locations.scopes.listPermitted" call. +// Exactly one of *ListPermittedScopesResponse or error will be non-nil. +// Any non-2xx status code is an error. Response headers are in either +// *ListPermittedScopesResponse.ServerResponse.Header or (if a response +// was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsScopesListPermittedCall) Do(opts ...googleapi.CallOption) (*ListPermittedScopesResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &ListPermittedScopesResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists permitted Scopes.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes:listPermitted", + // "httpMethod": "GET", + // "id": "gkehub.projects.locations.scopes.listPermitted", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "pageSize": { + // "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional. Token returned by previous call to `ListPermittedScopes` which specifies the position in the list from where to continue listing the resources.", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The parent (project and location) where the Scope will be listed. Specified in the format `projects/*/locations/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/scopes:listPermitted", + // "response": { + // "$ref": "ListPermittedScopesResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsScopesListPermittedCall) Pages(ctx context.Context, f func(*ListPermittedScopesResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + // method id "gkehub.projects.locations.scopes.patch": type ProjectsLocationsScopesPatchCall struct { diff --git a/gkehub/v1alpha/gkehub-api.json b/gkehub/v1alpha/gkehub-api.json index f30ecd6033b..db9cbb0a0c0 100644 --- a/gkehub/v1alpha/gkehub-api.json +++ b/gkehub/v1alpha/gkehub-api.json @@ -2175,7 +2175,7 @@ } } }, - "revision": "20240229", + "revision": "20240318", "rootUrl": "https://gkehub.googleapis.com/", "schemas": { "AnthosObservabilityFeatureSpec": { @@ -4313,6 +4313,10 @@ "$ref": "IdentityServiceGoogleConfig", "description": "GoogleConfig specific configuration." }, + "ldapConfig": { + "$ref": "IdentityServiceLdapConfig", + "description": "LDAP specific configuration." + }, "name": { "description": "Identifier for auth config.", "type": "string" @@ -4380,6 +4384,48 @@ }, "type": "object" }, + "IdentityServiceGroupConfig": { + "description": "Contains the properties for locating and authenticating groups in the directory.", + "id": "IdentityServiceGroupConfig", + "properties": { + "baseDn": { + "description": "Required. The location of the subtree in the LDAP directory to search for group entries.", + "type": "string" + }, + "filter": { + "description": "Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to \"(objectClass=Group)\".", + "type": "string" + }, + "idAttribute": { + "description": "Optional. The identifying name of each group a user belongs to. For example, if this is set to \"distinguishedName\" then RBACs and other group expectations should be written as full DNs. This defaults to \"distinguishedName\".", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceLdapConfig": { + "description": "Configuration for the LDAP Auth flow.", + "id": "IdentityServiceLdapConfig", + "properties": { + "group": { + "$ref": "IdentityServiceGroupConfig", + "description": "Optional. Contains the properties for locating and authenticating groups in the directory." + }, + "server": { + "$ref": "IdentityServiceServerConfig", + "description": "Required. Server settings for the external LDAP server." + }, + "serviceAccount": { + "$ref": "IdentityServiceServiceAccountConfig", + "description": "Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate." + }, + "user": { + "$ref": "IdentityServiceUserConfig", + "description": "Required. Defines where users exist in the LDAP directory." + } + }, + "type": "object" + }, "IdentityServiceMembershipSpec": { "description": "**Anthos Identity Service**: Configuration for a single Membership.", "id": "IdentityServiceMembershipSpec", @@ -4537,6 +4583,81 @@ }, "type": "object" }, + "IdentityServiceServerConfig": { + "description": "Server settings for the external LDAP server.", + "id": "IdentityServiceServerConfig", + "properties": { + "certificateAuthorityData": { + "description": "Optional. Contains a Base64 encoded, PEM formatted certificate authority certificate for the LDAP server. This must be provided for the \"ldaps\" and \"startTLS\" connections.", + "format": "byte", + "type": "string" + }, + "connectionType": { + "description": "Optional. Defines the connection type to communicate with the LDAP server. If `starttls` or `ldaps` is specified, the certificate_authority_data should not be empty.", + "type": "string" + }, + "host": { + "description": "Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, \"ldap.server.example\" or \"10.10.10.10:389\".", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceServiceAccountConfig": { + "description": "Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.", + "id": "IdentityServiceServiceAccountConfig", + "properties": { + "simpleBindCredentials": { + "$ref": "IdentityServiceSimpleBindCredentials", + "description": "Credentials for basic auth." + } + }, + "type": "object" + }, + "IdentityServiceSimpleBindCredentials": { + "description": "The structure holds the LDAP simple binding credential.", + "id": "IdentityServiceSimpleBindCredentials", + "properties": { + "dn": { + "description": "Required. The distinguished name(DN) of the service account object/user.", + "type": "string" + }, + "encryptedPassword": { + "description": "Output only. The encrypted password of the service account object/user.", + "format": "byte", + "readOnly": true, + "type": "string" + }, + "password": { + "description": "Required. Input only. The password of the service account object/user.", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceUserConfig": { + "description": "Defines where users exist in the LDAP directory.", + "id": "IdentityServiceUserConfig", + "properties": { + "baseDn": { + "description": "Required. The location of the subtree in the LDAP directory to search for user entries.", + "type": "string" + }, + "filter": { + "description": "Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to \"(objectClass=User)\".", + "type": "string" + }, + "idAttribute": { + "description": "Optional. Determines which attribute to use as the user's identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to \"sAMAccountName\" and identifierAttribute to \"userPrincipalName\" would allow a user to login as \"bsmith\", but actual RBAC policies for the user would be written as \"bsmith@example.com\". Using \"userPrincipalName\" is recommended since this will be unique for each user. This defaults to \"userPrincipalName\".", + "type": "string" + }, + "loginAttribute": { + "description": "Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. \"(=)\" and is combined with the optional filter field. This defaults to \"userPrincipalName\".", + "type": "string" + } + }, + "type": "object" + }, "KubernetesMetadata": { "description": "KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.", "id": "KubernetesMetadata", diff --git a/gkehub/v1alpha/gkehub-gen.go b/gkehub/v1alpha/gkehub-gen.go index a05873659d9..c77aea3e5df 100644 --- a/gkehub/v1alpha/gkehub-gen.go +++ b/gkehub/v1alpha/gkehub-gen.go @@ -3805,6 +3805,9 @@ type IdentityServiceAuthMethod struct { // GoogleConfig: GoogleConfig specific configuration. GoogleConfig *IdentityServiceGoogleConfig `json:"googleConfig,omitempty"` + // LdapConfig: LDAP specific configuration. + LdapConfig *IdentityServiceLdapConfig `json:"ldapConfig,omitempty"` + // Name: Identifier for auth config. Name string `json:"name,omitempty"` @@ -3923,6 +3926,89 @@ func (s *IdentityServiceGoogleConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// IdentityServiceGroupConfig: Contains the properties for locating and +// authenticating groups in the directory. +type IdentityServiceGroupConfig struct { + // BaseDn: Required. The location of the subtree in the LDAP directory + // to search for group entries. + BaseDn string `json:"baseDn,omitempty"` + + // Filter: Optional. Optional filter to be used when searching for + // groups a user belongs to. This can be used to explicitly match only + // certain groups in order to reduce the amount of groups returned for + // each user. This defaults to "(objectClass=Group)". + Filter string `json:"filter,omitempty"` + + // IdAttribute: Optional. The identifying name of each group a user + // belongs to. For example, if this is set to "distinguishedName" then + // RBACs and other group expectations should be written as full DNs. + // This defaults to "distinguishedName". + IdAttribute string `json:"idAttribute,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseDn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseDn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceGroupConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceGroupConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceLdapConfig: Configuration for the LDAP Auth flow. +type IdentityServiceLdapConfig struct { + // Group: Optional. Contains the properties for locating and + // authenticating groups in the directory. + Group *IdentityServiceGroupConfig `json:"group,omitempty"` + + // Server: Required. Server settings for the external LDAP server. + Server *IdentityServiceServerConfig `json:"server,omitempty"` + + // ServiceAccount: Required. Contains the credentials of the service + // account which is authorized to perform the LDAP search in the + // directory. The credentials can be supplied by the combination of the + // DN and password or the client certificate. + ServiceAccount *IdentityServiceServiceAccountConfig `json:"serviceAccount,omitempty"` + + // User: Required. Defines where users exist in the LDAP directory. + User *IdentityServiceUserConfig `json:"user,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Group") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Group") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceLdapConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceLdapConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // IdentityServiceMembershipSpec: **Anthos Identity Service**: // Configuration for a single Membership. type IdentityServiceMembershipSpec struct { @@ -4133,6 +4219,173 @@ func (s *IdentityServiceSamlConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// IdentityServiceServerConfig: Server settings for the external LDAP +// server. +type IdentityServiceServerConfig struct { + // CertificateAuthorityData: Optional. Contains a Base64 encoded, PEM + // formatted certificate authority certificate for the LDAP server. This + // must be provided for the "ldaps" and "startTLS" connections. + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // ConnectionType: Optional. Defines the connection type to communicate + // with the LDAP server. If `starttls` or `ldaps` is specified, the + // certificate_authority_data should not be empty. + ConnectionType string `json:"connectionType,omitempty"` + + // Host: Required. Defines the hostname or IP of the LDAP server. Port + // is optional and will default to 389, if unspecified. For example, + // "ldap.server.example" or "10.10.10.10:389". + Host string `json:"host,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "CertificateAuthorityData") to unconditionally include in API + // requests. By default, fields with empty or default values are omitted + // from API requests. However, any non-pointer, non-interface field + // appearing in ForceSendFields will be sent to the server regardless of + // whether the field is empty or not. This may be used to include empty + // fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CertificateAuthorityData") + // to include in API requests with the JSON null value. By default, + // fields with empty values are omitted from API requests. However, any + // field with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceServerConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceServerConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceServiceAccountConfig: Contains the credentials of the +// service account which is authorized to perform the LDAP search in the +// directory. The credentials can be supplied by the combination of the +// DN and password or the client certificate. +type IdentityServiceServiceAccountConfig struct { + // SimpleBindCredentials: Credentials for basic auth. + SimpleBindCredentials *IdentityServiceSimpleBindCredentials `json:"simpleBindCredentials,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "SimpleBindCredentials") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "SimpleBindCredentials") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceServiceAccountConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceServiceAccountConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceSimpleBindCredentials: The structure holds the LDAP +// simple binding credential. +type IdentityServiceSimpleBindCredentials struct { + // Dn: Required. The distinguished name(DN) of the service account + // object/user. + Dn string `json:"dn,omitempty"` + + // EncryptedPassword: Output only. The encrypted password of the service + // account object/user. + EncryptedPassword string `json:"encryptedPassword,omitempty"` + + // Password: Required. Input only. The password of the service account + // object/user. + Password string `json:"password,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Dn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Dn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceSimpleBindCredentials) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceSimpleBindCredentials + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceUserConfig: Defines where users exist in the LDAP +// directory. +type IdentityServiceUserConfig struct { + // BaseDn: Required. The location of the subtree in the LDAP directory + // to search for user entries. + BaseDn string `json:"baseDn,omitempty"` + + // Filter: Optional. Filter to apply when searching for the user. This + // can be used to further restrict the user accounts which are allowed + // to login. This defaults to "(objectClass=User)". + Filter string `json:"filter,omitempty"` + + // IdAttribute: Optional. Determines which attribute to use as the + // user's identity after they are authenticated. This is distinct from + // the loginAttribute field to allow users to login with a username, but + // then have their actual identifier be an email address or full + // Distinguished Name (DN). For example, setting loginAttribute to + // "sAMAccountName" and identifierAttribute to "userPrincipalName" would + // allow a user to login as "bsmith", but actual RBAC policies for the + // user would be written as "bsmith@example.com". Using + // "userPrincipalName" is recommended since this will be unique for each + // user. This defaults to "userPrincipalName". + IdAttribute string `json:"idAttribute,omitempty"` + + // LoginAttribute: Optional. The name of the attribute which matches + // against the input username. This is used to find the user in the LDAP + // database e.g. "(=)" and is combined with the optional filter field. + // This defaults to "userPrincipalName". + LoginAttribute string `json:"loginAttribute,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseDn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseDn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceUserConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceUserConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // KubernetesMetadata: KubernetesMetadata provides informational // metadata for Memberships representing Kubernetes clusters. type KubernetesMetadata struct { diff --git a/gkehub/v1beta/gkehub-api.json b/gkehub/v1beta/gkehub-api.json index 2c3aecc3243..2f0159b4f59 100644 --- a/gkehub/v1beta/gkehub-api.json +++ b/gkehub/v1beta/gkehub-api.json @@ -1611,6 +1611,83 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, + "listMemberships": { + "description": "Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.", + "flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}:listMemberships", + "httpMethod": "GET", + "id": "gkehub.projects.locations.scopes.listMemberships", + "parameterOrder": [ + "scopeName" + ], + "parameters": { + "filter": { + "description": "Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's `name`, `labels`, `create_time`, `update_time`, and `unique_id`.", + "location": "query", + "type": "string" + }, + "pageSize": { + "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned. Pagination is currently not supported; therefore, setting this field does not have any impact for now.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional. Token returned by previous call to `ListBoundMemberships` which specifies the position in the list from where to continue listing the resources.", + "location": "query", + "type": "string" + }, + "scopeName": { + "description": "Required. Name of the Scope, in the format `projects/*/locations/global/scopes/*`, to which the Memberships are bound.", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+/scopes/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1beta/{+scopeName}:listMemberships", + "response": { + "$ref": "ListBoundMembershipsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "listPermitted": { + "description": "Lists permitted Scopes.", + "flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes:listPermitted", + "httpMethod": "GET", + "id": "gkehub.projects.locations.scopes.listPermitted", + "parameterOrder": [ + "parent" + ], + "parameters": { + "pageSize": { + "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional. Token returned by previous call to `ListPermittedScopes` which specifies the position in the list from where to continue listing the resources.", + "location": "query", + "type": "string" + }, + "parent": { + "description": "Required. The parent (project and location) where the Scope will be listed. Specified in the format `projects/*/locations/*`.", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1beta/{+parent}/scopes:listPermitted", + "response": { + "$ref": "ListPermittedScopesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, "patch": { "description": "Updates a scopes.", "flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}", @@ -2024,7 +2101,7 @@ } } }, - "revision": "20240229", + "revision": "20240318", "rootUrl": "https://gkehub.googleapis.com/", "schemas": { "AnthosObservabilityFeatureSpec": { @@ -4017,6 +4094,10 @@ "$ref": "IdentityServiceGoogleConfig", "description": "GoogleConfig specific configuration." }, + "ldapConfig": { + "$ref": "IdentityServiceLdapConfig", + "description": "LDAP specific configuration." + }, "name": { "description": "Identifier for auth config.", "type": "string" @@ -4084,6 +4165,48 @@ }, "type": "object" }, + "IdentityServiceGroupConfig": { + "description": "Contains the properties for locating and authenticating groups in the directory.", + "id": "IdentityServiceGroupConfig", + "properties": { + "baseDn": { + "description": "Required. The location of the subtree in the LDAP directory to search for group entries.", + "type": "string" + }, + "filter": { + "description": "Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to \"(objectClass=Group)\".", + "type": "string" + }, + "idAttribute": { + "description": "Optional. The identifying name of each group a user belongs to. For example, if this is set to \"distinguishedName\" then RBACs and other group expectations should be written as full DNs. This defaults to \"distinguishedName\".", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceLdapConfig": { + "description": "Configuration for the LDAP Auth flow.", + "id": "IdentityServiceLdapConfig", + "properties": { + "group": { + "$ref": "IdentityServiceGroupConfig", + "description": "Optional. Contains the properties for locating and authenticating groups in the directory." + }, + "server": { + "$ref": "IdentityServiceServerConfig", + "description": "Required. Server settings for the external LDAP server." + }, + "serviceAccount": { + "$ref": "IdentityServiceServiceAccountConfig", + "description": "Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate." + }, + "user": { + "$ref": "IdentityServiceUserConfig", + "description": "Required. Defines where users exist in the LDAP directory." + } + }, + "type": "object" + }, "IdentityServiceMembershipSpec": { "description": "**Anthos Identity Service**: Configuration for a single Membership.", "id": "IdentityServiceMembershipSpec", @@ -4241,6 +4364,81 @@ }, "type": "object" }, + "IdentityServiceServerConfig": { + "description": "Server settings for the external LDAP server.", + "id": "IdentityServiceServerConfig", + "properties": { + "certificateAuthorityData": { + "description": "Optional. Contains a Base64 encoded, PEM formatted certificate authority certificate for the LDAP server. This must be provided for the \"ldaps\" and \"startTLS\" connections.", + "format": "byte", + "type": "string" + }, + "connectionType": { + "description": "Optional. Defines the connection type to communicate with the LDAP server. If `starttls` or `ldaps` is specified, the certificate_authority_data should not be empty.", + "type": "string" + }, + "host": { + "description": "Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, \"ldap.server.example\" or \"10.10.10.10:389\".", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceServiceAccountConfig": { + "description": "Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.", + "id": "IdentityServiceServiceAccountConfig", + "properties": { + "simpleBindCredentials": { + "$ref": "IdentityServiceSimpleBindCredentials", + "description": "Credentials for basic auth." + } + }, + "type": "object" + }, + "IdentityServiceSimpleBindCredentials": { + "description": "The structure holds the LDAP simple binding credential.", + "id": "IdentityServiceSimpleBindCredentials", + "properties": { + "dn": { + "description": "Required. The distinguished name(DN) of the service account object/user.", + "type": "string" + }, + "encryptedPassword": { + "description": "Output only. The encrypted password of the service account object/user.", + "format": "byte", + "readOnly": true, + "type": "string" + }, + "password": { + "description": "Required. Input only. The password of the service account object/user.", + "type": "string" + } + }, + "type": "object" + }, + "IdentityServiceUserConfig": { + "description": "Defines where users exist in the LDAP directory.", + "id": "IdentityServiceUserConfig", + "properties": { + "baseDn": { + "description": "Required. The location of the subtree in the LDAP directory to search for user entries.", + "type": "string" + }, + "filter": { + "description": "Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to \"(objectClass=User)\".", + "type": "string" + }, + "idAttribute": { + "description": "Optional. Determines which attribute to use as the user's identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to \"sAMAccountName\" and identifierAttribute to \"userPrincipalName\" would allow a user to login as \"bsmith\", but actual RBAC policies for the user would be written as \"bsmith@example.com\". Using \"userPrincipalName\" is recommended since this will be unique for each user. This defaults to \"userPrincipalName\".", + "type": "string" + }, + "loginAttribute": { + "description": "Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. \"(=)\" and is combined with the optional filter field. This defaults to \"userPrincipalName\".", + "type": "string" + } + }, + "type": "object" + }, "KubernetesMetadata": { "description": "KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.", "id": "KubernetesMetadata", @@ -4313,6 +4511,31 @@ }, "type": "object" }, + "ListBoundMembershipsResponse": { + "description": "List of Memberships bound to a Scope.", + "id": "ListBoundMembershipsResponse", + "properties": { + "memberships": { + "description": "The list of Memberships bound to the given Scope.", + "items": { + "$ref": "Membership" + }, + "type": "array" + }, + "nextPageToken": { + "description": "A token to request the next page of resources from the `ListBoundMemberships` method. The value of an empty string means that there are no more resources to return.", + "type": "string" + }, + "unreachable": { + "description": "List of locations that could not be reached while fetching this list.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "ListFeaturesResponse": { "description": "Response message for the `GkeHub.ListFeatures` method.", "id": "ListFeaturesResponse", @@ -4446,6 +4669,24 @@ }, "type": "object" }, + "ListPermittedScopesResponse": { + "description": "List of permitted Scopes.", + "id": "ListPermittedScopesResponse", + "properties": { + "nextPageToken": { + "description": "A token to request the next page of resources from the `ListPermittedScopes` method. The value of an empty string means that there are no more resources to return.", + "type": "string" + }, + "scopes": { + "description": "The list of permitted Scopes", + "items": { + "$ref": "Scope" + }, + "type": "array" + } + }, + "type": "object" + }, "ListScopeNamespacesResponse": { "description": "List of fleet namespaces.", "id": "ListScopeNamespacesResponse", diff --git a/gkehub/v1beta/gkehub-gen.go b/gkehub/v1beta/gkehub-gen.go index ad0876832af..55b2c8a1db8 100644 --- a/gkehub/v1beta/gkehub-gen.go +++ b/gkehub/v1beta/gkehub-gen.go @@ -3579,6 +3579,9 @@ type IdentityServiceAuthMethod struct { // GoogleConfig: GoogleConfig specific configuration. GoogleConfig *IdentityServiceGoogleConfig `json:"googleConfig,omitempty"` + // LdapConfig: LDAP specific configuration. + LdapConfig *IdentityServiceLdapConfig `json:"ldapConfig,omitempty"` + // Name: Identifier for auth config. Name string `json:"name,omitempty"` @@ -3697,6 +3700,89 @@ func (s *IdentityServiceGoogleConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// IdentityServiceGroupConfig: Contains the properties for locating and +// authenticating groups in the directory. +type IdentityServiceGroupConfig struct { + // BaseDn: Required. The location of the subtree in the LDAP directory + // to search for group entries. + BaseDn string `json:"baseDn,omitempty"` + + // Filter: Optional. Optional filter to be used when searching for + // groups a user belongs to. This can be used to explicitly match only + // certain groups in order to reduce the amount of groups returned for + // each user. This defaults to "(objectClass=Group)". + Filter string `json:"filter,omitempty"` + + // IdAttribute: Optional. The identifying name of each group a user + // belongs to. For example, if this is set to "distinguishedName" then + // RBACs and other group expectations should be written as full DNs. + // This defaults to "distinguishedName". + IdAttribute string `json:"idAttribute,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseDn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseDn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceGroupConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceGroupConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceLdapConfig: Configuration for the LDAP Auth flow. +type IdentityServiceLdapConfig struct { + // Group: Optional. Contains the properties for locating and + // authenticating groups in the directory. + Group *IdentityServiceGroupConfig `json:"group,omitempty"` + + // Server: Required. Server settings for the external LDAP server. + Server *IdentityServiceServerConfig `json:"server,omitempty"` + + // ServiceAccount: Required. Contains the credentials of the service + // account which is authorized to perform the LDAP search in the + // directory. The credentials can be supplied by the combination of the + // DN and password or the client certificate. + ServiceAccount *IdentityServiceServiceAccountConfig `json:"serviceAccount,omitempty"` + + // User: Required. Defines where users exist in the LDAP directory. + User *IdentityServiceUserConfig `json:"user,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Group") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Group") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceLdapConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceLdapConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // IdentityServiceMembershipSpec: **Anthos Identity Service**: // Configuration for a single Membership. type IdentityServiceMembershipSpec struct { @@ -3907,6 +3993,173 @@ func (s *IdentityServiceSamlConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// IdentityServiceServerConfig: Server settings for the external LDAP +// server. +type IdentityServiceServerConfig struct { + // CertificateAuthorityData: Optional. Contains a Base64 encoded, PEM + // formatted certificate authority certificate for the LDAP server. This + // must be provided for the "ldaps" and "startTLS" connections. + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + + // ConnectionType: Optional. Defines the connection type to communicate + // with the LDAP server. If `starttls` or `ldaps` is specified, the + // certificate_authority_data should not be empty. + ConnectionType string `json:"connectionType,omitempty"` + + // Host: Required. Defines the hostname or IP of the LDAP server. Port + // is optional and will default to 389, if unspecified. For example, + // "ldap.server.example" or "10.10.10.10:389". + Host string `json:"host,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "CertificateAuthorityData") to unconditionally include in API + // requests. By default, fields with empty or default values are omitted + // from API requests. However, any non-pointer, non-interface field + // appearing in ForceSendFields will be sent to the server regardless of + // whether the field is empty or not. This may be used to include empty + // fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CertificateAuthorityData") + // to include in API requests with the JSON null value. By default, + // fields with empty values are omitted from API requests. However, any + // field with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceServerConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceServerConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceServiceAccountConfig: Contains the credentials of the +// service account which is authorized to perform the LDAP search in the +// directory. The credentials can be supplied by the combination of the +// DN and password or the client certificate. +type IdentityServiceServiceAccountConfig struct { + // SimpleBindCredentials: Credentials for basic auth. + SimpleBindCredentials *IdentityServiceSimpleBindCredentials `json:"simpleBindCredentials,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "SimpleBindCredentials") to unconditionally include in API requests. + // By default, fields with empty or default values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "SimpleBindCredentials") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceServiceAccountConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceServiceAccountConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceSimpleBindCredentials: The structure holds the LDAP +// simple binding credential. +type IdentityServiceSimpleBindCredentials struct { + // Dn: Required. The distinguished name(DN) of the service account + // object/user. + Dn string `json:"dn,omitempty"` + + // EncryptedPassword: Output only. The encrypted password of the service + // account object/user. + EncryptedPassword string `json:"encryptedPassword,omitempty"` + + // Password: Required. Input only. The password of the service account + // object/user. + Password string `json:"password,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Dn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Dn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceSimpleBindCredentials) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceSimpleBindCredentials + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// IdentityServiceUserConfig: Defines where users exist in the LDAP +// directory. +type IdentityServiceUserConfig struct { + // BaseDn: Required. The location of the subtree in the LDAP directory + // to search for user entries. + BaseDn string `json:"baseDn,omitempty"` + + // Filter: Optional. Filter to apply when searching for the user. This + // can be used to further restrict the user accounts which are allowed + // to login. This defaults to "(objectClass=User)". + Filter string `json:"filter,omitempty"` + + // IdAttribute: Optional. Determines which attribute to use as the + // user's identity after they are authenticated. This is distinct from + // the loginAttribute field to allow users to login with a username, but + // then have their actual identifier be an email address or full + // Distinguished Name (DN). For example, setting loginAttribute to + // "sAMAccountName" and identifierAttribute to "userPrincipalName" would + // allow a user to login as "bsmith", but actual RBAC policies for the + // user would be written as "bsmith@example.com". Using + // "userPrincipalName" is recommended since this will be unique for each + // user. This defaults to "userPrincipalName". + IdAttribute string `json:"idAttribute,omitempty"` + + // LoginAttribute: Optional. The name of the attribute which matches + // against the input username. This is used to find the user in the LDAP + // database e.g. "(=)" and is combined with the optional filter field. + // This defaults to "userPrincipalName". + LoginAttribute string `json:"loginAttribute,omitempty"` + + // ForceSendFields is a list of field names (e.g. "BaseDn") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "BaseDn") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *IdentityServiceUserConfig) MarshalJSON() ([]byte, error) { + type NoMethod IdentityServiceUserConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // KubernetesMetadata: KubernetesMetadata provides informational // metadata for Memberships representing Kubernetes clusters. type KubernetesMetadata struct { @@ -4023,6 +4276,47 @@ func (s *KubernetesResource) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ListBoundMembershipsResponse: List of Memberships bound to a Scope. +type ListBoundMembershipsResponse struct { + // Memberships: The list of Memberships bound to the given Scope. + Memberships []*Membership `json:"memberships,omitempty"` + + // NextPageToken: A token to request the next page of resources from the + // `ListBoundMemberships` method. The value of an empty string means + // that there are no more resources to return. + NextPageToken string `json:"nextPageToken,omitempty"` + + // Unreachable: List of locations that could not be reached while + // fetching this list. + Unreachable []string `json:"unreachable,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Memberships") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Memberships") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListBoundMembershipsResponse) MarshalJSON() ([]byte, error) { + type NoMethod ListBoundMembershipsResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // ListFeaturesResponse: Response message for the `GkeHub.ListFeatures` // method. type ListFeaturesResponse struct { @@ -4291,6 +4585,43 @@ func (s *ListOperationsResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ListPermittedScopesResponse: List of permitted Scopes. +type ListPermittedScopesResponse struct { + // NextPageToken: A token to request the next page of resources from the + // `ListPermittedScopes` method. The value of an empty string means that + // there are no more resources to return. + NextPageToken string `json:"nextPageToken,omitempty"` + + // Scopes: The list of permitted Scopes + Scopes []*Scope `json:"scopes,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "NextPageToken") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "NextPageToken") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListPermittedScopesResponse) MarshalJSON() ([]byte, error) { + type NoMethod ListPermittedScopesResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // ListScopeNamespacesResponse: List of fleet namespaces. type ListScopeNamespacesResponse struct { // NextPageToken: A token to request the next page of resources from the @@ -14438,6 +14769,415 @@ func (c *ProjectsLocationsScopesListCall) Pages(ctx context.Context, f func(*Lis } } +// method id "gkehub.projects.locations.scopes.listMemberships": + +type ProjectsLocationsScopesListMembershipsCall struct { + s *Service + scopeName string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// ListMemberships: Lists Memberships bound to a Scope. The response +// includes relevant Memberships from all regions. +// +// - scopeName: Name of the Scope, in the format +// `projects/*/locations/global/scopes/*`, to which the Memberships +// are bound. +func (r *ProjectsLocationsScopesService) ListMemberships(scopeName string) *ProjectsLocationsScopesListMembershipsCall { + c := &ProjectsLocationsScopesListMembershipsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.scopeName = scopeName + return c +} + +// Filter sets the optional parameter "filter": Lists Memberships that +// match the filter expression, following the syntax outlined in +// https://google.aip.dev/160. Currently, filtering can be done only +// based on Memberships's `name`, `labels`, `create_time`, +// `update_time`, and `unique_id`. +func (c *ProjectsLocationsScopesListMembershipsCall) Filter(filter string) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("filter", filter) + return c +} + +// PageSize sets the optional parameter "pageSize": When requesting a +// 'page' of resources, `page_size` specifies number of resources to +// return. If unspecified or set to 0, all resources will be returned. +// Pagination is currently not supported; therefore, setting this field +// does not have any impact for now. +func (c *ProjectsLocationsScopesListMembershipsCall) PageSize(pageSize int64) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Token returned by +// previous call to `ListBoundMemberships` which specifies the position +// in the list from where to continue listing the resources. +func (c *ProjectsLocationsScopesListMembershipsCall) PageToken(pageToken string) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsScopesListMembershipsCall) Fields(s ...googleapi.Field) *ProjectsLocationsScopesListMembershipsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsScopesListMembershipsCall) IfNoneMatch(entityTag string) *ProjectsLocationsScopesListMembershipsCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsScopesListMembershipsCall) Context(ctx context.Context) *ProjectsLocationsScopesListMembershipsCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsScopesListMembershipsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsScopesListMembershipsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta/{+scopeName}:listMemberships") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "scopeName": c.scopeName, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "gkehub.projects.locations.scopes.listMemberships" call. +// Exactly one of *ListBoundMembershipsResponse or error will be +// non-nil. Any non-2xx status code is an error. Response headers are in +// either *ListBoundMembershipsResponse.ServerResponse.Header or (if a +// response was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsScopesListMembershipsCall) Do(opts ...googleapi.CallOption) (*ListBoundMembershipsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &ListBoundMembershipsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.", + // "flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}:listMemberships", + // "httpMethod": "GET", + // "id": "gkehub.projects.locations.scopes.listMemberships", + // "parameterOrder": [ + // "scopeName" + // ], + // "parameters": { + // "filter": { + // "description": "Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's `name`, `labels`, `create_time`, `update_time`, and `unique_id`.", + // "location": "query", + // "type": "string" + // }, + // "pageSize": { + // "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned. Pagination is currently not supported; therefore, setting this field does not have any impact for now.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional. Token returned by previous call to `ListBoundMemberships` which specifies the position in the list from where to continue listing the resources.", + // "location": "query", + // "type": "string" + // }, + // "scopeName": { + // "description": "Required. Name of the Scope, in the format `projects/*/locations/global/scopes/*`, to which the Memberships are bound.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/scopes/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1beta/{+scopeName}:listMemberships", + // "response": { + // "$ref": "ListBoundMembershipsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsScopesListMembershipsCall) Pages(ctx context.Context, f func(*ListBoundMembershipsResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + +// method id "gkehub.projects.locations.scopes.listPermitted": + +type ProjectsLocationsScopesListPermittedCall struct { + s *Service + parent string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// ListPermitted: Lists permitted Scopes. +// +// - parent: The parent (project and location) where the Scope will be +// listed. Specified in the format `projects/*/locations/*`. +func (r *ProjectsLocationsScopesService) ListPermitted(parent string) *ProjectsLocationsScopesListPermittedCall { + c := &ProjectsLocationsScopesListPermittedCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + return c +} + +// PageSize sets the optional parameter "pageSize": When requesting a +// 'page' of resources, `page_size` specifies number of resources to +// return. If unspecified or set to 0, all resources will be returned. +func (c *ProjectsLocationsScopesListPermittedCall) PageSize(pageSize int64) *ProjectsLocationsScopesListPermittedCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Token returned by +// previous call to `ListPermittedScopes` which specifies the position +// in the list from where to continue listing the resources. +func (c *ProjectsLocationsScopesListPermittedCall) PageToken(pageToken string) *ProjectsLocationsScopesListPermittedCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsScopesListPermittedCall) Fields(s ...googleapi.Field) *ProjectsLocationsScopesListPermittedCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsScopesListPermittedCall) IfNoneMatch(entityTag string) *ProjectsLocationsScopesListPermittedCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsScopesListPermittedCall) Context(ctx context.Context) *ProjectsLocationsScopesListPermittedCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsScopesListPermittedCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsScopesListPermittedCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta/{+parent}/scopes:listPermitted") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "gkehub.projects.locations.scopes.listPermitted" call. +// Exactly one of *ListPermittedScopesResponse or error will be non-nil. +// Any non-2xx status code is an error. Response headers are in either +// *ListPermittedScopesResponse.ServerResponse.Header or (if a response +// was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsScopesListPermittedCall) Do(opts ...googleapi.CallOption) (*ListPermittedScopesResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &ListPermittedScopesResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists permitted Scopes.", + // "flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes:listPermitted", + // "httpMethod": "GET", + // "id": "gkehub.projects.locations.scopes.listPermitted", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "pageSize": { + // "description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional. Token returned by previous call to `ListPermittedScopes` which specifies the position in the list from where to continue listing the resources.", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The parent (project and location) where the Scope will be listed. Specified in the format `projects/*/locations/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1beta/{+parent}/scopes:listPermitted", + // "response": { + // "$ref": "ListPermittedScopesResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsScopesListPermittedCall) Pages(ctx context.Context, f func(*ListPermittedScopesResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + // method id "gkehub.projects.locations.scopes.patch": type ProjectsLocationsScopesPatchCall struct { diff --git a/networkservices/v1/networkservices-api.json b/networkservices/v1/networkservices-api.json index de88720e0c8..07b6acb022c 100644 --- a/networkservices/v1/networkservices-api.json +++ b/networkservices/v1/networkservices-api.json @@ -2756,7 +2756,7 @@ } } }, - "revision": "20240224", + "revision": "20240315", "rootUrl": "https://networkservices.googleapis.com/", "schemas": { "AuditConfig": { @@ -3073,7 +3073,7 @@ "id": "ExtensionChainMatchCondition", "properties": { "celExpression": { - "description": "Required. A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. For more information, see [CEL matcher language reference](/service-extensions/docs/cel-matcher-language-reference).", + "description": "Required. A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. For more information, see [CEL matcher language reference](https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference).", "type": "string" } }, @@ -4091,7 +4091,7 @@ "additionalProperties": { "type": "string" }, - "description": "Optional. Set of labels associated with the `LbRouteExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources.", + "description": "Optional. Set of labels associated with the `LbRouteExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.", "type": "object" }, "loadBalancingScheme": { @@ -4153,7 +4153,7 @@ "additionalProperties": { "type": "string" }, - "description": "Optional. Set of labels associated with the `LbTrafficExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources.", + "description": "Optional. Set of labels associated with the `LbTrafficExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.", "type": "object" }, "loadBalancingScheme": { diff --git a/networkservices/v1/networkservices-gen.go b/networkservices/v1/networkservices-gen.go index 1be504524d5..0e3ed140a37 100644 --- a/networkservices/v1/networkservices-gen.go +++ b/networkservices/v1/networkservices-gen.go @@ -1003,7 +1003,8 @@ type ExtensionChainMatchCondition struct { // CelExpression: Required. A Common Expression Language (CEL) // expression that is used to match requests for which the extension // chain is executed. For more information, see CEL matcher language - // reference (/service-extensions/docs/cel-matcher-language-reference). + // reference + // (https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference). CelExpression string `json:"celExpression,omitempty"` // ForceSendFields is a list of field names (e.g. "CelExpression") to @@ -2698,8 +2699,8 @@ type LbRouteExtension struct { // Labels: Optional. Set of labels associated with the // `LbRouteExtension` resource. The format must comply with the // requirements for labels - // (/compute/docs/labeling-resources#requirements) for Google Cloud - // resources. + // (https://cloud.google.com/compute/docs/labeling-resources#requirements) + // for Google Cloud resources. Labels map[string]string `json:"labels,omitempty"` // LoadBalancingScheme: Required. All backend services and forwarding @@ -2780,8 +2781,8 @@ type LbTrafficExtension struct { // Labels: Optional. Set of labels associated with the // `LbTrafficExtension` resource. The format must comply with the // requirements for labels - // (/compute/docs/labeling-resources#requirements) for Google Cloud - // resources. + // (https://cloud.google.com/compute/docs/labeling-resources#requirements) + // for Google Cloud resources. Labels map[string]string `json:"labels,omitempty"` // LoadBalancingScheme: Required. All backend services and forwarding diff --git a/networkservices/v1beta1/networkservices-api.json b/networkservices/v1beta1/networkservices-api.json index 8698021cc75..2a169727131 100644 --- a/networkservices/v1beta1/networkservices-api.json +++ b/networkservices/v1beta1/networkservices-api.json @@ -2483,7 +2483,7 @@ } } }, - "revision": "20240224", + "revision": "20240315", "rootUrl": "https://networkservices.googleapis.com/", "schemas": { "AuditConfig": { @@ -2757,7 +2757,7 @@ "id": "ExtensionChainMatchCondition", "properties": { "celExpression": { - "description": "Required. A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. For more information, see [CEL matcher language reference](/service-extensions/docs/cel-matcher-language-reference).", + "description": "Required. A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. For more information, see [CEL matcher language reference](https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference).", "type": "string" } }, @@ -3775,7 +3775,7 @@ "additionalProperties": { "type": "string" }, - "description": "Optional. Set of labels associated with the `LbRouteExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources.", + "description": "Optional. Set of labels associated with the `LbRouteExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.", "type": "object" }, "loadBalancingScheme": { @@ -3837,7 +3837,7 @@ "additionalProperties": { "type": "string" }, - "description": "Optional. Set of labels associated with the `LbTrafficExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources.", + "description": "Optional. Set of labels associated with the `LbTrafficExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.", "type": "object" }, "loadBalancingScheme": { diff --git a/networkservices/v1beta1/networkservices-gen.go b/networkservices/v1beta1/networkservices-gen.go index 29f001135fa..500de508f7c 100644 --- a/networkservices/v1beta1/networkservices-gen.go +++ b/networkservices/v1beta1/networkservices-gen.go @@ -874,7 +874,8 @@ type ExtensionChainMatchCondition struct { // CelExpression: Required. A Common Expression Language (CEL) // expression that is used to match requests for which the extension // chain is executed. For more information, see CEL matcher language - // reference (/service-extensions/docs/cel-matcher-language-reference). + // reference + // (https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference). CelExpression string `json:"celExpression,omitempty"` // ForceSendFields is a list of field names (e.g. "CelExpression") to @@ -2569,8 +2570,8 @@ type LbRouteExtension struct { // Labels: Optional. Set of labels associated with the // `LbRouteExtension` resource. The format must comply with the // requirements for labels - // (/compute/docs/labeling-resources#requirements) for Google Cloud - // resources. + // (https://cloud.google.com/compute/docs/labeling-resources#requirements) + // for Google Cloud resources. Labels map[string]string `json:"labels,omitempty"` // LoadBalancingScheme: Required. All backend services and forwarding @@ -2651,8 +2652,8 @@ type LbTrafficExtension struct { // Labels: Optional. Set of labels associated with the // `LbTrafficExtension` resource. The format must comply with the // requirements for labels - // (/compute/docs/labeling-resources#requirements) for Google Cloud - // resources. + // (https://cloud.google.com/compute/docs/labeling-resources#requirements) + // for Google Cloud resources. Labels map[string]string `json:"labels,omitempty"` // LoadBalancingScheme: Required. All backend services and forwarding diff --git a/redis/v1/redis-api.json b/redis/v1/redis-api.json index 0a8fbd248d1..3019dcf9ec2 100644 --- a/redis/v1/redis-api.json +++ b/redis/v1/redis-api.json @@ -821,9 +821,32 @@ } } }, - "revision": "20240307", + "revision": "20240319", "rootUrl": "https://redis.googleapis.com/", "schemas": { + "AOFConfig": { + "description": "Configuration of the AOF based persistence.", + "id": "AOFConfig", + "properties": { + "appendFsync": { + "description": "Optional. fsync configuration.", + "enum": [ + "APPEND_FSYNC_UNSPECIFIED", + "NO", + "EVERYSEC", + "ALWAYS" + ], + "enumDescriptions": [ + "Not set. Default: EVERYSEC", + "Never fsync. Normally Linux will flush data every 30 seconds with this configuration, but it's up to the kernel's exact tuning.", + "fsync every second. Fast enough, and you may lose 1 second of data if there is a disaster", + "fsync every time new commands are appended to the AOF. It has the best data loss protection at the cost of performance" + ], + "type": "string" + } + }, + "type": "object" + }, "AvailabilityConfiguration": { "description": "Configuration for availability of database instance", "id": "AvailabilityConfiguration", @@ -972,6 +995,10 @@ "description": "Required. Unique name of the resource in this scope including project and location using the form: `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}`", "type": "string" }, + "persistenceConfig": { + "$ref": "ClusterPersistenceConfig", + "description": "Optional. Persistence config (RDB, AOF) for the cluster." + }, "pscConfigs": { "description": "Required. Each PscConfig configures the consumer network where IPs will be designated to the cluster for client access through Private Service Connect Automation. Currently, only one PscConfig is supported.", "items": { @@ -987,6 +1014,13 @@ "readOnly": true, "type": "array" }, + "redisConfigs": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Key/Value pairs of customer overrides for mutable Redis Configs", + "type": "object" + }, "replicaCount": { "description": "Optional. The number of replica nodes per shard.", "format": "int32", @@ -1049,6 +1083,37 @@ }, "type": "object" }, + "ClusterPersistenceConfig": { + "description": "Configuration of the persistence functionality.", + "id": "ClusterPersistenceConfig", + "properties": { + "aofConfig": { + "$ref": "AOFConfig", + "description": "Optional. AOF configuration. This field will be ignored if mode is not AOF." + }, + "mode": { + "description": "Optional. The mode of persistence.", + "enum": [ + "PERSISTENCE_MODE_UNSPECIFIED", + "DISABLED", + "RDB", + "AOF" + ], + "enumDescriptions": [ + "Not set.", + "Persistence is disabled, and any snapshot data is deleted.", + "RDB based persistence is enabled.", + "AOF based persistence is enabled." + ], + "type": "string" + }, + "rdbConfig": { + "$ref": "RDBConfig", + "description": "Optional. RDB configuration. This field will be ignored if mode is not RDB." + } + }, + "type": "object" + }, "Compliance": { "description": "Contains compliance information about a security standard indicating unmet recommendations.", "id": "Compliance", @@ -1301,7 +1366,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", @@ -1780,7 +1845,7 @@ "SIGNAL_TYPE_DATABASE_AUDITING_DISABLED", "SIGNAL_TYPE_RESTRICT_AUTHORIZED_NETWORKS", "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP", - "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT", + "SIGNAL_TYPE_QUOTA_LIMIT", "SIGNAL_TYPE_NO_PASSWORD_POLICY", "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT", "SIGNAL_TYPE_TMP_TABLES_PERFORMANCE_IMPACT", @@ -2936,6 +3001,36 @@ }, "type": "object" }, + "RDBConfig": { + "description": "Configuration of the RDB based persistence.", + "id": "RDBConfig", + "properties": { + "rdbSnapshotPeriod": { + "description": "Optional. Period between RDB snapshots.", + "enum": [ + "SNAPSHOT_PERIOD_UNSPECIFIED", + "ONE_HOUR", + "SIX_HOURS", + "TWELVE_HOURS", + "TWENTY_FOUR_HOURS" + ], + "enumDescriptions": [ + "Not set.", + "One hour.", + "Six hours.", + "Twelve hours.", + "Twenty four hours." + ], + "type": "string" + }, + "rdbSnapshotStartTime": { + "description": "Optional. The time that the first snapshot was/will be attempted, and to which future snapshots will be aligned. If not provided, the current time will be used.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, "ReconciliationOperationMetadata": { "description": "Operation metadata returned by the CLH during resource state reconciliation.", "id": "ReconciliationOperationMetadata", diff --git a/redis/v1/redis-gen.go b/redis/v1/redis-gen.go index 5156aef156a..ab35feb8d50 100644 --- a/redis/v1/redis-gen.go +++ b/redis/v1/redis-gen.go @@ -214,6 +214,43 @@ type ProjectsLocationsOperationsService struct { s *Service } +// AOFConfig: Configuration of the AOF based persistence. +type AOFConfig struct { + // AppendFsync: Optional. fsync configuration. + // + // Possible values: + // "APPEND_FSYNC_UNSPECIFIED" - Not set. Default: EVERYSEC + // "NO" - Never fsync. Normally Linux will flush data every 30 seconds + // with this configuration, but it's up to the kernel's exact tuning. + // "EVERYSEC" - fsync every second. Fast enough, and you may lose 1 + // second of data if there is a disaster + // "ALWAYS" - fsync every time new commands are appended to the AOF. + // It has the best data loss protection at the cost of performance + AppendFsync string `json:"appendFsync,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AppendFsync") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AppendFsync") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *AOFConfig) MarshalJSON() ([]byte, error) { + type NoMethod AOFConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // AvailabilityConfiguration: Configuration for availability of database // instance type AvailabilityConfiguration struct { @@ -432,6 +469,10 @@ type Cluster struct { // `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}` Name string `json:"name,omitempty"` + // PersistenceConfig: Optional. Persistence config (RDB, AOF) for the + // cluster. + PersistenceConfig *ClusterPersistenceConfig `json:"persistenceConfig,omitempty"` + // PscConfigs: Required. Each PscConfig configures the consumer network // where IPs will be designated to the cluster for client access through // Private Service Connect Automation. Currently, only one PscConfig is @@ -442,6 +483,10 @@ type Cluster struct { // cluster topology and accessing the cluster. PscConnections []*PscConnection `json:"pscConnections,omitempty"` + // RedisConfigs: Optional. Key/Value pairs of customer overrides for + // mutable Redis Configs + RedisConfigs map[string]string `json:"redisConfigs,omitempty"` + // ReplicaCount: Optional. The number of replica nodes per shard. ReplicaCount int64 `json:"replicaCount,omitempty"` @@ -511,6 +556,50 @@ func (s *Cluster) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ClusterPersistenceConfig: Configuration of the persistence +// functionality. +type ClusterPersistenceConfig struct { + // AofConfig: Optional. AOF configuration. This field will be ignored if + // mode is not AOF. + AofConfig *AOFConfig `json:"aofConfig,omitempty"` + + // Mode: Optional. The mode of persistence. + // + // Possible values: + // "PERSISTENCE_MODE_UNSPECIFIED" - Not set. + // "DISABLED" - Persistence is disabled, and any snapshot data is + // deleted. + // "RDB" - RDB based persistence is enabled. + // "AOF" - AOF based persistence is enabled. + Mode string `json:"mode,omitempty"` + + // RdbConfig: Optional. RDB configuration. This field will be ignored if + // mode is not RDB. + RdbConfig *RDBConfig `json:"rdbConfig,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AofConfig") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AofConfig") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ClusterPersistenceConfig) MarshalJSON() ([]byte, error) { + type NoMethod ClusterPersistenceConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Compliance: Contains compliance information about a security standard // indicating unmet recommendations. type Compliance struct { @@ -907,7 +996,7 @@ type DatabaseResourceHealthSignalData struct { // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact @@ -1354,7 +1443,7 @@ type DatabaseResourceRecommendationSignalData struct { // restricted to authorized networks. // "SIGNAL_TYPE_VIOLATE_POLICY_RESTRICT_PUBLIC_IP" - Represents // violate org policy restrict public ip. - // "SIGNAL_TYPE_CLUSTER_QUOTA_LIMIT" - Cluster nearing quota limit + // "SIGNAL_TYPE_QUOTA_LIMIT" - Cluster nearing quota limit // "SIGNAL_TYPE_NO_PASSWORD_POLICY" - No password policy set on // resources // "SIGNAL_TYPE_CONNECTIONS_PERFORMANCE_IMPACT" - Performance impact @@ -2830,6 +2919,47 @@ func (s *PscConnection) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// RDBConfig: Configuration of the RDB based persistence. +type RDBConfig struct { + // RdbSnapshotPeriod: Optional. Period between RDB snapshots. + // + // Possible values: + // "SNAPSHOT_PERIOD_UNSPECIFIED" - Not set. + // "ONE_HOUR" - One hour. + // "SIX_HOURS" - Six hours. + // "TWELVE_HOURS" - Twelve hours. + // "TWENTY_FOUR_HOURS" - Twenty four hours. + RdbSnapshotPeriod string `json:"rdbSnapshotPeriod,omitempty"` + + // RdbSnapshotStartTime: Optional. The time that the first snapshot + // was/will be attempted, and to which future snapshots will be aligned. + // If not provided, the current time will be used. + RdbSnapshotStartTime string `json:"rdbSnapshotStartTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "RdbSnapshotPeriod") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "RdbSnapshotPeriod") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *RDBConfig) MarshalJSON() ([]byte, error) { + type NoMethod RDBConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // ReconciliationOperationMetadata: Operation metadata returned by the // CLH during resource state reconciliation. type ReconciliationOperationMetadata struct { diff --git a/storage/v1/storage-api.json b/storage/v1/storage-api.json index e100da3e294..1b4be6993dd 100644 --- a/storage/v1/storage-api.json +++ b/storage/v1/storage-api.json @@ -33,7 +33,7 @@ "location": "me-central2" } ], - "etag": "\"33383639383534303336303331313132393335\"", + "etag": "\"33303333323233383838323039393532373539\"", "icons": { "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" @@ -3146,7 +3146,8 @@ "id": "storage.objects.restore", "parameterOrder": [ "bucket", - "object" + "object", + "generation" ], "parameters": { "bucket": { @@ -4042,7 +4043,7 @@ } } }, - "revision": "20240311", + "revision": "20240319", "rootUrl": "https://storage.googleapis.com/", "schemas": { "AnywhereCache": { diff --git a/storage/v1/storage-gen.go b/storage/v1/storage-gen.go index 3fa41847266..a3f17e5c6f5 100644 --- a/storage/v1/storage-gen.go +++ b/storage/v1/storage-gen.go @@ -15078,10 +15078,11 @@ type ObjectsRestoreCall struct { // - generation: Selects a specific revision of this object. // - object: Name of the object. For information about how to URL encode // object names to be path safe, see Encoding URI Path Parts. -func (r *ObjectsService) Restore(bucket string, object string) *ObjectsRestoreCall { +func (r *ObjectsService) Restore(bucket string, object string, generation int64) *ObjectsRestoreCall { c := &ObjectsRestoreCall{s: r.s, urlParams_: make(gensupport.URLParams)} c.bucket = bucket c.object = object + c.urlParams_.Set("generation", fmt.Sprint(generation)) return c } @@ -15240,7 +15241,8 @@ func (c *ObjectsRestoreCall) Do(opts ...googleapi.CallOption) (*Object, error) { // "id": "storage.objects.restore", // "parameterOrder": [ // "bucket", - // "object" + // "object", + // "generation" // ], // "parameters": { // "bucket": {