feat: [workstations] add output field for the control plane IP address (

#4263) * feat: add output field for the control plane IP address feat: add output field for the number of pooled instances docs: adjust documentation wording PiperOrigin-RevId: 530727488 Source-Link: googleapis/googleapis@866228e Source-Link: googleapis/googleapis-gen@53444d0 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXdvcmtzdGF0aW9ucy8uT3dsQm90LnlhbWwiLCJoIjoiNTM0NDRkMGRkODNkODFlMTFjYzFhZTFkNjU3MTM1ZTE4M2VhZThkYyJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * feat: add output field for the control plane IP address feat: add output field for the number of pooled instances feat: add support for accelerators feat: add support for readiness checks feat: add auditd support feat: add support for workstation-level environment variables docs: adjust documentation wording PiperOrigin-RevId: 531290149 Source-Link: googleapis/googleapis@d6a61ef Source-Link: googleapis/googleapis-gen@8fdb131 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXdvcmtzdGF0aW9ucy8uT3dsQm90LnlhbWwiLCJoIjoiOGZkYjEzMTdmY2IwYWEzMzk2ZWViNzI4ZDlhMTVlYjczNDE4N2U3YSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: gcf-merge-on-green[bot] <60162190+gcf-merge-on-green[bot]@users.noreply.github.com> Co-authored-by: Denis DelGrosso <[email protected]>
googleapis · May 16, 2023 · ee6e699 · ee6e699
1 parent 88877b9
commit ee6e699
Show file tree

Hide file tree

Showing 27 changed files with 1,359 additions and 223 deletions.
diff --git a/packages/google-cloud-workstations/README.md b/packages/google-cloud-workstations/README.md
diff --git a/packages/google-cloud-workstations/protos/google/cloud/workstations/v1/workstations.proto b/packages/google-cloud-workstations/protos/google/cloud/workstations/v1/workstations.proto
@@ -106,7 +106,7 @@ service Workstations {
     option (google.api.method_signature) = "name";
   }
 
-  // Returns all WorkstationConfigs in the specified cluster.
+  // Returns all workstation configurations in the specified cluster.
   rpc ListWorkstationConfigs(ListWorkstationConfigsRequest)
       returns (ListWorkstationConfigsResponse) {
     option (google.api.http) = {
@@ -175,7 +175,7 @@ service Workstations {
     option (google.api.method_signature) = "name";
   }
 
-  // Returns all Workstations using the specified config.
+  // Returns all Workstations using the specified workstation configuration.
   rpc ListWorkstations(ListWorkstationsRequest)
       returns (ListWorkstationsResponse) {
     option (google.api.http) = {
@@ -184,8 +184,8 @@ service Workstations {
     option (google.api.method_signature) = "parent";
   }
 
-  // Returns all Workstations using the specified config on which the caller has
-  // the "workstations.workstations.use" permission.
+  // Returns all workstations using the specified workstation configuration
+  // on which the caller has the "workstations.workstations.use" permission.
   rpc ListUsableWorkstations(ListUsableWorkstationsRequest)
       returns (ListUsableWorkstationsResponse) {
     option (google.api.http) = {
@@ -343,7 +343,7 @@ message WorkstationCluster {
       [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Checksum computed by the server. May be sent on update and delete requests
-  // to ensure that the client has an up-to-date value before proceeding.
+  // to make sure that the client has an up-to-date value before proceeding.
   string etag = 9;
 
   // Immutable. Name of the Compute Engine network in which instances associated
@@ -355,6 +355,12 @@ message WorkstationCluster {
   // subnetwork specified for this cluster.
   string subnetwork = 11 [(google.api.field_behavior) = IMMUTABLE];
 
+  // Output only. The private IP address of the control plane for this cluster.
+  // Workstation VMs need access to this IP address to work with the service, so
+  // make sure that your firewall rules allow egress from the workstation VMs to
+  // this address.
+  string control_plane_ip = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
+
   // Configuration for private cluster.
   PrivateClusterConfig private_cluster_config = 12;
 
@@ -403,20 +409,24 @@ message WorkstationConfig {
       // The name of a Compute Engine machine type.
       string machine_type = 1;
 
-      // Email address of the service account that will be used on VM instances
-      // used to support this config. If not set, VMs will run with a
+      // Email address of the service account used on VM instances
+      // used to support this configuration. If not set, VMs run with a
       // Google-managed service account. This service account must have
-      // permission to pull the specified container image, otherwise the image
+      // permission to pull the specified container image; otherwise, the image
       // must be publicly accessible.
       string service_account = 2;
 
       // Network tags to add to the Compute Engine machines backing the
       // Workstations.
       repeated string tags = 4;
 
-      // Number of instances to pool for faster workstation starup.
+      // Number of instances to pool for faster workstation startup.
       int32 pool_size = 5;
 
+      // Output only. Number of instances currently available in the pool for
+      // faster workstation startup.
+      int32 pooled_instances = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
+
       // Whether instances have no public IP address.
       bool disable_public_ip_addresses = 6;
 
@@ -493,7 +503,7 @@ message WorkstationConfig {
   // A Docker container.
   message Container {
     // Docker image defining the container. This image must be accessible by the
-    // config's service account.
+    // service account specified in the workstation configuration.
     string image = 1;
 
     // If set, overrides the default ENTRYPOINT specified by the image.
@@ -502,7 +512,7 @@ message WorkstationConfig {
     // Arguments passed to the entrypoint.
     repeated string args = 3;
 
-    // Environment variables passed to the container.
+    // Environment variables passed to the container's entrypoint.
     map<string, string> env = 4;
 
     // If set, overrides the default DIR specified by the image.
@@ -515,18 +525,19 @@ message WorkstationConfig {
   // A customer-managed encryption key for the Compute Engine resources
   // of this workstation configuration.
   message CustomerEncryptionKey {
-    // The name of the Google Cloud KMS encryption key. For example,
+    // Immutable. The name of the Google Cloud KMS encryption key. For example,
     // `projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME`.
-    string kms_key = 1;
+    string kms_key = 1 [(google.api.field_behavior) = IMMUTABLE];
 
-    // The service account to use with the specified
+    // Immutable. The service account to use with the specified
     // KMS key. We recommend that you use a separate service account
     // and follow KMS best practices. For more information, see
     // [Separation of
     // duties](https://cloud.google.com/kms/docs/separation-of-duties) and
     // `gcloud kms keys add-iam-policy-binding`
     // [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).
-    string kms_key_service_account = 2;
+    string kms_key_service_account = 2
+        [(google.api.field_behavior) = IMMUTABLE];
   }
 
   // Full name of this resource.
@@ -562,7 +573,7 @@ message WorkstationConfig {
       [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Checksum computed by the server. May be sent on update and delete requests
-  // to ensure that the client has an up-to-date value before proceeding.
+  // to make sure that the client has an up-to-date value before proceeding.
   string etag = 9;
 
   // How long to wait before automatically stopping an instance that hasn't
@@ -586,7 +597,7 @@ message WorkstationConfig {
   // when that workstation is started.
   Container container = 14;
 
-  // Encrypts resources of this workstation configuration using a
+  // Immutable. Encrypts resources of this workstation configuration using a
   // customer-managed encryption key.
   //
   // If specified, the boot disk of the Compute Engine instance and the
@@ -602,7 +613,10 @@ message WorkstationConfig {
   //
   // If the encryption key is revoked, the workstation session will
   // automatically be stopped within 7 hours.
-  CustomerEncryptionKey encryption_key = 17;
+  //
+  // Immutable after the workstation configuration is created.
+  CustomerEncryptionKey encryption_key = 17
+      [(google.api.field_behavior) = IMMUTABLE];
 
   // Output only. Whether this resource is degraded, in which case it may
   // require user action to restore full functionality. See also the
@@ -675,7 +689,7 @@ message Workstation {
       [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Checksum computed by the server. May be sent on update and delete requests
-  // to ensure that the client has an up-to-date value before proceeding.
+  // to make sure that the client has an up-to-date value before proceeding.
   string etag = 9;
 
   // Output only. Current state of the workstation.
@@ -786,7 +800,7 @@ message DeleteWorkstationClusterRequest {
   bool validate_only = 2;
 
   // If set, the request will be rejected if the latest version of the
-  // workstation cluster on the server does not have this etag.
+  // workstation cluster on the server does not have this ETag.
   string etag = 3;
 
   // If set, any workstation configurations and workstations in the
@@ -876,7 +890,7 @@ message CreateWorkstationConfigRequest {
     }
   ];
 
-  // Required. ID to use for the config.
+  // Required. ID to use for the workstation configuration.
   string workstation_config_id = 2 [(google.api.field_behavior) = REQUIRED];
 
   // Required. Config to create.
@@ -894,22 +908,24 @@ message UpdateWorkstationConfigRequest {
   WorkstationConfig workstation_config = 1
       [(google.api.field_behavior) = REQUIRED];
 
-  // Required. Mask specifying which fields in the config should be updated.
+  // Required. Mask specifying which fields in the workstation configuration
+  // should be updated.
   google.protobuf.FieldMask update_mask = 2
       [(google.api.field_behavior) = REQUIRED];
 
   // If set, validate the request and preview the review, but do not actually
   // apply it.
   bool validate_only = 3;
 
-  // If set, and the config is not found, a new config will be created.
-  // In this situation, update_mask is ignored.
+  // If set and the workstation configuration is not found, a new
+  // workstation configuration will be created. In this situation,
+  // update_mask is ignored.
   bool allow_missing = 4;
 }
 
 // Message for deleting a workstation configuration.
 message DeleteWorkstationConfigRequest {
-  // Required. Name of the config to delete.
+  // Required. Name of the workstation configuration to delete.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -921,12 +937,13 @@ message DeleteWorkstationConfigRequest {
   // apply it.
   bool validate_only = 2;
 
-  // If set, the request will be rejected if the latest version of the config on
-  // the server does not have this etag.
+  // If set, the request is rejected if the latest version of the
+  // workstation configuration on the server does not have this ETag.
   string etag = 3;
 
-  // If set, any Workstations in the config will also be deleted. Otherwise,
-  // the request will work only if the config has no workstations.
+  // If set, any workstations in the workstation configuration are also deleted.
+  // Otherwise, the request works only if the workstation configuration has
+  // no workstations.
   bool force = 4;
 }
 
@@ -1027,16 +1044,18 @@ message UpdateWorkstationRequest {
   // Required. Workstation to update.
   Workstation workstation = 1 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. Mask specifying which fields in the config should be updated.
+  // Required. Mask specifying which fields in the workstation configuration
+  // should be updated.
   google.protobuf.FieldMask update_mask = 2
       [(google.api.field_behavior) = REQUIRED];
 
   // If set, validate the request and preview the review, but do not actually
   // apply it.
   bool validate_only = 3;
 
-  // If set, and the config is not found, a new config will be created.
-  // In this situation, update_mask is ignored.
+  // If set and the workstation configuration is not found, a new
+  // workstation configuration is created. In this situation, update_mask
+  // is ignored.
   bool allow_missing = 4;
 }
 
@@ -1055,7 +1074,7 @@ message DeleteWorkstationRequest {
   bool validate_only = 2;
 
   // If set, the request will be rejected if the latest version of the
-  // workstation on the server does not have this etag.
+  // workstation on the server does not have this ETag.
   string etag = 3;
 }
 
@@ -1074,7 +1093,7 @@ message StartWorkstationRequest {
   bool validate_only = 2;
 
   // If set, the request will be rejected if the latest version of the
-  // workstation on the server does not have this etag.
+  // workstation on the server does not have this ETag.
   string etag = 3;
 }
 
@@ -1093,7 +1112,7 @@ message StopWorkstationRequest {
   bool validate_only = 2;
 
   // If set, the request will be rejected if the latest version of the
-  // workstation on the server does not have this etag.
+  // workstation on the server does not have this ETag.
   string etag = 3;
 }
 
@@ -1127,7 +1146,7 @@ message GenerateAccessTokenRequest {
 message GenerateAccessTokenResponse {
   // The generated bearer access token. To use this token, include it in an
   // Authorization header of an HTTP request sent to the associated
-  // workstation's hostname, for example, `Authorization: Bearer
+  // workstation's hostname—for example, `Authorization: Bearer
   // <access_token>`.
   string access_token = 1;