diff --git a/.ci/gcb-push-downstream.yml b/.ci/gcb-push-downstream.yml index 3794feccf8bd..f03700d5d44a 100644 --- a/.ci/gcb-push-downstream.yml +++ b/.ci/gcb-push-downstream.yml @@ -35,7 +35,7 @@ steps: id: tpg-sync waitFor: ["build-magician-binary"] args: - - wait-for-commit + - 'wait-for-commit' - 'tpg-sync' - $BRANCH_NAME - $COMMIT_SHA @@ -46,7 +46,7 @@ steps: id: tpgb-sync waitFor: ["build-magician-binary"] args: - - wait-for-commit + - 'wait-for-commit' - 'tpgb-sync' - $BRANCH_NAME - $COMMIT_SHA @@ -57,7 +57,7 @@ steps: id: tgc-sync waitFor: ["build-magician-binary"] args: - - wait-for-commit + - 'wait-for-commit' - 'tgc-sync' - $BRANCH_NAME - $COMMIT_SHA @@ -68,7 +68,7 @@ steps: id: tf-oics-sync waitFor: ["build-magician-binary"] args: - - wait-for-commit + - 'wait-for-commit' - 'tf-oics-sync' - $BRANCH_NAME - $COMMIT_SHA @@ -88,18 +88,15 @@ steps: - 'ga' - $COMMIT_SHA - - name: 'gcr.io/cloud-builders/git' + - name: 'gcr.io/graphite-docker-images/go-plus' waitFor: ["tpg-push"] secretEnv: ["GITHUB_TOKEN_CLASSIC"] - entrypoint: 'bash' + entrypoint: '/workspace/.ci/scripts/go-plus/magician/exec.sh' args: - - -c - - | - if [ "$BRANCH_NAME" == "main" ]; then - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tpg-sync - else - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tpg-sync-$BRANCH_NAME - fi + - 'sync-branch' + - 'tpg-sync' + - $BRANCH_NAME + - $COMMIT_SHA # TPGB - name: 'gcr.io/graphite-docker-images/build-environment' @@ -116,18 +113,15 @@ steps: - 'beta' - $COMMIT_SHA - - name: 'gcr.io/cloud-builders/git' + - name: 'gcr.io/graphite-docker-images/go-plus' waitFor: ["tpgb-push"] secretEnv: ["GITHUB_TOKEN_CLASSIC"] - entrypoint: 'bash' + entrypoint: '/workspace/.ci/scripts/go-plus/magician/exec.sh' args: - - -c - - | - if [ "$BRANCH_NAME" == "main" ]; then - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tpgb-sync - else - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tpgb-sync-$BRANCH_NAME - fi + - 'sync-branch' + - 'tpgb-sync' + - $BRANCH_NAME + - $COMMIT_SHA # TGC - name: 'gcr.io/graphite-docker-images/build-environment' @@ -144,18 +138,15 @@ steps: - 'beta' - $COMMIT_SHA - - name: 'gcr.io/cloud-builders/git' + - name: 'gcr.io/graphite-docker-images/go-plus' waitFor: ["tgc-push"] secretEnv: ["GITHUB_TOKEN_CLASSIC"] - entrypoint: 'bash' + entrypoint: '/workspace/.ci/scripts/go-plus/magician/exec.sh' args: - - -c - - | - if [ "$BRANCH_NAME" == "main" ]; then - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tgc-sync - else - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tgc-sync-$BRANCH_NAME - fi + - 'sync-branch' + - 'tgc-sync' + - $BRANCH_NAME + - $COMMIT_SHA # TF-OICS - name: 'gcr.io/graphite-docker-images/build-environment' @@ -172,18 +163,15 @@ steps: - 'beta' - $COMMIT_SHA - - name: 'gcr.io/cloud-builders/git' + - name: 'gcr.io/graphite-docker-images/go-plus' waitFor: ["tf-oics-push"] secretEnv: ["GITHUB_TOKEN_CLASSIC"] - entrypoint: 'bash' + entrypoint: '/workspace/.ci/scripts/go-plus/magician/exec.sh' args: - - -c - - | - if [ "$BRANCH_NAME" == "main" ]; then - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tf-oics-sync - else - git push https://modular-magician:$$GITHUB_TOKEN_CLASSIC@github.com/GoogleCloudPlatform/magic-modules $COMMIT_SHA:tf-oics-sync-$BRANCH_NAME - fi + - 'sync-branch' + - 'tf-oics-sync' + - $BRANCH_NAME + - $COMMIT_SHA - name: 'gcr.io/graphite-docker-images/go-plus' entrypoint: '/workspace/.ci/scripts/go-plus/magician/exec.sh' diff --git a/.ci/magician/cmd/DIFF_COMMENT.md b/.ci/magician/cmd/DIFF_COMMENT.md index 99095de696bd..02a145bc402c 100644 --- a/.ci/magician/cmd/DIFF_COMMENT.md +++ b/.ci/magician/cmd/DIFF_COMMENT.md @@ -24,7 +24,22 @@ If you believe this detection to be incorrect please raise the concern with your If you intend to make this change you will need to wait for a [major release](https://www.terraform.io/plugin/sdkv2/best-practices/versioning#example-major-number-increments) window. An `override-breaking-change` label can be added to allow merging. {{end}} -{{.MissingTests}} + +{{if gt (len .MissingTests) 0}} +## Missing test report +Your PR includes resource fields which are not covered by any test. +{{ range $resourceName, $missingTestInfo := .MissingTests }} +Resource: `{{ $resourceName }}` ({{ len $missingTestInfo.Tests }} total tests) +Please add an acceptance test which includes these fields. The test should include the following: + +```hcl +{{ $missingTestInfo.SuggestedTest }} + +``` + +{{- end }} +{{end}} + {{- $errorsLength := len .Errors}} {{- if gt $errorsLength 0}} ## Errors diff --git a/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_CONTRIBUTOR.md.tmpl b/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_CONTRIBUTOR.md.tmpl index beca1ba5bfd2..62b5ef2fba2e 100644 --- a/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_CONTRIBUTOR.md.tmpl +++ b/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_CONTRIBUTOR.md.tmpl @@ -1,5 +1,5 @@ {{ if lt .SinceDays 30 -}} -@{{.PullRequest.User.Login}}, this PR is waiting for action from you. Please address any comments or change requests, or [re-request review](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review) from a core reviewer if no action is required. +@{{.User}}, this PR is waiting for action from you. Please address any comments or change requests, or [re-request review](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review) from a core reviewer if no action is required. ![Image showing the re-request review button](https://docs.github.com/assets/cb-28785/mw-1440/images/help/pull_requests/request-re-review.webp) @@ -10,5 +10,5 @@ If no action is taken, this PR will be closed in This notification can be disabled with the `disable-automatic-closure` label. {{ else -}} -@{{.PullRequest.User.Login}}, this PR is being closed due to inactivity. +@{{.User}}, this PR is being closed due to inactivity. {{ end -}} \ No newline at end of file diff --git a/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_MERGE.md.tmpl b/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_MERGE.md.tmpl index c436f97cae76..bcbacfeb4394 100644 --- a/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_MERGE.md.tmpl +++ b/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_MERGE.md.tmpl @@ -1 +1 @@ -This PR is approved and has been waiting for merge for {{if eq .SinceDays 5}}1 week{{else}}{{weekdaysToWeeks .SinceDays}} weeks{{end}}. Is it ready to merge? Use the label `disable-review-reminders` to disable these notifications. \ No newline at end of file +{{range .CoreReviewers}}@{{ . }} {{end}}This PR is approved and has been waiting for merge for {{if eq .SinceDays 5}}1 week{{else}}{{weekdaysToWeeks .SinceDays}} weeks{{end}}. Is it ready to merge? Use the label `disable-review-reminders` to disable these notifications. \ No newline at end of file diff --git a/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_REVIEW.md.tmpl b/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_REVIEW.md.tmpl index 3d58a5984780..83f1fab90359 100644 --- a/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_REVIEW.md.tmpl +++ b/.ci/magician/cmd/SCHEDULED_PR_WAITING_FOR_REVIEW.md.tmpl @@ -1 +1 @@ -{{if ge .SinceDays 5}}@GoogleCloudPlatform/terraform-team {{end}}This PR has been waiting for review for {{if lt .SinceDays 5}}{{.SinceDays}} weekdays{{else if eq .SinceDays 5}}1 week{{else}}{{weekdaysToWeeks .SinceDays}} weeks{{end}}. Please take a look! Use the label `disable-review-reminders` to disable these notifications. \ No newline at end of file +{{if ge .SinceDays 5}}@GoogleCloudPlatform/terraform-team {{end}}{{range .CoreReviewers}}@{{ . }} {{end}}This PR has been waiting for review for {{if lt .SinceDays 5}}{{.SinceDays}} weekdays{{else if eq .SinceDays 5}}1 week{{else}}{{weekdaysToWeeks .SinceDays}} weeks{{end}}. Please take a look! Use the label `disable-review-reminders` to disable these notifications. \ No newline at end of file diff --git a/.ci/magician/cmd/check_cassettes.go b/.ci/magician/cmd/check_cassettes.go index e19f3f7c9ef3..87e8cf746765 100644 --- a/.ci/magician/cmd/check_cassettes.go +++ b/.ci/magician/cmd/check_cassettes.go @@ -43,37 +43,33 @@ var checkCassettesCmd = &cobra.Command{ ` + listCCEnvironmentVariables() + ` It prints a list of tests that failed in replaying mode along with all test output.`, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { env := make(map[string]string, len(ccEnvironmentVariables)) for _, ev := range ccEnvironmentVariables { val, ok := os.LookupEnv(ev) if !ok { - fmt.Printf("Did not provide %s environment variable\n", ev) - os.Exit(1) + return fmt.Errorf("did not provide %s environment variable", ev) } env[ev] = val } githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_DOWNSTREAMS") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_DOWNSTREAMS or GITHUB_TOKEN environment variables") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_DOWNSTREAMS or GITHUB_TOKEN environment variables") } rnr, err := exec.NewRunner() if err != nil { - fmt.Println("Error creating Runner: ", err) - os.Exit(1) + return fmt.Errorf("error creating Runner: %w", err) } ctlr := source.NewController(env["GOPATH"], "modular-magician", githubToken, rnr) vt, err := vcr.NewTester(env, rnr) if err != nil { - fmt.Println("Error creating VCR tester: ", err) - os.Exit(1) + return fmt.Errorf("error creating VCR tester: %w", err) } - execCheckCassettes(env["COMMIT_SHA"], vt, ctlr) + return execCheckCassettes(env["COMMIT_SHA"], vt, ctlr) }, } @@ -93,10 +89,9 @@ func listCCEnvironmentVariables() string { return result } -func execCheckCassettes(commit string, vt *vcr.Tester, ctlr *source.Controller) { +func execCheckCassettes(commit string, vt *vcr.Tester, ctlr *source.Controller) error { if err := vt.FetchCassettes(provider.Beta, "main", ""); err != nil { - fmt.Println("Error fetching cassettes: ", err) - os.Exit(1) + return fmt.Errorf("error fetching cassettes: %w", err) } providerRepo := &source.Repo{ @@ -105,8 +100,7 @@ func execCheckCassettes(commit string, vt *vcr.Tester, ctlr *source.Controller) } ctlr.SetPath(providerRepo) if err := ctlr.Clone(providerRepo); err != nil { - fmt.Println("Error cloning provider: ", err) - os.Exit(1) + return fmt.Errorf("error cloning provider: %w", err) } vt.SetRepoPath(provider.Beta, providerRepo.Path) @@ -115,8 +109,7 @@ func execCheckCassettes(commit string, vt *vcr.Tester, ctlr *source.Controller) fmt.Println("Error running VCR: ", err) } if err := vt.UploadLogs("vcr-check-cassettes", "", "", false, false, vcr.Replaying, provider.Beta); err != nil { - fmt.Println("Error uploading logs: ", err) - os.Exit(1) + return fmt.Errorf("error uploading logs: %w", err) } fmt.Println(len(result.FailedTests), " failed tests: ", result.FailedTests) // TODO(trodge) report these failures to bigquery @@ -124,9 +117,9 @@ func execCheckCassettes(commit string, vt *vcr.Tester, ctlr *source.Controller) fmt.Println(len(result.SkippedTests), " skipped tests: ", result.SkippedTests) if err := vt.Cleanup(); err != nil { - fmt.Println("Error cleaning up vcr tester: ", err) - os.Exit(1) + return fmt.Errorf("error cleaning up vcr tester: %w", err) } + return nil } func init() { diff --git a/.ci/magician/cmd/community_checker.go b/.ci/magician/cmd/community_checker.go index 2834009a5ebb..f86aabdfba58 100644 --- a/.ci/magician/cmd/community_checker.go +++ b/.ci/magician/cmd/community_checker.go @@ -19,7 +19,6 @@ import ( "fmt" "magician/cloudbuild" "magician/github" - "os" "github.com/spf13/cobra" ) @@ -42,7 +41,7 @@ var communityApprovalCmd = &cobra.Command{ 1. Trigger cloud presubmits with specific substitutions for the PR. 2. Remove the 'awaiting-approval' label from the PR. `, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { prNumber := args[0] fmt.Println("PR Number: ", prNumber) @@ -63,16 +62,15 @@ var communityApprovalCmd = &cobra.Command{ githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_MAGIC_MODULES") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") } gh := github.NewClient(githubToken) cb := cloudbuild.NewClient() - execCommunityChecker(prNumber, commitSha, branchName, headRepoUrl, headBranch, baseBranch, gh, cb) + return execCommunityChecker(prNumber, commitSha, branchName, headRepoUrl, headBranch, baseBranch, gh, cb) }, } -func execCommunityChecker(prNumber, commitSha, branchName, headRepoUrl, headBranch, baseBranch string, gh GithubClient, cb CloudbuildClient) { +func execCommunityChecker(prNumber, commitSha, branchName, headRepoUrl, headBranch, baseBranch string, gh GithubClient, cb CloudbuildClient) error { substitutions := map[string]string{ "BRANCH_NAME": branchName, "_PR_NUMBER": prNumber, @@ -85,13 +83,13 @@ func execCommunityChecker(prNumber, commitSha, branchName, headRepoUrl, headBran // (explicitly or via membership-checker) err := cb.TriggerMMPresubmitRuns(commitSha, substitutions) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } // in community-checker job: // remove awaiting-approval label from external contributor PRs gh.RemoveLabel(prNumber, "awaiting-approval") + return nil } func init() { diff --git a/.ci/magician/cmd/generate_comment.go b/.ci/magician/cmd/generate_comment.go index a8dccbf2435a..68ef979a882e 100644 --- a/.ci/magician/cmd/generate_comment.go +++ b/.ci/magician/cmd/generate_comment.go @@ -55,6 +55,11 @@ type BreakingChange struct { DocumentationReference string } +type MissingTestInfo struct { + SuggestedTest string + Tests []string +} + type Errors struct { Title string Errors []string @@ -64,7 +69,7 @@ type diffCommentData struct { PrNumber int Diffs []Diff BreakingChanges []BreakingChange - MissingTests string + MissingTests map[string]*MissingTestInfo Errors []Errors } @@ -97,13 +102,12 @@ var generateCommentCmd = &cobra.Command{ 5. Report the results in a PR comment. 6. Run unit tests for the missing test detector. `, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { env := make(map[string]string, len(gcEnvironmentVariables)) for _, ev := range gcEnvironmentVariables { val, ok := os.LookupEnv(ev) if !ok { - fmt.Printf("Did not provide %s environment variable\n", ev) - os.Exit(1) + return fmt.Errorf("did not provide %s environment variable", ev) } env[ev] = val } @@ -111,24 +115,21 @@ var generateCommentCmd = &cobra.Command{ for _, tokenName := range []string{"GITHUB_TOKEN_DOWNSTREAMS", "GITHUB_TOKEN_MAGIC_MODULES"} { val, ok := lookupGithubTokenOrFallback(tokenName) if !ok { - fmt.Printf("Did not provide %s or GITHUB_TOKEN environment variable\n", tokenName) - os.Exit(1) + return fmt.Errorf("did not provide %s or GITHUB_TOKEN environment variable", tokenName) } env[tokenName] = val } gh := github.NewClient(env["GITHUB_TOKEN_MAGIC_MODULES"]) rnr, err := exec.NewRunner() if err != nil { - fmt.Println("Error creating a runner: ", err) - os.Exit(1) + return fmt.Errorf("error creating a runner: %w", err) } ctlr := source.NewController(filepath.Join("workspace", "go"), "modular-magician", env["GITHUB_TOKEN_DOWNSTREAMS"], rnr) prNumber, err := strconv.Atoi(env["PR_NUMBER"]) if err != nil { - fmt.Println("Error parsing PR_NUMBER: ", err) - os.Exit(1) + return fmt.Errorf("error parsing PR_NUMBER: %w", err) } - execGenerateComment( + return execGenerateComment( prNumber, env["GITHUB_TOKEN_MAGIC_MODULES"], env["BUILD_ID"], @@ -150,7 +151,7 @@ func listGCEnvironmentVariables() string { return result } -func execGenerateComment(prNumber int, ghTokenMagicModules, buildId, buildStep, projectId, commitSha string, gh GithubClient, rnr ExecRunner, ctlr *source.Controller) { +func execGenerateComment(prNumber int, ghTokenMagicModules, buildId, buildStep, projectId, commitSha string, gh GithubClient, rnr ExecRunner, ctlr *source.Controller) error { errors := map[string][]string{"Other": []string{}} pullRequest, err := gh.GetPullRequest(strconv.Itoa(prNumber)) @@ -387,15 +388,14 @@ func execGenerateComment(prNumber int, ghTokenMagicModules, buildId, buildStep, // Post diff comment message, err := formatDiffComment(data) if err != nil { - fmt.Println("Error formatting message: ", err) fmt.Printf("Data: %v\n", data) - os.Exit(1) + return fmt.Errorf("error formatting message: %w", err) } if err := gh.PostComment(strconv.Itoa(prNumber), message); err != nil { - fmt.Printf("Error posting comment to PR %d: %v\n", prNumber, err) fmt.Println("Comment: ", message) - os.Exit(1) + return fmt.Errorf("error posting comment to PR %d: %w", prNumber, err) } + return nil } // Build the diff processor for tpg or tpgb @@ -465,17 +465,21 @@ func changedSchemaResources(diffProcessorPath string, rnr ExecRunner) ([]string, // Run the missing test detector and return the results. // Returns an empty string unless there are missing tests. // Error will be nil unless an error occurs during setup. -func detectMissingTests(diffProcessorPath, tpgbLocalPath string, rnr ExecRunner) (string, error) { +func detectMissingTests(diffProcessorPath, tpgbLocalPath string, rnr ExecRunner) (map[string]*MissingTestInfo, error) { if err := rnr.PushDir(diffProcessorPath); err != nil { - return "", err + return nil, err } output, err := rnr.Run("bin/diff-processor", []string{"detect-missing-tests", fmt.Sprintf("%s/google-beta/services", tpgbLocalPath)}, nil) if err != nil { - return "", err + return nil, err } - return output, rnr.PopDir() + var missingTests map[string]*MissingTestInfo + if err = json.Unmarshal([]byte(output), &missingTests); err != nil { + return nil, err + } + return missingTests, rnr.PopDir() } func formatDiffComment(data diffCommentData) (string, error) { diff --git a/.ci/magician/cmd/generate_comment_test.go b/.ci/magician/cmd/generate_comment_test.go index 91180c26369b..a246dac83b17 100644 --- a/.ci/magician/cmd/generate_comment_test.go +++ b/.ci/magician/cmd/generate_comment_test.go @@ -105,7 +105,7 @@ func TestExecGenerateComment(t *testing.T) { for method, expectedCalls := range map[string][][]any{ "PostBuildStatus": {{"123456", "terraform-provider-breaking-change-test", "success", "https://console.cloud.google.com/cloud-build/builds;region=global/build1;step=17?project=project1", "sha1"}}, - "PostComment": {{"123456", "Hi there, I'm the Modular magician. I've detected the following information about your changes:\n\n## Diff report\n\nYour PR generated some diffs in downstreams - here they are.\n\n`google` provider: [Diff](https://github.com/modular-magician/terraform-provider-google/compare/auto-pr-123456-old..auto-pr-123456) ( 2 files changed, 40 insertions(+))\n`google-beta` provider: [Diff](https://github.com/modular-magician/terraform-provider-google-beta/compare/auto-pr-123456-old..auto-pr-123456) ( 2 files changed, 40 insertions(+))\n`terraform-google-conversion`: [Diff](https://github.com/modular-magician/terraform-google-conversion/compare/auto-pr-123456-old..auto-pr-123456) ( 1 file changed, 10 insertions(+))\n\n## Missing test report\nYour PR includes resource fields which are not covered by any test.\n\nResource: `google_folder_access_approval_settings` (3 total tests)\nPlease add an acceptance test which includes these fields. The test should include the following:\n\n```hcl\nresource \"google_folder_access_approval_settings\" \"primary\" {\n uncovered_field = # value needed\n}\n\n```\n"}}, + "PostComment": {{"123456", "Hi there, I'm the Modular magician. I've detected the following information about your changes:\n\n## Diff report\n\nYour PR generated some diffs in downstreams - here they are.\n\n`google` provider: [Diff](https://github.com/modular-magician/terraform-provider-google/compare/auto-pr-123456-old..auto-pr-123456) ( 2 files changed, 40 insertions(+))\n`google-beta` provider: [Diff](https://github.com/modular-magician/terraform-provider-google-beta/compare/auto-pr-123456-old..auto-pr-123456) ( 2 files changed, 40 insertions(+))\n`terraform-google-conversion`: [Diff](https://github.com/modular-magician/terraform-google-conversion/compare/auto-pr-123456-old..auto-pr-123456) ( 1 file changed, 10 insertions(+))\n\n\n\n## Missing test report\nYour PR includes resource fields which are not covered by any test.\n\nResource: `google_folder_access_approval_settings` (3 total tests)\nPlease add an acceptance test which includes these fields. The test should include the following:\n\n```hcl\nresource \"google_folder_access_approval_settings\" \"primary\" {\n uncovered_field = # value needed\n}\n\n```\n"}}, "AddLabels": {{"123456", []string{"service/alloydb"}}}, } { if actualCalls, ok := gh.calledMethods[method]; !ok { @@ -214,7 +214,12 @@ func TestFormatDiffComment(t *testing.T) { }, "missing tests are displayed": { data: diffCommentData{ - MissingTests: "## Missing test report", + MissingTests: map[string]*MissingTestInfo{ + "resource": { + Tests: []string{"test-a", "test-b"}, + SuggestedTest: "x", + }, + }, }, expectedStrings: []string{ "## Diff report", diff --git a/.ci/magician/cmd/generate_downstream.go b/.ci/magician/cmd/generate_downstream.go index 8cdeeccd99e4..64ef6857f538 100644 --- a/.ci/magician/cmd/generate_downstream.go +++ b/.ci/magician/cmd/generate_downstream.go @@ -41,13 +41,12 @@ var generateDownstreamCmd = &cobra.Command{ The following environment variables should be set: ` + listGDEnvironmentVariables(), - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { env := make(map[string]string, len(gdEnvironmentVariables)) for _, ev := range gdEnvironmentVariables { val, ok := os.LookupEnv(ev) if !ok { - fmt.Printf("Did not provide %s environment variable\n", ev) - os.Exit(1) + return fmt.Errorf("did not provide %s environment variable", ev) } env[ev] = val } @@ -65,28 +64,24 @@ var generateDownstreamCmd = &cobra.Command{ gh := github.NewClient(githubToken) rnr, err := exec.NewRunner() if err != nil { - fmt.Println("Error creating a runner: ", err) - os.Exit(1) + return fmt.Errorf("error creating a runner: %w", err) } ctlr := source.NewController(env["GOPATH"], "modular-magician", githubToken, rnr) oldToken := os.Getenv("GITHUB_TOKEN") if err := os.Setenv("GITHUB_TOKEN", githubToken); err != nil { - fmt.Println("Error setting GITHUB_TOKEN environment variable: ", err) - os.Exit(1) + return fmt.Errorf("error setting GITHUB_TOKEN environment variable: %w", err) } defer func() { if err := os.Setenv("GITHUB_TOKEN", oldToken); err != nil { fmt.Println("Error setting GITHUB_TOKEN environment variable: ", err) - os.Exit(1) } }() if len(args) != 4 { - fmt.Printf("Wrong number of arguments %d, expected 4\n", len(args)) - os.Exit(1) + return fmt.Errorf("wrong number of arguments %d, expected 4", len(args)) } - execGenerateDownstream(env["BASE_BRANCH"], args[0], args[1], args[2], args[3], gh, rnr, ctlr) + return execGenerateDownstream(env["BASE_BRANCH"], args[0], args[1], args[2], args[3], gh, rnr, ctlr) }, } @@ -98,16 +93,34 @@ func listGDEnvironmentVariables() string { return result } -func execGenerateDownstream(baseBranch, command, repo, version, ref string, gh GithubClient, rnr ExecRunner, ctlr *source.Controller) { +func execGenerateDownstream(baseBranch, command, repo, version, ref string, gh GithubClient, rnr ExecRunner, ctlr *source.Controller) error { if baseBranch == "" { baseBranch = "main" } + if command == "downstream" { + var syncBranchPrefix string + if repo == "terraform" { + if version == "beta" { + syncBranchPrefix = "tpgb-sync" + } else if version == "ga" { + syncBranchPrefix = "tpg-sync" + } + } else if repo == "terraform-google-conversion" { + syncBranchPrefix = "tgc-sync" + } else if repo == "tf-oics" { + syncBranchPrefix = "tf-oics-sync" + } + syncBranch := getSyncBranch(syncBranchPrefix, baseBranch) + if syncBranchHasCommit(ref, syncBranch, rnr) { + fmt.Printf("Sync branch %s already has commit %s, skipping generation\n", syncBranch, ref) + os.Exit(0) + } + } mmLocalPath := filepath.Join(rnr.GetCWD(), "..", "..") mmCopyPath := filepath.Join(mmLocalPath, "..", fmt.Sprintf("mm-%s-%s-%s", repo, version, command)) if _, err := rnr.Run("cp", []string{"-rp", mmLocalPath, mmCopyPath}, nil); err != nil { - fmt.Println("Error copying magic modules: ", err) - os.Exit(1) + return fmt.Errorf("error copying magic modules: %w", err) } mmRepo := &source.Repo{ Name: "magic-modules", @@ -116,36 +129,30 @@ func execGenerateDownstream(baseBranch, command, repo, version, ref string, gh G downstreamRepo, scratchRepo, commitMessage, err := cloneRepo(mmRepo, baseBranch, repo, version, command, ref, rnr, ctlr) if err != nil { - fmt.Println("Error cloning repo: ", err) - os.Exit(1) + return fmt.Errorf("error cloning repo: %w", err) } if err := rnr.PushDir(mmCopyPath); err != nil { - fmt.Println("Error changing directory to copied magic modules: ", err) - os.Exit(1) + return fmt.Errorf("error changing directory to copied magic modules: %w", err) } if err := setGitConfig(rnr); err != nil { - fmt.Println("Error setting config: ", err) - os.Exit(1) + return fmt.Errorf("error setting config: %w", err) } if err := runMake(downstreamRepo, command, rnr); err != nil { - fmt.Println("Error running make: ", err) - os.Exit(1) + return fmt.Errorf("error running make: %w", err) } var pullRequest *github.PullRequest if command == "downstream" { pullRequest, err = getPullRequest(baseBranch, ref, gh) if err != nil { - fmt.Println("Error getting pull request: ", err) - os.Exit(1) + return fmt.Errorf("error getting pull request: %w", err) } if repo == "terraform" { - if err := addChangelogEntry(pullRequest, rnr); err != nil { - fmt.Println("Error adding changelog entry: ", err) - os.Exit(1) + if err := addChangelogEntry(scratchRepo, pullRequest, rnr); err != nil { + return fmt.Errorf("error adding changelog entry: %w", err) } } } @@ -153,19 +160,21 @@ func execGenerateDownstream(baseBranch, command, repo, version, ref string, gh G scratchCommitSha, commitErr := createCommit(scratchRepo, commitMessage, rnr) if commitErr != nil { fmt.Println("Error creating commit: ", commitErr) + if !strings.Contains(commitErr.Error(), "nothing to commit") { + return fmt.Errorf("error creating commit: %w", commitErr) + } } if _, err := rnr.Run("git", []string{"push", ctlr.URL(scratchRepo), scratchRepo.Branch, "-f"}, nil); err != nil { - fmt.Println("Error pushing commit: ", err) - os.Exit(1) + return fmt.Errorf("error pushing commit: %w", err) } if commitErr == nil && command == "downstream" { if err := mergePullRequest(downstreamRepo, scratchRepo, scratchCommitSha, pullRequest, rnr, gh); err != nil { - fmt.Println("Error merging pull request: ", err) - os.Exit(1) + return fmt.Errorf("error merging pull request: %w", err) } } + return nil } func cloneRepo(mmRepo *source.Repo, baseBranch, repo, version, command, ref string, rnr ExecRunner, ctlr *source.Controller) (*source.Repo, *source.Repo, string, error) { @@ -320,8 +329,7 @@ func createCommit(scratchRepo *source.Repo, commitMessage string, rnr ExecRunner commitSha, err := rnr.Run("git", []string{"rev-parse", "HEAD"}, nil) if err != nil { - fmt.Println("Error retrieving commit sha: ", err) - os.Exit(1) + return "", fmt.Errorf("error retrieving commit sha: %w", err) } commitSha = strings.TrimSpace(commitSha) @@ -330,12 +338,15 @@ func createCommit(scratchRepo *source.Repo, commitMessage string, rnr ExecRunner return commitSha, err } -func addChangelogEntry(pullRequest *github.PullRequest, rnr ExecRunner) error { +func addChangelogEntry(downstreamRepo *source.Repo, pullRequest *github.PullRequest, rnr ExecRunner) error { + if err := rnr.PushDir(downstreamRepo.Path); err != nil { + return err + } rnr.Mkdir(".changelog") if err := rnr.WriteFile(filepath.Join(".changelog", fmt.Sprintf("%d.txt", pullRequest.Number)), strings.Join(changelogExp.FindAllString(pullRequest.Body, -1), "\n")); err != nil { return err } - return nil + return rnr.PopDir() } func mergePullRequest(downstreamRepo, scratchRepo *source.Repo, scratchRepoSha string, pullRequest *github.PullRequest, rnr ExecRunner, gh GithubClient) error { diff --git a/.ci/magician/cmd/membership_checker.go b/.ci/magician/cmd/membership_checker.go index 12a7a020ff02..7e149a122dad 100644 --- a/.ci/magician/cmd/membership_checker.go +++ b/.ci/magician/cmd/membership_checker.go @@ -19,7 +19,6 @@ import ( "fmt" "magician/cloudbuild" "magician/github" - "os" "github.com/spf13/cobra" ) @@ -45,7 +44,7 @@ var membershipCheckerCmd = &cobra.Command{ `, // This can change to cobra.ExactArgs(2) after at least a 2-week soak Args: cobra.RangeArgs(2, 6), - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { prNumber := args[0] fmt.Println("PR Number: ", prNumber) @@ -54,20 +53,18 @@ var membershipCheckerCmd = &cobra.Command{ githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_MAGIC_MODULES") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") } gh := github.NewClient(githubToken) cb := cloudbuild.NewClient() - execMembershipChecker(prNumber, commitSha, gh, cb) + return execMembershipChecker(prNumber, commitSha, gh, cb) }, } -func execMembershipChecker(prNumber, commitSha string, gh GithubClient, cb CloudbuildClient) { +func execMembershipChecker(prNumber, commitSha string, gh GithubClient, cb CloudbuildClient) error { pullRequest, err := gh.GetPullRequest(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } author := pullRequest.User.Login @@ -79,12 +76,12 @@ func execMembershipChecker(prNumber, commitSha string, gh GithubClient, cb Cloud if trusted { err = cb.ApproveCommunityChecker(prNumber, commitSha) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } } else { gh.AddLabels(prNumber, []string{"awaiting-approval"}) } + return nil } func init() { diff --git a/.ci/magician/cmd/mock_runner_test.go b/.ci/magician/cmd/mock_runner_test.go index dd06fd0f2c8a..c3a1abccbde3 100644 --- a/.ci/magician/cmd/mock_runner_test.go +++ b/.ci/magician/cmd/mock_runner_test.go @@ -71,7 +71,7 @@ func NewMockRunner() MockRunner { "/mock/dir/magic-modules/tools/diff-processor bin/diff-processor [breaking-changes] map[]": "", "/mock/dir/magic-modules/tools/diff-processor make [build] " + sortedEnvString(diffProcessorEnv): "", "/mock/dir/magic-modules/tools/diff-processor bin/diff-processor [changed-schema-resources] map[]": "[\"google_alloydb_instance\"]", - "/mock/dir/magic-modules/tools/diff-processor bin/diff-processor [detect-missing-tests /mock/dir/tpgb/google-beta/services] map[]": "## Missing test report\nYour PR includes resource fields which are not covered by any test.\n\nResource: `google_folder_access_approval_settings` (3 total tests)\nPlease add an acceptance test which includes these fields. The test should include the following:\n\n```hcl\nresource \"google_folder_access_approval_settings\" \"primary\" {\n uncovered_field = # value needed\n}\n\n```\n", + "/mock/dir/magic-modules/tools/diff-processor bin/diff-processor [detect-missing-tests /mock/dir/tpgb/google-beta/services] map[]": `{"google_folder_access_approval_settings":{"SuggestedTest":"resource \"google_folder_access_approval_settings\" \"primary\" {\n uncovered_field = # value needed\n}","Tests":["a","b","c"]}}`, "/mock/dir/tgc git [diff origin/auto-pr-123456-old origin/auto-pr-123456 --shortstat] map[]": " 1 file changed, 10 insertions(+)\n", "/mock/dir/tgc git [fetch origin auto-pr-123456-old] map[]": "", "/mock/dir/tfoics git [diff origin/auto-pr-123456-old origin/auto-pr-123456 --shortstat] map[]": "", diff --git a/.ci/magician/cmd/request_reviewer.go b/.ci/magician/cmd/request_reviewer.go index f4d2122a6424..e3981467535c 100644 --- a/.ci/magician/cmd/request_reviewer.go +++ b/.ci/magician/cmd/request_reviewer.go @@ -45,24 +45,22 @@ var requestReviewerCmd = &cobra.Command{ c. As appropriate, posts a welcome comment on the PR. `, Args: cobra.ExactArgs(1), - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { prNumber := args[0] fmt.Println("PR Number: ", prNumber) githubToken, ok := os.LookupEnv("GITHUB_TOKEN") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN environment variable") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN environment variable") } gh := github.NewClient(githubToken) - execRequestReviewer(prNumber, gh) + return execRequestReviewer(prNumber, gh) }, } -func execRequestReviewer(prNumber string, gh GithubClient) { +func execRequestReviewer(prNumber string, gh GithubClient) error { pullRequest, err := gh.GetPullRequest(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } author := pullRequest.User.Login @@ -71,14 +69,12 @@ func execRequestReviewer(prNumber string, gh GithubClient) { requestedReviewers, err := gh.GetPullRequestRequestedReviewers(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } previousReviewers, err := gh.GetPullRequestPreviousReviewers(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } reviewersToRequest, newPrimaryReviewer := github.ChooseCoreReviewers(requestedReviewers, previousReviewers) @@ -86,8 +82,7 @@ func execRequestReviewer(prNumber string, gh GithubClient) { if len(reviewersToRequest) > 0 { err = gh.RequestPullRequestReviewers(prNumber, reviewersToRequest) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } } @@ -95,11 +90,11 @@ func execRequestReviewer(prNumber string, gh GithubClient) { comment := github.FormatReviewerComment(newPrimaryReviewer) err = gh.PostComment(prNumber, comment) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } } } + return nil } func init() { diff --git a/.ci/magician/cmd/request_service_reviewers.go b/.ci/magician/cmd/request_service_reviewers.go index ed7a713b296c..267d182debd5 100644 --- a/.ci/magician/cmd/request_service_reviewers.go +++ b/.ci/magician/cmd/request_service_reviewers.go @@ -19,7 +19,6 @@ import ( "fmt" "magician/github" "math/rand" - "os" "strings" "github.com/GoogleCloudPlatform/magic-modules/tools/issue-labeler/labeler" @@ -36,17 +35,16 @@ var requestServiceReviewersCmd = &cobra.Command{ If a PR has more than 3 service labels, the command will not do anything. `, Args: cobra.ExactArgs(1), - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { prNumber := args[0] fmt.Println("PR Number: ", prNumber) githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_MAGIC_MODULES") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variable") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variable") } gh := github.NewClient(githubToken) - execRequestServiceReviewers(prNumber, gh, labeler.EnrolledTeamsYaml) + return execRequestServiceReviewers(prNumber, gh, labeler.EnrolledTeamsYaml) }, } @@ -55,29 +53,25 @@ type LabelData struct { Team string `yaml:"team,omitempty"` } -func execRequestServiceReviewers(prNumber string, gh GithubClient, enrolledTeamsYaml []byte) { +func execRequestServiceReviewers(prNumber string, gh GithubClient, enrolledTeamsYaml []byte) error { pullRequest, err := gh.GetPullRequest(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } enrolledTeams := make(map[string]LabelData) if err := yaml.Unmarshal(enrolledTeamsYaml, &enrolledTeams); err != nil { - fmt.Printf("Error unmarshalling enrolled teams yaml: %s", err) - os.Exit(1) + return fmt.Errorf("error unmarshalling enrolled teams yaml: %w", err) } requestedReviewers, err := gh.GetPullRequestRequestedReviewers(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } previousReviewers, err := gh.GetPullRequestPreviousReviewers(prNumber) if err != nil { - fmt.Println(err) - os.Exit(1) + return err } // If more than three service labels are impacted, don't request reviews. @@ -96,7 +90,7 @@ func execRequestServiceReviewers(prNumber string, gh GithubClient, enrolledTeams if teamCount > 3 { fmt.Println("Provider-wide change (>3 services impacted); not requesting service team reviews") - return + return nil } // For each service team, check if one of the team members is already a reviewer. Rerequest @@ -150,8 +144,9 @@ func execRequestServiceReviewers(prNumber string, gh GithubClient, enrolledTeams exitCode = 1 } if exitCode != 0 { - os.Exit(1) + return fmt.Errorf("exit code = %d", exitCode) } + return nil } func init() { diff --git a/.ci/magician/cmd/scheduled_pr_reminders.go b/.ci/magician/cmd/scheduled_pr_reminders.go index 7721e6dff65a..a6806c577332 100644 --- a/.ci/magician/cmd/scheduled_pr_reminders.go +++ b/.ci/magician/cmd/scheduled_pr_reminders.go @@ -49,9 +49,9 @@ var ( ) type reminderCommentData struct { - PullRequest *github.PullRequest - State pullRequestReviewState - SinceDays int + User string + SinceDays int + CoreReviewers []string } // scheduledPrReminders sends automated PR notifications and closes stale PRs @@ -63,8 +63,7 @@ var scheduledPrReminders = &cobra.Command{ RunE: func(cmd *cobra.Command, args []string) error { githubToken, ok := os.LookupEnv("GITHUB_TOKEN") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN environment variable") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN environment variable") } gh := github.NewClient(nil).WithAuthToken(githubToken) return execScheduledPrReminders(gh) @@ -166,10 +165,7 @@ func execScheduledPrReminders(gh *github.Client) error { ) sinceDays := businessDaysDiff(since, time.Now()) if shouldNotify(pr, state, sinceDays) { - comment, err := formatReminderComment(state, reminderCommentData{ - PullRequest: pr, - SinceDays: sinceDays, - }) + comment, err := formatReminderComment(pr, state, sinceDays) if err != nil { fmt.Printf( "%d/%d: PR %d: error rendering comment: %s\n", @@ -284,13 +280,23 @@ func notificationState(pr *github.PullRequest, issueEvents []*github.IssueEvent, }) var latestReviewRequest *github.IssueEvent + removedRequests := map[string]struct{}{} for _, event := range issueEvents { + if *event.Event == "review_request_removed" && event.RequestedReviewer != nil { + removedRequests[*event.RequestedReviewer.Login] = struct{}{} + continue + } if *event.Event != "review_requested" { continue } + // Ignore review requests for users who no longer exist. if event.RequestedReviewer == nil { continue } + // Ignore review requests that were later removed. + if _, ok := removedRequests[*event.RequestedReviewer.Login]; ok { + continue + } if membership.IsCoreReviewer(*event.RequestedReviewer.Login) { latestReviewRequest = event break @@ -422,12 +428,12 @@ func shouldNotify(pr *github.PullRequest, state pullRequestReviewState, sinceDay if _, ok := labels["disable-review-reminders"]; ok { return false } - return sinceDays == 2 || (sinceDays > 0 && sinceDays%5 == 0) + return sinceDays == 3 || (sinceDays > 0 && sinceDays%5 == 0) } return false } -func formatReminderComment(state pullRequestReviewState, data reminderCommentData) (string, error) { +func formatReminderComment(pullRequest *github.PullRequest, state pullRequestReviewState, sinceDays int) (string, error) { embeddedTemplate := "" switch state { case waitingForMerge: @@ -447,6 +453,20 @@ func formatReminderComment(state pullRequestReviewState, data reminderCommentDat if err != nil { panic(fmt.Sprintf("Unable to parse template for %s: %s", state.String(), err)) } + + coreReviewers := []string{} + for _, reviewer := range pullRequest.RequestedReviewers { + if membership.IsCoreReviewer(*reviewer.Login) { + coreReviewers = append(coreReviewers, *reviewer.Login) + } + } + + data := reminderCommentData{ + User: *pullRequest.User.Login, + SinceDays: sinceDays, + CoreReviewers: coreReviewers, + } + sb := new(strings.Builder) err = tmpl.Execute(sb, data) if err != nil { diff --git a/.ci/magician/cmd/scheduled_pr_reminders_test.go b/.ci/magician/cmd/scheduled_pr_reminders_test.go index b23edb64fd45..760cf6e9fb60 100644 --- a/.ci/magician/cmd/scheduled_pr_reminders_test.go +++ b/.ci/magician/cmd/scheduled_pr_reminders_test.go @@ -65,6 +65,29 @@ func TestNotificationState(t *testing.T) { expectState: waitingForReviewerAssignment, expectSince: time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC), }, + "request for team reviewer which was later removed, and no reviews": { + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("author")}, + CreatedAt: &github.Timestamp{time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC)}, + RequestedTeams: []*github.Team{ + &github.Team{Name: github.String("terraform-team")}, + }, + }, + issueEvents: []*github.IssueEvent{ + &github.IssueEvent{ + Event: github.String("review_requested"), + CreatedAt: &github.Timestamp{time.Date(2024, 1, 2, 0, 0, 0, 0, time.UTC)}, + RequestedReviewer: &github.User{Login: github.String(firstCoreReviewer)}, + }, + &github.IssueEvent{ + Event: github.String("review_request_removed"), + CreatedAt: &github.Timestamp{time.Date(2024, 1, 3, 0, 0, 0, 0, time.UTC)}, + RequestedReviewer: &github.User{Login: github.String(firstCoreReviewer)}, + }, + }, + expectState: waitingForReviewerAssignment, + expectSince: time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC), + }, // expectState: waitingForReview "no reviews": { @@ -82,6 +105,31 @@ func TestNotificationState(t *testing.T) { expectState: waitingForReview, expectSince: time.Date(2024, 1, 2, 0, 0, 0, 0, time.UTC), }, + "review requested, removed, and rerequested, with no reviews": { + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("author")}, + CreatedAt: &github.Timestamp{time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC)}, + }, + issueEvents: []*github.IssueEvent{ + &github.IssueEvent{ + Event: github.String("review_requested"), + CreatedAt: &github.Timestamp{time.Date(2024, 1, 2, 0, 0, 0, 0, time.UTC)}, + RequestedReviewer: &github.User{Login: github.String(firstCoreReviewer)}, + }, + &github.IssueEvent{ + Event: github.String("review_request_removed"), + CreatedAt: &github.Timestamp{time.Date(2024, 1, 3, 0, 0, 0, 0, time.UTC)}, + RequestedReviewer: &github.User{Login: github.String(firstCoreReviewer)}, + }, + &github.IssueEvent{ + Event: github.String("review_requested"), + CreatedAt: &github.Timestamp{time.Date(2024, 1, 4, 0, 0, 0, 0, time.UTC)}, + RequestedReviewer: &github.User{Login: github.String(firstCoreReviewer)}, + }, + }, + expectState: waitingForReview, + expectSince: time.Date(2024, 1, 4, 0, 0, 0, 0, time.UTC), + }, "no reviews since latest review request": { pullRequest: &github.PullRequest{ User: &github.User{Login: github.String("author")}, @@ -627,10 +675,10 @@ func TestShouldNotify(t *testing.T) { sinceDays: 1, want: false, }, - "waitingForReview two days": { + "waitingForReview three days": { pullRequest: &github.PullRequest{}, state: waitingForReview, - sinceDays: 2, + sinceDays: 3, want: true, }, "waitingForReview first week": { @@ -738,156 +786,259 @@ func TestShouldNotify(t *testing.T) { } func TestFormatReminderComment(t *testing.T) { + firstCoreReviewer := membership.AvailableReviewers()[0] + secondCoreReviewer := membership.AvailableReviewers()[1] cases := map[string]struct { + pullRequest *github.PullRequest state pullRequestReviewState - data reminderCommentData + sinceDays int expectedStrings []string notExpectedStrings []string }{ // waitingForMerge "waitingForMerge one week": { - state: waitingForMerge, - data: reminderCommentData{ - PullRequest: &github.PullRequest{}, - SinceDays: 5, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, + }, }, + state: waitingForMerge, + sinceDays: 5, expectedStrings: []string{ "waiting for merge for 1 week", "disable-review-reminders", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + }, + notExpectedStrings: []string{ + "@pr-author", + "@other-reviewer", }, }, "waitingForMerge two weeks": { - state: waitingForMerge, - data: reminderCommentData{ - PullRequest: &github.PullRequest{}, - SinceDays: 5 * 2, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, + }, }, + state: waitingForMerge, + sinceDays: 5 * 2, expectedStrings: []string{ "waiting for merge for 2 weeks", "disable-review-reminders", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + }, + notExpectedStrings: []string{ + "@pr-author", + "@other-reviewer", }, }, "waitingForMerge many weeks": { - state: waitingForMerge, - data: reminderCommentData{ - PullRequest: &github.PullRequest{}, - SinceDays: 5 * 57, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, + }, }, + state: waitingForMerge, + sinceDays: 5 * 57, expectedStrings: []string{ "waiting for merge for 57 weeks", "disable-review-reminders", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + }, + notExpectedStrings: []string{ + "@pr-author", + "@other-reviewer", }, }, // waitingForReview - "waitingForReview two days": { - state: waitingForReview, - data: reminderCommentData{ - PullRequest: &github.PullRequest{}, - SinceDays: 2, + "waitingForReview three days": { + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, + }, }, + state: waitingForReview, + sinceDays: 3, expectedStrings: []string{ - "waiting for review for 2 weekdays", + "waiting for review for 3 weekdays", "disable-review-reminders", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, }, notExpectedStrings: []string{ "@GoogleCloudPlatform/terraform-team", + "@pr-author", + "@other-reviewer", }, }, "waitingForReview one week": { - state: waitingForReview, - data: reminderCommentData{ - PullRequest: &github.PullRequest{}, - SinceDays: 5, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, + }, }, + state: waitingForReview, + sinceDays: 5, expectedStrings: []string{ "@GoogleCloudPlatform/terraform-team", "waiting for review for 1 week", "disable-review-reminders", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + }, + notExpectedStrings: []string{ + "@pr-author", + "@other-reviewer", }, }, "waitingForReview two weeks": { - state: waitingForReview, - data: reminderCommentData{ - PullRequest: &github.PullRequest{}, - SinceDays: 10, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, + }, }, + state: waitingForReview, + sinceDays: 10, expectedStrings: []string{ "@GoogleCloudPlatform/terraform-team", "waiting for review for 2 weeks", "disable-review-reminders", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + }, + notExpectedStrings: []string{ + "@pr-author", + "@other-reviewer", }, }, // waitingForContributor "waitingForContributor two weeks": { - state: waitingForContributor, - data: reminderCommentData{ - PullRequest: &github.PullRequest{ - User: &github.User{Login: github.String("pr-author")}, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, }, - SinceDays: 10, }, + state: waitingForContributor, + sinceDays: 10, expectedStrings: []string{ "@pr-author", "If no action is taken, this PR will be closed in 28 days", "disable-automatic-closure", }, + notExpectedStrings: []string{ + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + "@other-reviewer", + }, }, "waitingForContributor four weeks": { - state: waitingForContributor, - data: reminderCommentData{ - PullRequest: &github.PullRequest{ - User: &github.User{Login: github.String("pr-author")}, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, }, - SinceDays: 20, }, + state: waitingForContributor, + sinceDays: 20, expectedStrings: []string{ "@pr-author", "If no action is taken, this PR will be closed in 14 days", "disable-automatic-closure", }, + notExpectedStrings: []string{ + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + "@other-reviewer", + }, }, "waitingForContributor 28 days": { - state: waitingForContributor, - data: reminderCommentData{ - PullRequest: &github.PullRequest{ - User: &github.User{Login: github.String("pr-author")}, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, }, - SinceDays: 28, }, + state: waitingForContributor, + sinceDays: 28, expectedStrings: []string{ "@pr-author", "If no action is taken, this PR will be closed in 2 weekdays", "disable-automatic-closure", }, + notExpectedStrings: []string{ + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + "@other-reviewer", + }, }, "waitingForContributor six weeks": { - state: waitingForContributor, - data: reminderCommentData{ - PullRequest: &github.PullRequest{ - User: &github.User{Login: github.String("pr-author")}, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, }, - SinceDays: 30, }, + state: waitingForContributor, + sinceDays: 30, expectedStrings: []string{"@pr-author", "PR is being closed due to inactivity"}, notExpectedStrings: []string{ "If no action is taken, this PR will be closed", "disable-automatic-closure", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + "@other-reviewer", }, }, "waitingForContributor seven weeks": { - state: waitingForContributor, - data: reminderCommentData{ - PullRequest: &github.PullRequest{ - User: &github.User{Login: github.String("pr-author")}, + pullRequest: &github.PullRequest{ + User: &github.User{Login: github.String("pr-author")}, + RequestedReviewers: []*github.User{ + &github.User{Login: github.String(firstCoreReviewer)}, + &github.User{Login: github.String(secondCoreReviewer)}, + &github.User{Login: github.String("other-reviewer")}, }, - SinceDays: 35, }, + state: waitingForContributor, + sinceDays: 35, expectedStrings: []string{"@pr-author", "PR is being closed due to inactivity"}, notExpectedStrings: []string{ "If no action is taken, this PR will be closed", "disable-automatic-closure", + "@" + firstCoreReviewer, + "@" + secondCoreReviewer, + "@other-reviewer", }, }, } @@ -897,7 +1048,7 @@ func TestFormatReminderComment(t *testing.T) { t.Run(tn, func(t *testing.T) { t.Parallel() - comment, err := formatReminderComment(tc.state, tc.data) + comment, err := formatReminderComment(tc.pullRequest, tc.state, tc.sinceDays) assert.Nil(t, err) for _, s := range tc.expectedStrings { diff --git a/.ci/magician/cmd/sync_branch.go b/.ci/magician/cmd/sync_branch.go new file mode 100644 index 000000000000..d3950b268235 --- /dev/null +++ b/.ci/magician/cmd/sync_branch.go @@ -0,0 +1,72 @@ +/* +* Copyright 2024 Google LLC. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. + */ +package cmd + +import ( + "fmt" + "magician/exec" + "magician/source" + "os" + + "github.com/spf13/cobra" +) + +var syncBranchCmd = &cobra.Command{ + Use: "sync-branch", + Short: "Push the given commit to the given sync branch", + Long: `This command updates the given sync branch with the given commit SHA. + + It expects the following parameters: + 1. SYNC_BRANCH_PREFIX + 2. BASE_BRANCH + 3. SHA + + It also expects the following environment variables: + 1. GITHUB_TOKEN_CLASSIC`, + RunE: func(cmd *cobra.Command, args []string) error { + syncBranchPrefix := args[0] + baseBranch := args[1] + sha := args[2] + + githubToken, ok := os.LookupEnv("GITHUB_TOKEN_CLASSIC") + if !ok { + return fmt.Errorf("did not provide GITHUB_TOKEN_CLASSIC environment variable") + } + + rnr, err := exec.NewRunner() + if err != nil { + return fmt.Errorf("error creating Runner: %s", err) + } + return execSyncBranchCmd(syncBranchPrefix, baseBranch, sha, githubToken, rnr) + }, +} + +func execSyncBranchCmd(syncBranchPrefix, baseBranch, sha, githubToken string, runner source.Runner) error { + syncBranch := getSyncBranch(syncBranchPrefix, baseBranch) + fmt.Println("SYNC_BRANCH: ", syncBranch) + + if syncBranchHasCommit(sha, syncBranch, runner) { + fmt.Printf("Commit %s already in sync branch %s, skipping sync\n", sha, syncBranch) + return nil + } + + _, err := runner.Run("git", []string{"push", fmt.Sprintf("https://modular-magician:%s@github.com/GoogleCloudPlatform/magic-modules", githubToken), fmt.Sprintf("%s:%s", sha, syncBranch)}, nil) + return err +} + +func init() { + rootCmd.AddCommand(syncBranchCmd) +} diff --git a/.ci/magician/cmd/test_terraform_vcr.go b/.ci/magician/cmd/test_terraform_vcr.go index 46fe634139f8..c9d9c8df526d 100644 --- a/.ci/magician/cmd/test_terraform_vcr.go +++ b/.ci/magician/cmd/test_terraform_vcr.go @@ -7,6 +7,7 @@ import ( "regexp" "sort" "strings" + "text/template" "github.com/spf13/cobra" @@ -15,6 +16,21 @@ import ( "magician/provider" "magician/source" "magician/vcr" + + _ "embed" +) + +var ( + //go:embed test_terraform_vcr_test_analytics.tmpl + testsAnalyticsTmplText string + //go:embed test_terraform_vcr_non_exercised_tests.tmpl + nonExercisedTestsTmplText string + //go:embed test_terraform_vcr_with_replay_failed_tests.tmpl + withReplayFailedTestsTmplText string + //go:embed test_terraform_vcr_without_replay_failed_tests.tmpl + withoutReplayFailedTestsTmplText string + //go:embed test_terraform_vcr_record_replay.tmpl + recordReplayTmplText string ) var ttvEnvironmentVariables = [...]string{ @@ -40,17 +56,47 @@ var ttvEnvironmentVariables = [...]string{ "USER", } +type analytics struct { + ReplayingResult *vcr.Result + RunFullVCR bool + AffectedServices []string +} + +type nonExercisedTests struct { + NotRunBetaTests []string + NotRunGATests []string +} + +type withReplayFailedTests struct { + ReplayingResult *vcr.Result +} + +type withoutReplayFailedTests struct { + ReplayingErr error + PRNumber string + BuildID string +} + +type recordReplay struct { + RecordingResult *vcr.Result + ReplayingAfterRecordingResult *vcr.Result + HasTerminatedTests bool + RecordingErr error + AllRecordingPassed bool + PRNumber string + BuildID string +} + var testTerraformVCRCmd = &cobra.Command{ Use: "test-terraform-vcr", Short: "Run vcr tests for affected packages", Long: `This command runs on new pull requests to replay VCR cassettes and re-record failing cassettes.`, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { env := make(map[string]string, len(ttvEnvironmentVariables)) for _, ev := range ttvEnvironmentVariables { val, ok := os.LookupEnv(ev) if !ok { - fmt.Printf("Did not provide %s environment variable\n", ev) - os.Exit(1) + return fmt.Errorf("did not provide %s environment variable", ev) } env[ev] = val } @@ -58,8 +104,7 @@ var testTerraformVCRCmd = &cobra.Command{ for _, tokenName := range []string{"GITHUB_TOKEN_DOWNSTREAMS", "GITHUB_TOKEN_MAGIC_MODULES"} { val, ok := lookupGithubTokenOrFallback(tokenName) if !ok { - fmt.Printf("Did not provide %s or GITHUB_TOKEN environment variable\n", tokenName) - os.Exit(1) + return fmt.Errorf("did not provide %s or GITHUB_TOKEN environment variable", tokenName) } env[tokenName] = val } @@ -72,26 +117,24 @@ var testTerraformVCRCmd = &cobra.Command{ gh := github.NewClient(env["GITHUB_TOKEN_MAGIC_MODULES"]) rnr, err := exec.NewRunner() if err != nil { - fmt.Println("Error creating a runner: ", err) - os.Exit(1) + return fmt.Errorf("error creating a runner: %w", err) } ctlr := source.NewController(env["GOPATH"], "modular-magician", env["GITHUB_TOKEN_DOWNSTREAMS"], rnr) vt, err := vcr.NewTester(env, rnr) if err != nil { - fmt.Println("Error creating VCR tester: ", err) + return fmt.Errorf("error creating VCR tester: %w", err) } if len(args) != 5 { - fmt.Printf("Wrong number of arguments %d, expected 5\n", len(args)) - os.Exit(1) + return fmt.Errorf("wrong number of arguments %d, expected 5", len(args)) } - execTestTerraformVCR(args[0], args[1], args[2], args[3], args[4], baseBranch, gh, rnr, ctlr, vt) + return execTestTerraformVCR(args[0], args[1], args[2], args[3], args[4], baseBranch, gh, rnr, ctlr, vt) }, } -func execTestTerraformVCR(prNumber, mmCommitSha, buildID, projectID, buildStep, baseBranch string, gh GithubClient, rnr ExecRunner, ctlr *source.Controller, vt *vcr.Tester) { +func execTestTerraformVCR(prNumber, mmCommitSha, buildID, projectID, buildStep, baseBranch string, gh GithubClient, rnr ExecRunner, ctlr *source.Controller, vt *vcr.Tester) error { newBranch := "auto-pr-" + prNumber oldBranch := newBranch + "-old" @@ -109,121 +152,97 @@ func execTestTerraformVCR(prNumber, mmCommitSha, buildID, projectID, buildStep, for _, repo := range []*source.Repo{tpgRepo, tpgbRepo} { ctlr.SetPath(repo) if err := ctlr.Clone(repo); err != nil { - fmt.Println("Error cloning repo: ", err) - os.Exit(1) + return fmt.Errorf("error cloning repo: %w", err) } if err := ctlr.Fetch(repo, oldBranch); err != nil { - fmt.Println("Failed to fetch old branch: ", err) - os.Exit(1) + return fmt.Errorf("failed to fetch old branch: %w", err) } changedFiles, err := ctlr.DiffNameOnly(repo, oldBranch, newBranch) if err != nil { - fmt.Println("Failed to compute name-only diff: ", err) - os.Exit(1) + return fmt.Errorf("failed to compute name-only diff: %w", err) } repo.ChangedFiles = changedFiles repo.UnifiedZeroDiff, err = ctlr.DiffUnifiedZero(repo, oldBranch, newBranch) if err != nil { - fmt.Println("Failed to compute unified=0 diff: ", err) - os.Exit(1) + return fmt.Errorf("failed to compute unified=0 diff: %w", err) } } vt.SetRepoPath(provider.Beta, tpgbRepo.Path) if err := rnr.PushDir(tpgbRepo.Path); err != nil { - fmt.Println("Error changing to tpgbRepo dir: ", err) - os.Exit(1) + return fmt.Errorf("error changing to tpgbRepo dir: %w", err) } services, runFullVCR := modifiedPackages(tpgbRepo.ChangedFiles) if len(services) == 0 && !runFullVCR { fmt.Println("Skipping tests: No go files or test fixtures changed") - os.Exit(0) + return nil } fmt.Println("Running tests: Go files or test fixtures changed") if err := vt.FetchCassettes(provider.Beta, baseBranch, prNumber); err != nil { - fmt.Println("Error fetching cassettes: ", err) - os.Exit(1) + return fmt.Errorf("error fetching cassettes: %w", err) } buildStatusTargetURL := fmt.Sprintf("https://console.cloud.google.com/cloud-build/builds;region=global/%s;step=%s?project=%s", buildID, buildStep, projectID) if err := gh.PostBuildStatus(prNumber, "VCR-test", "pending", buildStatusTargetURL, mmCommitSha); err != nil { - fmt.Println("Error posting pending status: ", err) - os.Exit(1) + return fmt.Errorf("error posting pending status: %w", err) } - replayingResult, affectedServicesComment, testDirs, replayingErr := runReplaying(runFullVCR, services, vt) + replayingResult, testDirs, replayingErr := runReplaying(runFullVCR, services, vt) testState := "success" if replayingErr != nil { testState = "failure" } if err := vt.UploadLogs("ci-vcr-logs", prNumber, buildID, false, false, vcr.Replaying, provider.Beta); err != nil { - fmt.Println("Error uploading replaying logs: ", err) - os.Exit(1) + return fmt.Errorf("error uploading replaying logs: %w", err) } if hasPanics, err := handlePanics(prNumber, buildID, buildStatusTargetURL, mmCommitSha, replayingResult, vcr.Replaying, gh); err != nil { - fmt.Println("Error handling panics: ", err) - os.Exit(1) + return fmt.Errorf("error handling panics: %w", err) } else if hasPanics { - os.Exit(0) + return nil } - failedTestsPattern := strings.Join(replayingResult.FailedTests, "|") - - comment := `#### Tests analytics -Total tests: ` + fmt.Sprintf("`%d`", len(replayingResult.PassedTests)+len(replayingResult.SkippedTests)+len(replayingResult.FailedTests)) + ` -Passed tests: ` + fmt.Sprintf("`%d`", len(replayingResult.PassedTests)) + ` -Skipped tests: ` + fmt.Sprintf("`%d`", len(replayingResult.SkippedTests)) + ` -Affected tests: ` + fmt.Sprintf("`%d`", len(replayingResult.FailedTests)) + ` - -
Click here to see the affected service packages
` + affectedServicesComment + `
` + var servicesArr []string + for s := range services { + servicesArr = append(servicesArr, s) + } + analyticsData := analytics{ + ReplayingResult: replayingResult, + RunFullVCR: runFullVCR, + AffectedServices: sort.StringSlice(servicesArr), + } + testsAnalyticsComment, err := formatTestsAnalytics(analyticsData) + if err != nil { + return fmt.Errorf("error formatting test_analytics comment: %w", err) + } notRunBeta, notRunGa := notRunTests(tpgRepo.UnifiedZeroDiff, tpgbRepo.UnifiedZeroDiff, replayingResult) - if len(notRunBeta) > 0 || len(notRunGa) > 0 { - comment += ` - - -#### Non-exercised tests` - if len(notRunBeta) > 0 { - comment += ` - -Tests were added that are skipped in VCR: -` - for _, t := range notRunBeta { - comment += ` -- ` + t - } - } - - if len(notRunGa) > 0 { - comment += ` - -Tests were added that are GA-only additions and require manual runs: -` - for _, t := range notRunGa { - comment += ` -- ` + t - } - } + nonExercisedTestsData := nonExercisedTests{ + NotRunBetaTests: notRunBeta, + NotRunGATests: notRunGa, + } + nonExercisedTestsComment, err := formatNonExercisedTests(nonExercisedTestsData) + if err != nil { + return fmt.Errorf("error formatting non exercised tests comment: %w", err) } if len(replayingResult.FailedTests) > 0 { - comment += fmt.Sprintf(` - - -#### Action taken -
Found %d affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
%s
- -[Get to know how VCR tests work](https://googlecloudplatform.github.io/magic-modules/docs/getting-started/contributing/#general-contributing-steps)`, len(replayingResult.FailedTests), failedTestsPattern) + withReplayFailedTestsData := withReplayFailedTests{ + ReplayingResult: replayingResult, + } + withReplayFailedTestsComment, err := formatWithReplayFailedTests(withReplayFailedTestsData) + if err != nil { + return fmt.Errorf("error formatting action taken comment: %w", err) + } + comment := strings.Join([]string{testsAnalyticsComment, nonExercisedTestsComment, withReplayFailedTestsComment}, "\n") if err := gh.PostComment(prNumber, comment); err != nil { - fmt.Println("Error posting comment: ", err) - os.Exit(1) + return fmt.Errorf("error posting comment: %w", err) } recordingResult, recordingErr := vt.RunParallel(vcr.Recording, provider.Beta, testDirs, replayingResult.FailedTests) @@ -234,101 +253,73 @@ Tests were added that are GA-only additions and require manual runs: } if err := vt.UploadCassettes("ci-vcr-cassettes", prNumber, provider.Beta); err != nil { - fmt.Println("Error uploading cassettes: ", err) - os.Exit(1) + return fmt.Errorf("error uploading cassettes: %w", err) } if err := vt.UploadLogs("ci-vcr-logs", prNumber, buildID, true, false, vcr.Recording, provider.Beta); err != nil { - fmt.Println("Error uploading recording logs: ", err) - os.Exit(1) + return fmt.Errorf("error uploading recording logs: %w", err) } if hasPanics, err := handlePanics(prNumber, buildID, buildStatusTargetURL, mmCommitSha, recordingResult, vcr.Recording, gh); err != nil { - fmt.Println("Error handling panics: ", err) - os.Exit(1) + return fmt.Errorf("error handling panics: %w", err) } else if hasPanics { - os.Exit(0) + return nil } - comment = "" + var replayingAfterRecordingResult *vcr.Result + var replayingAfterRecordingErr error if len(recordingResult.PassedTests) > 0 { - comment += "$\\textcolor{green}{\\textsf{Tests passed during RECORDING mode:}}$\n" - for _, passedTest := range recordingResult.PassedTests { - comment += fmt.Sprintf("`%s`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/recording/%s.log)]\n", passedTest, prNumber, buildID, passedTest) - } - comment += "\n\n" - - replayingAfterRecordingResult, replayingAfterRecordingErr := vt.RunParallel(vcr.Replaying, provider.Beta, testDirs, recordingResult.PassedTests) + replayingAfterRecordingResult, replayingAfterRecordingErr = vt.RunParallel(vcr.Replaying, provider.Beta, testDirs, recordingResult.PassedTests) if replayingAfterRecordingErr != nil { testState = "failure" } if err := vt.UploadLogs("ci-vcr-logs", prNumber, buildID, true, true, vcr.Replaying, provider.Beta); err != nil { - fmt.Println("Error uploading recording logs: ", err) - os.Exit(1) + return fmt.Errorf("error uploading recording logs: %w", err) } - - if len(replayingAfterRecordingResult.FailedTests) > 0 { - comment += "$\\textcolor{red}{\\textsf{Tests failed when rerunning REPLAYING mode:}}$\n" - for _, failedTest := range replayingAfterRecordingResult.FailedTests { - comment += fmt.Sprintf("`%s`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/build-log/replaying_build_after_recording/%s_replaying_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/replaying_after_recording/%s.log)]\n", failedTest, prNumber, buildID, failedTest, prNumber, buildID, failedTest) - } - comment += "\n\n" - comment += `Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made. - -Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer. -` - } else { - comment += "$\\textcolor{green}{\\textsf{No issues found for passed tests after REPLAYING rerun.}}$\n" - } - comment += "\n---\n" - } - if len(recordingResult.FailedTests) > 0 { - comment += "$\\textcolor{red}{\\textsf{Tests failed during RECORDING mode:}}$\n" - for _, failedTest := range recordingResult.FailedTests { - comment += fmt.Sprintf("`%s`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/build-log/recording_build/%s_recording_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/recording/%s.log)]\n", failedTest, prNumber, buildID, failedTest, prNumber, buildID, failedTest) - } - comment += "\n\n" - if len(recordingResult.PassedTests)+len(recordingResult.FailedTests) < len(replayingResult.FailedTests) { - comment += "$\\textcolor{red}{\\textsf{Several tests got terminated during RECORDING mode.}}$\n" - } - comment += "$\\textcolor{red}{\\textsf{Please fix these to complete your PR.}}$\n" - } else { - if len(recordingResult.PassedTests)+len(recordingResult.FailedTests) < len(replayingResult.FailedTests) { - comment += "$\\textcolor{red}{\\textsf{Several tests got terminated during RECORDING mode.}}$\n" - } else if recordingErr != nil { - // Check for any uncaught errors in RECORDING mode. - comment += "$\\textcolor{red}{\\textsf{Errors occurred during RECORDING mode. Please fix them to complete your PR.}}$\n" - } else { - comment += "$\\textcolor{green}{\\textsf{All tests passed!}}$\n" - } + hasTerminatedTests := (len(recordingResult.PassedTests) + len(recordingResult.FailedTests)) < len(replayingResult.FailedTests) + allRecordingPassed := len(recordingResult.FailedTests) == 0 && !hasTerminatedTests && recordingErr == nil + + recordReplayData := recordReplay{ + RecordingResult: recordingResult, + ReplayingAfterRecordingResult: replayingAfterRecordingResult, + RecordingErr: recordingErr, + HasTerminatedTests: hasTerminatedTests, + AllRecordingPassed: allRecordingPassed, + PRNumber: prNumber, + BuildID: buildID, + } + recordReplayComment, err := formatRecordReplay(recordReplayData) + if err != nil { + return fmt.Errorf("error formatting record replay comment: %w", err) + } + if err := gh.PostComment(prNumber, recordReplayComment); err != nil { + return fmt.Errorf("error posting comment: %w", err) } - comment += fmt.Sprintf("View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/build-log/recording_test.log) or the [debug log](https://console.cloud.google.com/storage/browser/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/recording) for each test", prNumber, buildID, prNumber, buildID) - } else { - // Add newlines so that the color formatting will work properly. - comment += ` + } else { // len(replayingResult.FailedTests) == 0 + withoutReplayFailedTestsData := withoutReplayFailedTests{ + ReplayingErr: replayingErr, + PRNumber: prNumber, + BuildID: buildID, + } + withoutReplayFailedTestsComment, err := formatWithoutReplayFailedTests(withoutReplayFailedTestsData) + if err != nil { + return fmt.Errorf("error formatting action taken comment: %w", err) + } -` - if replayingErr != nil { - // Check for any uncaught errors in REPLAYING mode. - comment += "$\\textcolor{red}{\\textsf{Errors occurred during REPLAYING mode. Please fix them to complete your PR.}}$\n" - } else { - comment += "$\\textcolor{green}{\\textsf{All tests passed!}}$\n" + comment := strings.Join([]string{testsAnalyticsComment, nonExercisedTestsComment, withoutReplayFailedTestsComment}, "\n") + if err := gh.PostComment(prNumber, comment); err != nil { + return fmt.Errorf("error posting comment: %w", err) } - comment += fmt.Sprintf("View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-%s/artifacts/%s/build-log/replaying_test.log)", prNumber, buildID) - } - if err := gh.PostComment(prNumber, comment); err != nil { - fmt.Println("Error posting comment: ", err) - os.Exit(1) } if err := gh.PostBuildStatus(prNumber, "VCR-test", testState, buildStatusTargetURL, mmCommitSha); err != nil { - fmt.Println("Error posting build status: ", err) - os.Exit(1) + return fmt.Errorf("error posting build status: %w", err) } + return nil } var addedTestsRegexp = regexp.MustCompile(`(?m)^\+func (Test\w+)\(t \*testing.T\) {`) @@ -398,17 +389,14 @@ func modifiedPackages(changedFiles []string) (map[string]struct{}, bool) { return services, runFullVCR } -func runReplaying(runFullVCR bool, services map[string]struct{}, vt *vcr.Tester) (*vcr.Result, string, []string, error) { +func runReplaying(runFullVCR bool, services map[string]struct{}, vt *vcr.Tester) (*vcr.Result, []string, error) { var result *vcr.Result - affectedServicesComment := "None" var testDirs []string var replayingErr error if runFullVCR { fmt.Println("run full VCR tests") - affectedServicesComment = "all service packages are affected" result, replayingErr = vt.Run(vcr.Replaying, provider.Beta, nil) } else if len(services) > 0 { - affectedServicesComment = "" } - return result, affectedServicesComment, testDirs, replayingErr + return result, testDirs, replayingErr } func handlePanics(prNumber, buildID, buildStatusTargetURL, mmCommitSha string, result *vcr.Result, mode vcr.Mode, gh GithubClient) (bool, error) { @@ -449,3 +435,40 @@ View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/head func init() { rootCmd.AddCommand(testTerraformVCRCmd) } + +func formatComment(fileName string, tmplText string, data any) (string, error) { + funcs := template.FuncMap{ + "join": strings.Join, + "add": func(i, j int) int { return i + j }, + } + tmpl, err := template.New(fileName).Funcs(funcs).Parse(tmplText) + if err != nil { + panic(fmt.Sprintf("Unable to parse %s: %s", fileName, err)) + } + sb := new(strings.Builder) + err = tmpl.Execute(sb, data) + if err != nil { + return "", err + } + return strings.TrimSpace(sb.String()), nil +} + +func formatTestsAnalytics(data analytics) (string, error) { + return formatComment("test_terraform_vcr_test_analytics.tmpl", testsAnalyticsTmplText, data) +} + +func formatNonExercisedTests(data nonExercisedTests) (string, error) { + return formatComment("test_terraform_vcr_recording_mode_results.tmpl", nonExercisedTestsTmplText, data) +} + +func formatWithReplayFailedTests(data withReplayFailedTests) (string, error) { + return formatComment("test_terraform_vcr_with_replay_failed_tests.tmpl", withReplayFailedTestsTmplText, data) +} + +func formatWithoutReplayFailedTests(data withoutReplayFailedTests) (string, error) { + return formatComment("test_terraform_vcr_without_replay_failed_tests.tmpl", withoutReplayFailedTestsTmplText, data) +} + +func formatRecordReplay(data recordReplay) (string, error) { + return formatComment("test_terraform_vcr_record_replay.tmpl", recordReplayTmplText, data) +} diff --git a/.ci/magician/cmd/test_terraform_vcr_non_exercised_tests.tmpl b/.ci/magician/cmd/test_terraform_vcr_non_exercised_tests.tmpl new file mode 100644 index 000000000000..b3a6a21c02c5 --- /dev/null +++ b/.ci/magician/cmd/test_terraform_vcr_non_exercised_tests.tmpl @@ -0,0 +1,13 @@ +{{- if or (gt (len .NotRunBetaTests) 0) (gt (len .NotRunGATests) 0) -}} +#### Non-exercised tests + +{{if gt (len .NotRunBetaTests) 0 -}} +Tests were added that are skipped in VCR: +{{range .NotRunBetaTests}}{{. | printf "- %s\n"}}{{end}} +{{end}} + +{{if gt (len .NotRunGATests) 0 -}} +Tests were added that are GA-only additions and require manual runs: +{{range .NotRunGATests}}{{. | printf "- %s\n"}}{{end}} +{{end}} +{{end}} diff --git a/.ci/magician/cmd/test_terraform_vcr_record_replay.tmpl b/.ci/magician/cmd/test_terraform_vcr_record_replay.tmpl new file mode 100644 index 000000000000..d5c7535798f8 --- /dev/null +++ b/.ci/magician/cmd/test_terraform_vcr_record_replay.tmpl @@ -0,0 +1,31 @@ +{{- if gt (len .RecordingResult.PassedTests) 0 -}} +$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$ +{{range .RecordingResult.PassedTests}}`{{.}}`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{$.PRNumber}}/artifacts/{{$.BuildID}}/recording/{{.}}.log)] +{{end}} + +{{- if gt (len .ReplayingAfterRecordingResult.FailedTests ) 0 -}} +$\textcolor{red}{\textsf{Tests failed when rerunning REPLAYING mode:}}$ +{{range .ReplayingAfterRecordingResult.FailedTests}}`{{.}}`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{$.PRNumber}}/artifacts/{{$.BuildID}}/build-log/replaying_build_after_recording/{{.}}_replaying_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{$.PRNumber}}/artifacts/{{$.BuildID}}/replaying_after_recording/{{.}}.log)] +{{end}} + +Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made. + +Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer. + +{{else}} +$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$ +{{end}}{{/* end of if gt (len .ReplayingAfterRecordingResult.FailedTests ) 0 */}} +--- +{{end}}{{/* end of if gt (len .RecordingResult.PassedTests) 0 */}} + +{{if gt (len .RecordingResult.FailedTests) 0 -}} +$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$ +{{range .RecordingResult.FailedTests}}`{{.}}`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{$.PRNumber}}/artifacts/{{$.BuildID}}/build-log/recording_build/{{.}}_recording_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{$.PRNumber}}/artifacts/{{$.BuildID}}/recording/{{.}}.log)] +{{end}} +{{end}} {{- /* end of if gt (len .RecordingResult.FailedTests) 0 */ -}} + +{{if .HasTerminatedTests}}$\textcolor{red}{\textsf{Several tests got terminated during RECORDING mode.}}${{end}} +{{if .RecordingErr}}$\textcolor{red}{\textsf{Errors occurred during RECORDING mode. Please fix them to complete your PR.}}${{end}} +{{if .AllRecordingPassed}}$\textcolor{green}{\textsf{All tests passed!}}${{end}} + +View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{.PRNumber}}/artifacts/{{.BuildID}}/build-log/recording_test.log) or the [debug log](https://console.cloud.google.com/storage/browser/ci-vcr-logs/beta/refs/heads/auto-pr-{{.PRNumber}}/artifacts/{{.BuildID}}/recording) for each test diff --git a/.ci/magician/cmd/test_terraform_vcr_test.go b/.ci/magician/cmd/test_terraform_vcr_test.go index feb140fff4b0..604ec2feb06c 100644 --- a/.ci/magician/cmd/test_terraform_vcr_test.go +++ b/.ci/magician/cmd/test_terraform_vcr_test.go @@ -1,9 +1,12 @@ package cmd import ( + "fmt" "reflect" + "strings" "testing" + "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" "magician/vcr" @@ -213,3 +216,402 @@ func TestNotRunTests(t *testing.T) { }) } } + +func TestAnalyticsComment(t *testing.T) { + tests := []struct { + name string + data analytics + want string + }{ + { + name: "run full vcr is false and no affected services", + data: analytics{ + ReplayingResult: &vcr.Result{ + PassedTests: []string{"a", "b", "c"}, + SkippedTests: []string{"d", "e"}, + FailedTests: []string{"f"}, + }, + RunFullVCR: false, + AffectedServices: []string{}, + }, + want: strings.Join( + []string{ + "#### Tests analytics", + "Total tests: 6", + "Passed tests: 3", + "Skipped tests: 2", + "Affected tests: 1", + "", + "
", + "Click here to see the affected service packages", + "
", + "", + "None", + "", + "
", + "
", + }, + "\n", + ), + }, + { + name: "run full vcr is false and has affected services", + data: analytics{ + ReplayingResult: &vcr.Result{ + PassedTests: []string{"a", "b", "c"}, + SkippedTests: []string{"d", "e"}, + FailedTests: []string{"f"}, + }, + RunFullVCR: false, + AffectedServices: []string{"svc-a", "svc-b"}, + }, + want: strings.Join( + []string{ + "#### Tests analytics", + "Total tests: 6", + "Passed tests: 3", + "Skipped tests: 2", + "Affected tests: 1", + "", + "
", + "Click here to see the affected service packages", + "
", + "", + "", + "", + "
", + "
", + }, + "\n", + ), + }, + { + name: "run full vcr is true", + data: analytics{ + ReplayingResult: &vcr.Result{ + PassedTests: []string{"a", "b", "c"}, + SkippedTests: []string{"d", "e"}, + FailedTests: []string{"f"}, + }, + RunFullVCR: true, + AffectedServices: []string{}, + }, + want: strings.Join([]string{ + "#### Tests analytics", + "Total tests: 6", + "Passed tests: 3", + "Skipped tests: 2", + "Affected tests: 1", + "", + "
", + "Click here to see the affected service packages", + "
", + "", + "All service packages are affected", + "", + "
", + "
", + }, + "\n", + ), + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + got, err := formatTestsAnalytics(tc.data) + if err != nil { + t.Fatalf("Failed to format comment: %v", err) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("formatTestsAnalytics() returned unexpected difference (-want +got):\n%s", diff) + } + }) + } +} + +func TestNonExercisedTestsComment(t *testing.T) { + tests := []struct { + name string + data nonExercisedTests + want string + }{ + { + name: "without non exercised tests", + data: nonExercisedTests{}, + want: strings.Join( + []string{}, + "\n", + ), + }, + { + name: "with not run beta tests", + data: nonExercisedTests{ + NotRunBetaTests: []string{"beta-1", "beta-2"}, + }, + want: strings.Join( + []string{ + "#### Non-exercised tests", + "", + "Tests were added that are skipped in VCR:", + "- beta-1", + "- beta-2", + }, + "\n", + ), + }, + { + name: "with not run ga tests", + data: nonExercisedTests{ + NotRunGATests: []string{"ga-1", "ga-2"}, + }, + want: strings.Join( + []string{ + "#### Non-exercised tests", + "", + "", + "", + "Tests were added that are GA-only additions and require manual runs:", + "- ga-1", + "- ga-2", + }, + "\n", + ), + }, + { + name: "with not run ga tests and not run beta tests", + data: nonExercisedTests{ + NotRunGATests: []string{"ga-1", "ga-2"}, + NotRunBetaTests: []string{"beta-1", "beta-2"}, + }, + want: strings.Join( + []string{ + "#### Non-exercised tests", + "", + "Tests were added that are skipped in VCR:", + "- beta-1", + "- beta-2", + "", + "", + "", + "Tests were added that are GA-only additions and require manual runs:", + "- ga-1", + "- ga-2", + }, + "\n", + ), + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + got, err := formatNonExercisedTests(tc.data) + if err != nil { + t.Fatalf("Failed to format comment: %v", err) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("formatNonExercisedTests() returned unexpected difference (-want +got):\n%s", diff) + } + }) + } +} + +func TestWithReplayFailedTests(t *testing.T) { + tests := []struct { + name string + data withReplayFailedTests + want string + }{ + { + name: "with failed tests", + data: withReplayFailedTests{ + ReplayingResult: &vcr.Result{ + FailedTests: []string{"a", "b"}, + }, + }, + want: strings.Join( + []string{ + "#### Action taken", + "
", + "Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests", + "", + "
", + "", + "
", + "
", + "", + "[Get to know how VCR tests work](https://googlecloudplatform.github.io/magic-modules/docs/getting-started/contributing/#general-contributing-steps)", + }, + "\n", + ), + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + got, err := formatWithReplayFailedTests(tc.data) + if err != nil { + t.Fatalf("Failed to format comment: %v", err) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("formatWithReplayFailedTests() returned unexpected difference (-want +got):\n%s", diff) + } + }) + } +} + +func TestWithoutReplayFailedTests(t *testing.T) { + tests := []struct { + name string + data withoutReplayFailedTests + want string + }{ + { + name: "with replay error", + data: withoutReplayFailedTests{ + ReplayingErr: fmt.Errorf("some error"), + BuildID: "build-123", + PRNumber: "pr-123", + }, + want: strings.Join( + []string{ + "$\\textcolor{red}{\\textsf{Errors occurred during REPLAYING mode. Please fix them to complete your PR.}}$", + "", + "View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/replaying_test.log)", + }, + "\n", + ), + }, + { + name: "without replay error", + data: withoutReplayFailedTests{ + BuildID: "build-123", + PRNumber: "pr-123", + }, + want: strings.Join( + []string{ + "$\\textcolor{green}{\\textsf{All tests passed!}}$", + "", + "View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/replaying_test.log)", + }, + "\n", + ), + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + got, err := formatWithoutReplayFailedTests(tc.data) + if err != nil { + t.Fatalf("Failed to format comment: %v", err) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("formatWithoutReplayFailedTests() returned unexpected difference (-want +got):\n%s", diff) + } + }) + } +} + +func TestRecordReplay(t *testing.T) { + tests := []struct { + name string + data recordReplay + want string + }{ + { + name: "ReplayingAfterRecordingResult has failed tests", + data: recordReplay{ + RecordingResult: &vcr.Result{ + PassedTests: []string{"a", "b", "c"}, + FailedTests: []string{"d", "e"}, + }, + ReplayingAfterRecordingResult: &vcr.Result{ + PassedTests: []string{"a"}, + FailedTests: []string{"b", "c"}, + }, + HasTerminatedTests: true, + RecordingErr: fmt.Errorf("some error"), + BuildID: "build-123", + PRNumber: "pr-123", + }, + want: strings.Join( + []string{ + "$\\textcolor{green}{\\textsf{Tests passed during RECORDING mode:}}$", "`a`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/a.log)]", + "`b`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/b.log)]", + "`c`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/c.log)]", + "$\\textcolor{red}{\\textsf{Tests failed when rerunning REPLAYING mode:}}$", + "`b`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/replaying_build_after_recording/b_replaying_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/replaying_after_recording/b.log)]", + "`c`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/replaying_build_after_recording/c_replaying_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/replaying_after_recording/c.log)]", + "", + "", + "Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made.", + "", + "Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer.", + "", + "", + "---", + "", + "", + "$\\textcolor{red}{\\textsf{Tests failed during RECORDING mode:}}$", + "`d`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/recording_build/d_recording_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/d.log)]", + "`e`[[Error message](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/recording_build/e_recording_test.log)] [[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/e.log)]", + "", + "$\\textcolor{red}{\\textsf{Several tests got terminated during RECORDING mode.}}$", + "$\\textcolor{red}{\\textsf{Errors occurred during RECORDING mode. Please fix them to complete your PR.}}$", + "", + "", + "View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/recording_test.log) or the [debug log](https://console.cloud.google.com/storage/browser/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording) for each test", + }, + "\n", + ), + }, + { + name: "ReplayingAfterRecordingResult does not have failed tests", + data: recordReplay{ + RecordingResult: &vcr.Result{ + PassedTests: []string{"a", "b", "c"}, + }, + ReplayingAfterRecordingResult: &vcr.Result{ + PassedTests: []string{"a", "b", "c"}, + }, + AllRecordingPassed: true, + BuildID: "build-123", + PRNumber: "pr-123", + }, + want: strings.Join( + []string{ + "$\\textcolor{green}{\\textsf{Tests passed during RECORDING mode:}}$", "`a`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/a.log)]", + "`b`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/b.log)]", + "`c`[[Debug log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording/c.log)]", + "", + "$\\textcolor{green}{\\textsf{No issues found for passed tests after REPLAYING rerun.}}$", + "", + "---", + "", + "", + "", + "", + "$\\textcolor{green}{\\textsf{All tests passed!}}$", + "", + "View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/build-log/recording_test.log) or the [debug log](https://console.cloud.google.com/storage/browser/ci-vcr-logs/beta/refs/heads/auto-pr-pr-123/artifacts/build-123/recording) for each test", + }, + "\n", + ), + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + got, err := formatRecordReplay(tc.data) + if err != nil { + t.Fatalf("Failed to format comment: %v", err) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("formatRecordReplay() returned unexpected difference (-want +got):\n%s", diff) + } + }) + } +} diff --git a/.ci/magician/cmd/test_terraform_vcr_test_analytics.tmpl b/.ci/magician/cmd/test_terraform_vcr_test_analytics.tmpl new file mode 100644 index 000000000000..9c4006541946 --- /dev/null +++ b/.ci/magician/cmd/test_terraform_vcr_test_analytics.tmpl @@ -0,0 +1,20 @@ +#### Tests analytics +Total tests: {{add (add (len .ReplayingResult.PassedTests) (len .ReplayingResult.SkippedTests)) (len .ReplayingResult.FailedTests) }} +Passed tests: {{len .ReplayingResult.PassedTests}} +Skipped tests: {{len .ReplayingResult.SkippedTests}} +Affected tests: {{len .ReplayingResult.FailedTests}} + +
+Click here to see the affected service packages +
+{{if .RunFullVCR}} +All service packages are affected +{{else if gt (len .AffectedServices) 0}} + +{{else}} +None +{{end}} +
+
diff --git a/.ci/magician/cmd/test_terraform_vcr_with_replay_failed_tests.tmpl b/.ci/magician/cmd/test_terraform_vcr_with_replay_failed_tests.tmpl new file mode 100644 index 000000000000..68c804f67584 --- /dev/null +++ b/.ci/magician/cmd/test_terraform_vcr_with_replay_failed_tests.tmpl @@ -0,0 +1,12 @@ +#### Action taken +
+Found {{len .ReplayingResult.FailedTests}} affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests + +
+ +
+
+ +[Get to know how VCR tests work](https://googlecloudplatform.github.io/magic-modules/docs/getting-started/contributing/#general-contributing-steps) diff --git a/.ci/magician/cmd/test_terraform_vcr_without_replay_failed_tests.tmpl b/.ci/magician/cmd/test_terraform_vcr_without_replay_failed_tests.tmpl new file mode 100644 index 000000000000..9c342f06f610 --- /dev/null +++ b/.ci/magician/cmd/test_terraform_vcr_without_replay_failed_tests.tmpl @@ -0,0 +1,7 @@ +{{- if .ReplayingErr -}} +$\textcolor{red}{\textsf{Errors occurred during REPLAYING mode. Please fix them to complete your PR.}}$ +{{- else -}} +$\textcolor{green}{\textsf{All tests passed!}}$ +{{- end}} + +View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-{{.PRNumber}}/artifacts/{{.BuildID}}/build-log/replaying_test.log) diff --git a/.ci/magician/cmd/test_tgc.go b/.ci/magician/cmd/test_tgc.go index 5f000d731b15..bbf746a975a2 100644 --- a/.ci/magician/cmd/test_tgc.go +++ b/.ci/magician/cmd/test_tgc.go @@ -32,31 +32,30 @@ var testTGCCmd = &cobra.Command{ 1. COMMIT_SHA 2. PR_NUMBER `, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { commit := os.Getenv("COMMIT_SHA") pr := os.Getenv("PR_NUMBER") githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_MAGIC_MODULES") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") } gh := github.NewClient(githubToken) - execTestTGC(commit, pr, gh) + return execTestTGC(commit, pr, gh) }, } -func execTestTGC(commit, pr string, gh ttGithub) { +func execTestTGC(commit, pr string, gh ttGithub) error { if err := gh.CreateWorkflowDispatchEvent("test-tgc.yml", map[string]any{ "owner": "modular-magician", "repo": "terraform-google-conversion", "branch": "auto-pr-" + pr, "sha": commit, }); err != nil { - fmt.Printf("Error creating workflow dispatch event: %v\n", err) - os.Exit(1) + return fmt.Errorf("error creating workflow dispatch event: %w", err) } + return nil } func init() { diff --git a/.ci/magician/cmd/test_tgc_integration.go b/.ci/magician/cmd/test_tgc_integration.go index 04881ff62d23..f5b6dfb68e0b 100644 --- a/.ci/magician/cmd/test_tgc_integration.go +++ b/.ci/magician/cmd/test_tgc_integration.go @@ -20,34 +20,31 @@ var testTGCIntegrationCmd = &cobra.Command{ 1. GOPATH 2. GITHUB_TOKEN_MAGIC_MODULES `, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { goPath, ok := os.LookupEnv("GOPATH") if !ok { - fmt.Println("Did not provide GOPATH environment variable") - os.Exit(1) + return fmt.Errorf("did not provide GOPATH environment variable") } githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_MAGIC_MODULES") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") } rnr, err := exec.NewRunner() if err != nil { - fmt.Println("Error creating runner: ", err) - os.Exit(1) + return fmt.Errorf("error creating runner: %w", err) } ctlr := source.NewController(goPath, "modular-magician", githubToken, rnr) gh := github.NewClient(githubToken) - execTestTGCIntegration(args[0], args[1], args[2], args[3], args[4], args[5], "modular-magician", rnr, ctlr, gh) + return execTestTGCIntegration(args[0], args[1], args[2], args[3], args[4], args[5], "modular-magician", rnr, ctlr, gh) }, } -func execTestTGCIntegration(prNumber, mmCommit, buildID, projectID, buildStep, ghRepo, githubUsername string, rnr ExecRunner, ctlr *source.Controller, gh GithubClient) { +func execTestTGCIntegration(prNumber, mmCommit, buildID, projectID, buildStep, ghRepo, githubUsername string, rnr ExecRunner, ctlr *source.Controller, gh GithubClient) error { newBranch := "auto-pr-" + prNumber repo := &source.Repo{ Name: ghRepo, @@ -55,17 +52,14 @@ func execTestTGCIntegration(prNumber, mmCommit, buildID, projectID, buildStep, g } ctlr.SetPath(repo) if err := ctlr.Clone(repo); err != nil { - fmt.Println("Error cloning repo: ", err) - os.Exit(1) + return fmt.Errorf("error cloning repo: %w", err) } if err := rnr.PushDir(repo.Path); err != nil { - fmt.Println("Error changing to repo dir: ", err) - os.Exit(1) + return fmt.Errorf("error changing to repo dir: %w", err) } diffs, err := rnr.Run("git", []string{"diff", "--name-only", "HEAD~1"}, nil) if err != nil { - fmt.Println("Error diffing repo: ", err) - os.Exit(1) + return fmt.Errorf("error diffing repo: %w", err) } hasGoFiles := false for _, diff := range strings.Split(diffs, "\n") { @@ -76,15 +70,14 @@ func execTestTGCIntegration(prNumber, mmCommit, buildID, projectID, buildStep, g } if !hasGoFiles { fmt.Println("Skipping tests: No go files changed") - os.Exit(0) + return nil } fmt.Println("Running tests: Go files changed") targetURL := fmt.Sprintf("https://console.cloud.google.com/cloud-build/builds;region=global/%s;step=%s?project=%s", buildID, buildStep, projectID) if err := gh.PostBuildStatus(prNumber, ghRepo+"-test-integration", "pending", targetURL, mmCommit); err != nil { - fmt.Println("Error posting build status: ", err) - os.Exit(1) + return fmt.Errorf("error posting build status: %w", err) } if _, err := rnr.Run("go", []string{"mod", "edit", "-replace", fmt.Sprintf("github.com/hashicorp/terraform-provider-google-beta=github.com/%s/terraform-provider-google-beta@%s", githubUsername, newBranch)}, nil); err != nil { @@ -104,9 +97,9 @@ func execTestTGCIntegration(prNumber, mmCommit, buildID, projectID, buildStep, g } if err := gh.PostBuildStatus(prNumber, ghRepo+"-test-integration", state, targetURL, mmCommit); err != nil { - fmt.Println("Error posting build status: ", err) - os.Exit(1) + return fmt.Errorf("error posting build status: %w", err) } + return nil } func init() { diff --git a/.ci/magician/cmd/test_tpg.go b/.ci/magician/cmd/test_tpg.go index 260b5b2a7466..181644dbfcf9 100644 --- a/.ci/magician/cmd/test_tpg.go +++ b/.ci/magician/cmd/test_tpg.go @@ -37,31 +37,29 @@ var testTPGCmd = &cobra.Command{ 2. COMMIT_SHA 3. PR_NUMBER `, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { version := os.Getenv("VERSION") commit := os.Getenv("COMMIT_SHA") pr := os.Getenv("PR_NUMBER") githubToken, ok := lookupGithubTokenOrFallback("GITHUB_TOKEN_MAGIC_MODULES") if !ok { - fmt.Println("Did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") - os.Exit(1) + return fmt.Errorf("did not provide GITHUB_TOKEN_MAGIC_MODULES or GITHUB_TOKEN environment variables") } gh := github.NewClient(githubToken) - execTestTPG(version, commit, pr, gh) + return execTestTPG(version, commit, pr, gh) }, } -func execTestTPG(version, commit, pr string, gh ttGithub) { +func execTestTPG(version, commit, pr string, gh ttGithub) error { var repo string if version == "ga" { repo = "terraform-provider-google" } else if version == "beta" { repo = "terraform-provider-google-beta" } else { - fmt.Println("invalid version specified") - os.Exit(1) + return fmt.Errorf("invalid version specified") } if err := gh.CreateWorkflowDispatchEvent("test-tpg.yml", map[string]any{ @@ -70,9 +68,9 @@ func execTestTPG(version, commit, pr string, gh ttGithub) { "branch": "auto-pr-" + pr, "sha": commit, }); err != nil { - fmt.Printf("Error creating workflow dispatch event: %v\n", err) - os.Exit(1) + return fmt.Errorf("error creating workflow dispatch event: %w", err) } + return nil } func init() { diff --git a/.ci/magician/cmd/wait_for_commit.go b/.ci/magician/cmd/wait_for_commit.go index ae25dc153b2e..ecf3a2a7ebb4 100644 --- a/.ci/magician/cmd/wait_for_commit.go +++ b/.ci/magician/cmd/wait_for_commit.go @@ -4,7 +4,6 @@ import ( "fmt" "magician/exec" "magician/source" - "os" "strings" "time" @@ -33,8 +32,7 @@ var waitForCommitCmd = &cobra.Command{ rnr, err := exec.NewRunner() if err != nil { - fmt.Println("Error creating Runner: ", err) - os.Exit(1) + return fmt.Errorf("error creating Runner: %w", err) } return execWaitForCommit(syncBranchPrefix, baseBranch, sha, rnr) @@ -46,50 +44,32 @@ var waitFunc = func() { } func execWaitForCommit(syncBranchPrefix, baseBranch, sha string, runner source.Runner) error { - syncBranch := syncBranchPrefix + "-" + baseBranch - if baseBranch == "main" { - syncBranch = syncBranchPrefix - } + syncBranch := getSyncBranch(syncBranchPrefix, baseBranch) fmt.Println("SYNC_BRANCH: ", syncBranch) - if _, err := runner.Run("git", []string{"merge-base", "--is-ancestor", sha, "origin/" + syncBranch}, nil); err == nil { - return fmt.Errorf("found %s in history of %s - dying to avoid double-generating that commit", sha, syncBranch) + if syncBranchHasCommit(sha, syncBranch, runner) { + fmt.Printf("found %s in history of %s - skipping wait\n", sha, syncBranch) + return nil } for { - if baseBranch != "main" { - output, err := gitRevParse("origin/"+syncBranch, runner) - if err != nil { - return err - } - syncHead := strings.TrimSpace(output) - - output, err = gitRevParse(sha+"~", runner) - if err != nil { - return err - } - baseParent := strings.TrimSpace(output) - if syncHead == baseParent { - return nil - } - fmt.Println("sync branch is at: ", syncHead) - fmt.Println("current commit is: ", sha) - } else { - output, err := runner.Run("git", []string{"log", "--pretty=%H", "--reverse", fmt.Sprintf("origin/%s..origin/main", syncBranch)}, nil) - if err != nil { - return err - } - commits := strings.Split(output, "\n") - commit := "" - if len(commits) > 0 { - commit = strings.TrimSpace(commits[0]) - } - if commit == sha { - return nil - } - fmt.Println("git log says waiting on: ", commit) - fmt.Println("command says waiting on: ", sha) + output, err := gitRevParse("origin/"+syncBranch, runner) + if err != nil { + return err + } + syncHead := strings.TrimSpace(output) + + output, err = gitRevParse(sha+"~", runner) + if err != nil { + return err + } + baseParent := strings.TrimSpace(output) + if syncHead == baseParent { + return nil } + fmt.Println("sync branch is at: ", syncHead) + fmt.Println("current commit is: ", sha) + if _, err := runner.Run("git", []string{"fetch", "origin", syncBranch}, nil); err != nil { return err } @@ -97,6 +77,20 @@ func execWaitForCommit(syncBranchPrefix, baseBranch, sha string, runner source.R } } +func getSyncBranch(syncBranchPrefix, baseBranch string) string { + if baseBranch == "main" { + return syncBranchPrefix + } + return fmt.Sprintf("%s-%s", syncBranchPrefix, baseBranch) +} + +func syncBranchHasCommit(sha, syncBranch string, runner source.Runner) bool { + if _, err := runner.Run("git", []string{"merge-base", "--is-ancestor", sha, "origin/" + syncBranch}, nil); err == nil { + return true + } + return false +} + func gitRevParse(target string, runner source.Runner) (string, error) { return runner.Run("git", []string{"rev-parse", "--short", target}, nil) } diff --git a/.ci/magician/cmd/wait_for_commit_test.go b/.ci/magician/cmd/wait_for_commit_test.go index e735a23bd870..afb0ffadb96e 100644 --- a/.ci/magician/cmd/wait_for_commit_test.go +++ b/.ci/magician/cmd/wait_for_commit_test.go @@ -44,9 +44,11 @@ func TestExecWaitForCommit(t *testing.T) { baseBranch: "main", calledMethods: []string{ "git merge-base --is-ancestor sha origin/sync-branch", - "git log --pretty=%H --reverse origin/sync-branch..origin/main", + "git rev-parse --short origin/sync-branch", + "git rev-parse --short sha~", "git fetch origin sync-branch", - "git log --pretty=%H --reverse origin/sync-branch..origin/main", + "git rev-parse --short origin/sync-branch", + "git rev-parse --short sha~", }, runResults: map[string][]runResult{ "cwd git [merge-base --is-ancestor sha origin/sync-branch] map[]": { @@ -55,12 +57,20 @@ func TestExecWaitForCommit(t *testing.T) { err: fmt.Errorf("exit error 1"), }, }, - "cwd git [log --pretty=%H --reverse origin/sync-branch..origin/main] map[]": { + "cwd git [rev-parse --short origin/sync-branch] map[]": { + { + out: "sha-x", + }, + { + out: "sha-z", + }, + }, + "cwd git [rev-parse --short sha~] map[]": { { - out: "sha2\nsha\n\n", + out: "sha-y", }, { - out: "sha\n\n", + out: "sha-z", }, }, "cwd git [fetch origin sync-branch] map[]": { diff --git a/.ci/magician/github/membership.go b/.ci/magician/github/membership.go index 3ccf61b38c59..314a1ed3bc7f 100644 --- a/.ci/magician/github/membership.go +++ b/.ci/magician/github/membership.go @@ -62,11 +62,6 @@ var ( startDate: newDate(2024, 4, 11, pdtLoc), endDate: newDate(2024, 6, 14, pdtLoc), }, - { - id: "slevenick", - startDate: newDate(2024, 4, 20, pdtLoc), - endDate: newDate(2024, 4, 27, pdtLoc), - }, { id: "ScottSuarez", startDate: newDate(2024, 4, 30, pdtLoc), @@ -74,14 +69,34 @@ var ( }, { id: "SarahFrench", - startDate: newDate(2024, 5, 17, bstLoc), - endDate: newDate(2024, 5, 19, bstLoc), + startDate: newDate(2024, 7, 10, bstLoc), + endDate: newDate(2024, 7, 28, bstLoc), }, { id: "shuyama1", startDate: newDate(2024, 5, 22, pdtLoc), endDate: newDate(2024, 5, 28, pdtLoc), }, + { + id: "melinath", + startDate: newDate(2024, 6, 26, pdtLoc), + endDate: newDate(2024, 7, 22, pdtLoc), + }, + { + id: "slevenick", + startDate: newDate(2024, 7, 5, pdtLoc), + endDate: newDate(2024, 7, 16, pdtLoc), + }, + { + id: "c2thorn", + startDate: newDate(2024, 7, 10, pdtLoc), + endDate: newDate(2024, 7, 16, pdtLoc), + }, + { + id: "rileykarson", + startDate: newDate(2024, 7, 18, pdtLoc), + endDate: newDate(2024, 8, 10, pdtLoc), + }, } ) diff --git a/.ci/magician/vcr/tester.go b/.ci/magician/vcr/tester.go index 46e4a36473c1..c7b1343b4ef3 100644 --- a/.ci/magician/vcr/tester.go +++ b/.ci/magician/vcr/tester.go @@ -97,7 +97,8 @@ func (vt *Tester) FetchCassettes(version provider.Version, baseBranch, prNumber } cassettePath = filepath.Join(vt.baseDir, "cassettes", version.String()) vt.rnr.Mkdir(cassettePath) - if baseBranch != "FEATURE-BRANCH-major-release-5.0.0" { + if baseBranch != "FEATURE-BRANCH-major-release-6.0.0" { + // pull main cassettes (major release uses branch specific casssettes as primary ones) bucketPath := fmt.Sprintf("gs://ci-vcr-cassettes/%sfixtures/*", version.BucketPath()) if err := vt.fetchBucketPath(bucketPath, cassettePath); err != nil { fmt.Println("Error fetching cassettes: ", err) diff --git a/.ci/scripts/go-plus/vcr-cassette-update/vcr_cassette_update.sh b/.ci/scripts/go-plus/vcr-cassette-update/vcr_cassette_update.sh index 5e26731fd5c3..691430c63fa4 100755 --- a/.ci/scripts/go-plus/vcr-cassette-update/vcr_cassette_update.sh +++ b/.ci/scripts/go-plus/vcr-cassette-update/vcr_cassette_update.sh @@ -115,7 +115,7 @@ if [[ -n $FAILED_TESTS_PATTERN ]]; then FAILED_TESTS=$(grep "^--- FAIL: TestAcc" replaying_test.log | awk '{print $3}') # test_exit_code=0 - parallel --jobs 16 TF_LOG=DEBUG TF_LOG_PATH_MASK=$local_path/testlog/recording/%s.log TF_ACC=1 TF_SCHEMA_PANIC_ON_ERROR=1 go test {1} -parallel 1 -v -run="{2}$" -timeout 240m -ldflags="-X=github.com/hashicorp/terraform-provider-google-beta/version.ProviderVersion=acc" ">>" testlog/recording_build/{2}_recording_test.log ::: $GOOGLE_TEST_DIRECTORY ::: $FAILED_TESTS + timeout 3h parallel --jobs 16 TF_LOG=DEBUG TF_LOG_PATH_MASK=$local_path/testlog/recording/%s.log TF_ACC=1 TF_SCHEMA_PANIC_ON_ERROR=1 go test {1} -parallel 1 -v -run="{2}$" -timeout 240m -ldflags="-X=github.com/hashicorp/terraform-provider-google-beta/version.ProviderVersion=acc" ">>" testlog/recording_build/{2}_recording_test.log ::: $GOOGLE_TEST_DIRECTORY ::: $FAILED_TESTS test_exit_code=$? @@ -195,4 +195,4 @@ else fi fi -set -e \ No newline at end of file +set -e diff --git a/.github/workflows/request-reviewer.yml b/.github/workflows/request-reviewer.yml index 79bec4dd6ece..45c5ffacd4e6 100644 --- a/.github/workflows/request-reviewer.yml +++ b/.github/workflows/request-reviewer.yml @@ -15,7 +15,7 @@ on: jobs: request-review: - if: github.event.pull_request && github.event.pull_request.draft == false && (github.event.sender.login == github.event.pull_request.user.login || github.event.action != 'created') + if: (github.event.action == 'created' && github.event.issue.draft == false && github.event.comment.user.login == github.event.issue.user.login) || (github.event.action != 'created' && github.event.pull_request.draft == false) runs-on: ubuntu-latest permissions: pull-requests: write @@ -35,5 +35,5 @@ jobs: cd .ci/magician go build . - name: Request reviewer - run: .ci/magician/magician request-reviewer ${{ github.event.pull_request.number }} + run: .ci/magician/magician request-reviewer ${{ github.event.pull_request.number || github.event.issue.number }} diff --git a/.github/workflows/scheduled-pr-reminders.yml b/.github/workflows/scheduled-pr-reminders.yml index 3652bfb0b217..b96ac2dcef0a 100644 --- a/.github/workflows/scheduled-pr-reminders.yml +++ b/.github/workflows/scheduled-pr-reminders.yml @@ -4,7 +4,7 @@ permissions: read-all on: schedule: - - cron: '37 9 * * *' + - cron: '37 9 * * 1-5' jobs: send-pr-reminders: diff --git a/.github/workflows/unit-test-tools.yml b/.github/workflows/unit-test-tools.yml index 5710ce054295..6c37fa63d6fe 100644 --- a/.github/workflows/unit-test-tools.yml +++ b/.github/workflows/unit-test-tools.yml @@ -103,4 +103,24 @@ jobs: - name: Test template-check run: | cd tools/template-check + go test -v ./... + + test-reader: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2 + + - name: Set up Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: '^1.21.0' + + - name: Build test-reader + run: | + cd tools/test-reader + go build + + - name: Test test-reader + run: | + cd tools/test-reader go test -v ./... \ No newline at end of file diff --git a/GNUmakefile b/GNUmakefile index 905ed552009c..a462c011415e 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -133,3 +133,9 @@ doctor: ./scripts/doctor .PHONY: mmv1 tpgtools test + +refresh-go: + cd mmv1;\ + bundle exec compiler.rb -e terraform -o $(OUTPUT_PATH) -v $(VERSION) $(mmv1_compile) --go-yaml; \ + go run . --yaml --template; \ + go run . --yaml --handwritten \ No newline at end of file diff --git a/docs/content/best-practices/_index.md b/docs/content/best-practices/_index.md index 5d47214671b9..0942e110bf34 100644 --- a/docs/content/best-practices/_index.md +++ b/docs/content/best-practices/_index.md @@ -190,27 +190,3 @@ if err := tpgresource.SetDataSourceAnnotations(d); err != nil { 7. In the handwritten acceptance tests, add `annotations` to `ImportStateVerifyIgnore`. 8. In the corresponding data source, after the resource read method, call the function `tpgresource.SetDataSourceAnnotations(d)` to make `annotations` have all of the labels on the resource. 9. Add the documentation for these annotation-related fields. - -## Update `go.mod` - -The Magic Modules repository does not contain a complete Go module, preventing the use of automated tooling like `go get` from that repository. To add or update provider dependencies, use standard Go tooling to update an individual provider and copy the results to the upstream files in Magic Modules. The providers share the same go.mod and go.sum contents so either can be used to generate the changes. - -Below are the steps you can follow to make the change: - -1. Navigate to the local `google` provider directory: -```bash -cd $GOPATH/src/github.com/hashicorp/terraform-provider-google -``` -2. Open the [`go.mod`](https://github.com/hashicorp/terraform-provider-google/blob/main/go.mod) file and add the new entries or modify the versions of existing entries as needed -3. Update dependencies using either of the following methods - * run the following commands to update all dependencies: - ```bash - go get - go mod tidy - ``` - * Alternatively, update a specific package to a desired version: - ```bash - go get google.golang.org/api@v0.105.0 - go mod tidy - ``` -4. Copy the contents of the updated `go.mod` and `go.sum` file into [`mmv1/third_party/terraform/go.mod.erb`](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/go.mod.erb) and [`mmv1/third_party/terraform/go.sum`](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/go.sum) in the `magic-modules` respectively. Ensure `<% autogen_exception -%>` is still at the top of the file afterwards diff --git a/docs/content/contribute/review-pr.md b/docs/content/contribute/review-pr.md index 284ce2723234..b4508b814efe 100644 --- a/docs/content/contribute/review-pr.md +++ b/docs/content/contribute/review-pr.md @@ -11,7 +11,7 @@ This page provides guidelines for reviewing a Magic Modules pull request (PR). * is linked to a GitHub issue or an internal bug * if not, check the [issue tracker](https://github.com/hashicorp/terraform-provider-google/issues) to see whether the feature has already been requested and add the issues in the description, if any. * establishes clear context itself via title or description. -2. If the PR adds any new resource, ensure that the resource does not already exists in the [GA provider](https://github.com/hashicorp/terraform-provider-google) or [beta provider](https://github.com/hashicorp/terraform-provider-google-beta) +2. If the PR adds any new resource, ensure that the resource does not already exist in the [GA provider](https://github.com/hashicorp/terraform-provider-google) or [beta provider](https://github.com/hashicorp/terraform-provider-google-beta) 1. Read through all the changes in the PR, generated code in the downstreams and the API documentation to ensure that: 1. the resource schema added in the PR matches the API structure. 1. the features are added in the correct version @@ -46,4 +46,4 @@ This page provides guidelines for reviewing a Magic Modules pull request (PR). 1. Check documentation to ensure 1. resouce-level and field-level documentation are generated correctly for MMv1-based resource 1. documentation is added manually for handwritten resources. -1. Check if release notes capture all changes in the PR, and are correctly formatted following the guidance in [write release notes]({{< ref "release-notes" >}}) before merge the PR. +1. Check if release notes capture all changes in the PR, and are correctly formatted following the guidance in [write release notes]({{< ref "release-notes" >}}) before merging the PR. diff --git a/docs/content/develop/breaking-changes/breaking-changes.md b/docs/content/develop/breaking-changes/breaking-changes.md index 6e2b93039bb6..b972fb023216 100644 --- a/docs/content/develop/breaking-changes/breaking-changes.md +++ b/docs/content/develop/breaking-changes/breaking-changes.md @@ -82,6 +82,12 @@ For more information, see * Removing diff suppression from a field. * For MMv1 resources, removing `diff_suppress_func` from a field. * For handwritten resources, removing `DiffSuppressFunc` from a field. +* Adding a subfield to + a SchemaConfigModeAttr field. + * For MMv1 resources, adding a subfield to a field that has + SchemaConfigModeAttr. + * For handwritten resources, adding a subfield to a field that has + SchemaConfigModeAttr. * Removing update support from a field. ### Making validation more strict diff --git a/docs/content/develop/breaking-changes/make-a-breaking-change.md b/docs/content/develop/breaking-changes/make-a-breaking-change.md index b9f28f9f860c..3282c5ed83e9 100644 --- a/docs/content/develop/breaking-changes/make-a-breaking-change.md +++ b/docs/content/develop/breaking-changes/make-a-breaking-change.md @@ -1,6 +1,6 @@ --- -majorVersion: "5.0.0" -upgradeGuide: "version_5_upgrade.html.markdown" +majorVersion: "6.0.0" +upgradeGuide: "version_6_upgrade.html.markdown" title: "Make a breaking change" summary: "Guidance on making a breaking changes" weight: 20 @@ -62,7 +62,7 @@ The general process for contributing a breaking change to the 1. Make the `main` branch forwards-compatible with the major release 2. Add deprecations and warnings to the `main` branch of `magic-modules` -3. Add upgrade guide entries to the `main` branch of `magic-modules` +3. Add upgrade guide entries to the `FEATURE-BRANCH-major-release-6.0.0` branch of `magic-modules` 4. Make the breaking change on `FEATURE-BRANCH-major-release-{{% param "majorVersion" %}}` These are covered in more detail in the following sections. The upgrade guide @@ -169,20 +169,7 @@ The deprecation message will automatically show up in the resource documentation Other breaking changes should be called out in the docs for the impacted field or resource. It is also great to log warnings at runtime if possible. -### Add upgrade guide entries to the `main` branch of `magic-modules` - -Upgrade guide entries should be added to -[{{< param upgradeGuide >}}](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/website/docs/guides/{{< param upgradeGuide >}}). -Entries should focus on the changes that users need to make when upgrading -to `{{% param "majorVersion" %}}`, rather than how to write configurations -after upgrading. - -See [Terraform provider for Google Cloud 4.0.0 Upgrade Guide](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_4_upgrade) -and other upgrade guides for examples. - -The upgrade guide and the actual breaking change will be merged only after both are completed. - -### Make the breaking change on `FEATURE-BRANCH-major-release-{{% param "majorVersion" %}}` +### Make the change on `FEATURE-BRANCH-major-release-{{% param "majorVersion" %}}` When working on your breaking change, make sure that your base branch is `FEATURE-BRANCH-major-release-{{% param "majorVersion" %}}`. This @@ -207,14 +194,17 @@ with the following changes: are present on the major release branch. Changes to the `main` branch will be merged into the major release branch every Monday. 1. Make the breaking change. +1. Add the upgrade guide entries to +[{{< param upgradeGuide >}}](https://github.com/GoogleCloudPlatform/magic-modules/blob/FEATURE-BRANCH-major-release-6.0.0/mmv1/third_party/terraform/website/docs/guides/{{< param upgradeGuide >}}). Entries should focus on the changes that users need to make when upgrading +to `{{% param "majorVersion" %}}`, rather than how to write configurations +after upgrading. See [Terraform provider for Google Cloud 5.0.0 Upgrade Guide](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_5_upgrade) +and other upgrade guides for examples. 1. Remove any deprecation notices and warnings (including in documentation) not already removed by the breaking change. 1. When you create your pull request, [change the base branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-base-branch-of-a-pull-request) to `FEATURE-BRANCH-major-release-{{% param "majorVersion" %}}` 1. To resolve merge conflicts with `git rebase` or `git merge`, use `FEATURE-BRANCH-major-release-{{% param "majorVersion" %}}` instead of `main`. -The upgrade guide and the actual breaking change will be merged only after both are completed. - ## What's next? - [Run tests]({{< ref "/develop/test/run-tests.md" >}}) diff --git a/docs/content/develop/custom-code.md b/docs/content/develop/custom-code.md index 5e2ed2bfdc6e..b9f96b02ad47 100644 --- a/docs/content/develop/custom-code.md +++ b/docs/content/develop/custom-code.md @@ -1,6 +1,6 @@ --- title: "Add custom resource code" -weight: 32 +weight: 39 --- # Add custom resource code @@ -32,9 +32,12 @@ Use `custom_code.constants` to inject top-level code in a resource file. This is - Constants - Regexes compiled at build time -- Functions, such as diff suppress functions +- Functions, such as [diff suppress functions]({{}}), + [validation functions]({{}}), + CustomizeDiff functions, and so on. - Methods +Any custom functions added should have thorough [unit tests]({{< ref "/develop/test/test#add-unit-tests" >}}). ## Modify the API request or response @@ -112,7 +115,7 @@ custom_code: !ruby/object:Provider::Terraform::CustomCode ``` -Use `custom_code.decoder` to inject code that modifies the data that will be sent in the API request. This is useful if the API expects the data to be in a significantly different structure than Terraform does - for example, if the API returns the entire object nested under a key, or uses a different name for a field in the response than in the request. The decoder will run _before_ any [`custom_flatten`]({{< ref "#custom_flatten" >}}) code. +Use `custom_code.decoder` to inject code that modifies the data recieved from an API response. This is useful if the API returns data in a significantly different structure than what Terraform expects - for example, if the API returns the entire object nested under a key, or uses a different name for a field in the response than in the request. The decoder will run _before_ any [`custom_flatten`]({{< ref "#custom_flatten" >}}) code. The decoder code will be wrapped in a function like: diff --git a/docs/content/develop/field-reference.md b/docs/content/develop/field-reference.md index f82ab33b65b3..daa35b6afa8a 100644 --- a/docs/content/develop/field-reference.md +++ b/docs/content/develop/field-reference.md @@ -285,6 +285,16 @@ understand how the resource maps to the underlying API. api_name: 'otherFieldName' ``` +### `url_param_only` +If true, the field is not sent in the resource body, and the provider does +not read the field value from the API response. If unset or false, the field +is sent in the resource body, and the provider reads the field value from the +API response. + +```yaml +url_param_only: true +``` + ## `Enum` properties ### `values` diff --git a/docs/content/develop/resource-reference.md b/docs/content/develop/resource-reference.md new file mode 100644 index 000000000000..c4255242efbc --- /dev/null +++ b/docs/content/develop/resource-reference.md @@ -0,0 +1,318 @@ +--- +title: "MMv1 resource reference" +weight: 32 +aliases: + - /reference/resource-reference + - /reference/iam-policy-reference +--- + +# MMv1 resource reference + +This page documents commonly-used properties for resources. For a full list of +available properties, see [resource.rb ↗](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/api/resource.rb). + +## Basic + +### `name` + +API resource name. + +### `description` + +Resource description. Used in documentation. + +Example: + +```yaml +description: | + This is a multi-line description + of a resource. +``` + +### `references` + +Links to reference documentation for a resource. Contains two attributes: + +- `guides`: Link to quickstart in the API's Guides section +- `api`: Link to the REST API reference for the resource + +Example: + +```yaml +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Create and connect to a database': 'https://cloud.google.com/alloydb/docs/quickstart/create-and-connect' + api: 'https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.backups' +``` + +### `min_version: beta` +Marks the field (and any subfields) as beta-only. Ensure a beta version block +is present in provider.yaml. + +### `docs` +Inserts styled markdown into the header of the resource's page in the provider +documentation. Can contain two attributes: + +- `warning`: Warning text which will be displayed at the top of the resource docs on a yellow background. +- `note`: Note text which will be displayed at the top of the resource docs on a blue background. + +Example: + +```yaml +docs: !ruby/object:Provider::Terraform::Docs + warning: | + This is a multi-line warning and will be + displayed on a yellow background. + note: | + This is a multi-line note and will be + displayed on a blue background. +``` + + +## API interactions + +### `base_url` + +URL for the resource's [standard List method](https://google.aip.dev/132). +Terraform field names enclosed in double curly braces are replaced with +the field values from the resource at runtime. + +```yaml +base_url: 'projects/{{project}}/locations/{{location}}/resourcenames' +``` + +### `self_link` + +URL for the resource's [standard Get method](https://google.aip.dev/131). +Terraform field names enclosed in double curly braces are replaced with +the field values from the resource at runtime. + +```yaml +self_link: 'projects/{{project}}/locations/{{location}}/resourcenames/{{name}}' +``` + +### `immutable` + +If true, the resource and all its fields are considered immutable - that is, +only creatable, not updatable. Individual fields can override this if they +have a custom update method in the API. + +See [Best practices: ForceNew](https://googlecloudplatform.github.io/magic-modules/best-practices/#forcenew) for more information. + +Default: `false` + +Example: + +```yaml +immutable: true +``` + +### `timeouts` + +Overrides one or more timeouts, in minutes. All timeouts default to 20. + +Example: + +```yaml +timeouts: !ruby/object:Api::Timeouts + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 40 +``` + +### `create_url` + +URL for the resource's [standard Create method](https://google.aip.dev/133), including query parameters. +Terraform field names enclosed in double curly braces are replaced with +the field values from the resource at runtime. + +Example: + +```yaml +create_url: 'projects/{{project}}/locations/{{location}}/resourcenames?resourceId={{name}}' +``` + +### `create_verb` + +Overrides the HTTP verb used to create a new resource. +Allowed values: `:POST`, `:PUT`, `:PATCH`. + +Default: `:POST` + +```yaml +create_verb: :PATCH +``` + +### `update_url` +Overrides the URL for the resource's [standard Update method](https://google.aip.dev/134). +If unset, the [`self_link` URL](#self_link) is used by default. +Terraform field names enclosed in double curly braces are replaced with +the field values from the resource at runtime. + +```yaml +update_url: 'projects/{{project}}/locations/{{location}}/resourcenames/{{name}}' +``` + +### `update_verb` + +The HTTP verb used to update a resource. Allowed values: `:POST`, `:PUT`, `:PATCH`. + +Default: `:PUT`. + +Example: + +```yaml +update_verb: :PATCH +``` + +### `update_mask` + +If true, the resource sets an `updateMask` query parameter listing modified +fields when updating the resource. If false, it doesn't. + +Default: `false` + +Example: + +```yaml +update_mask: true +``` + +### `delete_url` + +Overrides the URL for the resource's [standard Delete method](https://google.aip.dev/135). +If unset, the [`self_link` URL](#self_link) is used by default. +Terraform field names enclosed in double curly braces are replaced with +the field values from the resource at runtime. + +Example: + +```yaml +delete_url: 'projects/{{project}}/locations/{{location}}/resourcenames/{{name}}' +``` + +### `delete_verb` +Overrides the HTTP verb used to delete a resource. +Allowed values: `:POST`, `:PUT`, `:PATCH`, `:DELETE`. + +Default: `:DELETE` + +Example: + +```yaml +delete_verb: :POST +``` + +### `autogen_async` + +If true, code for handling long-running operations is generated along with +the resource. If false, that code isn't generated and must be handwritten. + +Default: `false` + +```yaml +autogen_async: true +``` + +### `async` + +Sets parameters for handling operations returned by the API. Can contain several attributes: + +- `actions`: Overrides which API calls return operations. Default: `['create', 'update', 'delete']` +- `operation.base_url`: This should always be set to `'{{op_id}}'` unless you know that's wrong. +- `result.resource_inside_response`: If true, the provider sets the resource's Terraform ID after + the resource is created, taking into account values that are set by the API at create time. This + is only possible when the completed operation's JSON includes the created resource in the + "response" field. If false, the provider sets the resource's Terraform ID before the resource is + created, based only on the resource configuration. Default: `false`. + +Example: + +```yaml +async: !ruby/object:Api::OpAsync + actions: ['create', 'update', 'delete'] + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' + result: !ruby/object:Api::OpAsync::Result + resource_inside_response: true +``` + +## IAM resources + +### `iam_policy` + +Allows configuration of generated IAM resources. Supports the following common +attributes – for a full reference, see +[iam_policy.rb ↗](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/api/resource/iam_policy.rb): + +- `parent_resource_attribute`: Name of the field on the terraform IAM resources + which references the parent resource. +- `method_name_separator`: Character preceding setIamPolicy in the full URL for + the API method. Usually `:`. +- `fetch_iam_policy_verb`: HTTP method for getIamPolicy. Usually `:POST`. + Allowed values: `:GET`, `:POST`. Default: `:GET` +- `set_iam_policy_verb`: HTTP method for getIamPolicy. Usually `:POST`. + Allowed values: :POST, :PUT. Default: :POST +- `import_format`: Must match the parent resource's `import_format` (or `self_link` if + `import_format` is unset), but with the `parent_resource_attribute` + value substituted for the final field. +- `allowed_iam_role`: Valid IAM role that can be set by generated tests. Default: `'roles/viewer'` +- `iam_conditions_request_type`: If IAM conditions are supported, set this attribute to indicate how the + conditions should be passed to the API. Allowed values: `:QUERY_PARAM`, + `:REQUEST_BODY`, `:QUERY_PARAM_NESTED`. Note: `:QUERY_PARAM_NESTED` should + only be used if the query param field contains a `.` +- `min_version: beta`: Marks IAM support as beta-only. + +Example: + +```yaml +iam_policy: !ruby/object:Api::Resource::IamPolicy + parent_resource_attribute: 'cloud_function' + method_name_separator: ':' + fetch_iam_policy_verb: :POST + import_format: [ + 'projects/{{project}}/locations/{{location}}/resourcenames/{{cloud_function}}', + '{{cloud_function}}' + ] + allowed_iam_role: 'roles/viewer' + iam_conditions_request_type: :REQUEST_BODY + min_version: beta +``` + +## Resource behavior + +### `custom_code` + +Injects arbitrary logic into a generated resource. For more information, see [Add custom resource code]({{< ref "/develop/custom-code" >}}). + +### `mutex` + +All resources (of all kinds) that share a mutex value will block rather than +executing concurrent API requests. Terraform field names enclosed in double +curly braces are replaced with the field values from the resource at runtime. + +Example: + +```yaml +mutex: alloydb/instance/{{name}} +``` + +## Fields + +### `parameters` + +Contains a list of [fields]({{< ref "/develop/field-reference" >}}). By convention, +these should be the fields that are part URL parameters such as `location` and `name`. + +### `properties` + +Contains a list of [fields]({{< ref "/develop/field-reference" >}}). By convention, +these should be fields that aren't part of the URL parameters. + +Example: + +```yaml +properties: + - !ruby/object:Api::Type::String + name: 'fieldOne' +``` diff --git a/docs/content/develop/resource.md b/docs/content/develop/resource.md index 97a96e84fad7..7eb9d67b5929 100644 --- a/docs/content/develop/resource.md +++ b/docs/content/develop/resource.md @@ -80,14 +80,6 @@ For more information about types of resources and the generation process overall # provider.yaml. # min_version: beta - # Inserts styled markdown into the header of the resource's page in the - # provider documentation. - # docs: !ruby/object:Provider::Terraform::Docs - # warning: | - # MULTILINE_WARNING_MARKDOWN - # note: | - # MULTILINE_NOTE_MARKDOWN - # URL for the resource's standard List method. https://google.aip.dev/132 # Terraform field names enclosed in double curly braces are replaced with # the field values from the resource at runtime. @@ -102,20 +94,11 @@ For more information about types of resources and the generation process overall # have a custom update method in the API. # immutable: true - # Overrides one or more timeouts, in minutes. All timeouts default to 20. - # timeouts: !ruby/object:Api::Timeouts - # insert_minutes: 20 - # update_minutes: 20 - # delete_minutes: 20 - # URL for the resource's standard Create method, including query parameters. # https://google.aip.dev/133 # Terraform field names enclosed in double curly braces are replaced with # the field values from the resource at runtime. create_url: 'projects/{{project}}/locations/{{location}}/resourcenames?resourceId={{name}}' - # Overrides the HTTP verb used to create a new resource. - # Allowed values: :POST, :PUT, :PATCH. Default: :POST - # create_verb: :POST # Overrides the URL for the resource's standard Update method. (If unset, the # self_link URL is used by default.) https://google.aip.dev/134 @@ -128,15 +111,6 @@ For more information about types of resources and the generation process overall # fields when updating the resource. If false, it does not. update_mask: true - # Overrides the URL for the resource's standard Delete method. (If unset, the - # self_link URL is used by default.) https://google.aip.dev/135 - # Terraform field names enclosed in double curly braces are replaced with - # the field values from the resource at runtime. - # delete_url: 'projects/{{project}}/locations/{{location}}/resourcenames/{{name}}' - # Overrides the HTTP verb used to delete a resource. - # Allowed values: :POST, :PUT, :PATCH, :DELETE. Default: :DELETE - # delete_verb: :DELETE - # If true, code for handling long-running operations is generated along with # the resource. If false, that code is not generated. autogen_async: true @@ -148,20 +122,6 @@ For more information about types of resources and the generation process overall operation: !ruby/object:Api::OpAsync::Operation base_url: '{{op_id}}' - # If true, the provider sets the resource's Terraform ID after the resource is created, - # taking into account values that are set by the API at create time. This is only possible - # when the completed operation's JSON includes the created resource in the "response" field. - # If false (or unset), the provider sets the resource's Terraform ID before the resource is - # created, based only on the resource configuration. - # result: !ruby/object:Api::OpAsync::Result - # resource_inside_response: true - - # All resources (of all kinds) that share a mutex value block rather than - # executing concurrent API requests. - # Terraform field names enclosed in double curly braces are replaced with - # the field values from the resource at runtime. - # mutex: RESOURCE_NAME/{{name}} - parameters: - !ruby/object:Api::Type::String name: 'location' @@ -185,7 +145,7 @@ For more information about types of resources and the generation process overall 3. Modify the template as needed to match the API resource's documented behavior. 4. Delete all remaining comments in the resource configuration (including attribute descriptions) that were copied from the above template. -> **Note:** The template includes the most commonly-used fields. For a comprehensive reference, see [ResourceName.yaml reference ↗]({{}}). +> **Note:** The template includes the most commonly-used fields. For a comprehensive reference, see [MMv1 resource reference ↗]({{}}). {{< /tab >}} {{< tab "Handwritten" >}} > **Warning:** Handwritten resources are more difficult to develop and maintain. New handwritten resources will only be accepted if implementing the resource in MMv1 would require entirely overriding two or more CRUD methods. @@ -415,10 +375,8 @@ iam_policy: !ruby/object:Api::Resource::IamPolicy # Usually `:` method_name_separator: ':' # HTTP method for getIamPolicy. Usually :POST. - # Allowed values: :GET, :POST. Default: :GET fetch_iam_policy_verb: :POST - # Overrides the HTTP method for setIamPolicy. - # Allowed values: :POST, :PUT. Default: :POST + # Overrides the HTTP method for setIamPolicy. Default: :POST # set_iam_policy_verb: :POST # Must match the parent resource's `import_format` (or `self_link` if @@ -427,8 +385,6 @@ iam_policy: !ruby/object:Api::Resource::IamPolicy import_format: [ 'projects/{{project}}/locations/{{location}}/resourcenames/{{resource_name}}' ] - # Valid IAM role that can be set by generated tests. Default: 'roles/viewer' - # allowed_iam_role: 'roles/viewer' # If IAM conditions are supported, set this attribute to indicate how the # conditions should be passed to the API. Allowed values: :QUERY_PARAM, @@ -440,7 +396,7 @@ iam_policy: !ruby/object:Api::Resource::IamPolicy # min_version: beta ``` -2. Modify the template as needed to match the API resource's documented behavior. These are the most commonly-used fields. For a comprehensive reference, see [IAM policy YAML reference ↗]({{}}). +2. Modify the template as needed to match the API resource's documented behavior. These are the most commonly-used fields. For a comprehensive reference, see [MMv1 resource reference: `iam_policy` ↗]({{}}). 3. Delete all remaining comments in the IAM configuration (including attribute descriptions) that were copied from the above template. {{< /tab >}} {{< tab "Handwritten" >}} diff --git a/docs/content/develop/test/test.md b/docs/content/develop/test/test.md index bbec189143b6..fe638ed52903 100644 --- a/docs/content/develop/test/test.md +++ b/docs/content/develop/test/test.md @@ -225,7 +225,7 @@ An update test is a test that creates the target resource and then makes updates ## Add unit tests A unit test verifies functionality that is not related to interactions with the API, such as -[diff suppress functions]({{}})), +[diff suppress functions]({{}}), [validation functions]({{}}), CustomizeDiff functions, and so on. diff --git a/docs/content/develop/update-dependencies.md b/docs/content/develop/update-dependencies.md new file mode 100644 index 000000000000..6f33b70b13ec --- /dev/null +++ b/docs/content/develop/update-dependencies.md @@ -0,0 +1,33 @@ +--- +title: "Update dependencies" +weight: 300 +aliases: + - /docs/update-dependencies +--- + +# Update provider dependencies + +The Magic Modules repository does not contain a complete Go module, preventing the use of automated tooling like `go get` from that repository. To add or update provider dependencies, use standard Go tooling to update the dependency in the `terraform-provider-google` provider and copy the results to the upstream files in Magic Modules. + +Below are the steps you can follow to make the change: + +1. Navigate to the local `google` provider directory: +```bash +cd $GOPATH/src/github.com/hashicorp/terraform-provider-google +``` +2. Open the [`go.mod`](https://github.com/hashicorp/terraform-provider-google/blob/main/go.mod) file and add the new entries or modify the versions of existing entries as needed +3. Update dependencies using either of the following methods + * run the following commands to update all dependencies: + ```bash + go get + go mod tidy + ``` + * Alternatively, update a specific package to a desired version: + ```bash + go get google.golang.org/api@v0.105.0 + go mod tidy + ``` +4. Copy the contents of the updated `go.mod` and `go.sum` file into [`mmv1/third_party/terraform/go.mod.erb`](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/go.mod.erb) and [`mmv1/third_party/terraform/go.sum`](https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/go.sum) in the `magic-modules` respectively. Ensure `<% autogen_exception -%>` is still at the top of the file afterwards +5. Create a pull request containing _only_ the dependency changes. +6. Resolve any errors caused by the dependency upgrade. +7. After the dependency pull request is merged, continue with a separate pull request for any additional changes that were blocked by the upgrade. \ No newline at end of file diff --git a/docs/content/reference/iam-policy-reference.md b/docs/content/reference/iam-policy-reference.md deleted file mode 100644 index 0b16f5a993f9..000000000000 --- a/docs/content/reference/iam-policy-reference.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "IAM policy YAML reference ↗" -weight: 30 -bookHref: "https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/api/resource/iam_policy.rb" ---- -FORCE MENU RENDER \ No newline at end of file diff --git a/docs/content/reference/resource-reference.md b/docs/content/reference/resource-reference.md deleted file mode 100644 index e900ac89204d..000000000000 --- a/docs/content/reference/resource-reference.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "Resource YAML reference ↗" -weight: 20 -bookHref: "https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/api/resource.rb" ---- -FORCE MENU RENDER \ No newline at end of file diff --git a/mmv1/api/compiler.go b/mmv1/api/compiler.go index 00a2bd136d14..b62aab20f7e3 100644 --- a/mmv1/api/compiler.go +++ b/mmv1/api/compiler.go @@ -27,5 +27,5 @@ func Compile(yamlPath string, obj interface{}) { } yamlValidator := google.YamlValidator{} - yamlValidator.Parse(objYaml, obj) + yamlValidator.Parse(objYaml, obj, yamlPath) } diff --git a/mmv1/api/product.go b/mmv1/api/product.go index c7fa4705057a..d02a5ac424d2 100644 --- a/mmv1/api/product.go +++ b/mmv1/api/product.go @@ -69,8 +69,6 @@ type Product struct { } func (p *Product) UnmarshalYAML(n *yaml.Node) error { - p.Async = NewAsync() - type productAlias Product aliasObj := (*productAlias)(p) diff --git a/mmv1/api/resource.go b/mmv1/api/resource.go index a363e6d05765..d87abb65f9dc 100644 --- a/mmv1/api/resource.go +++ b/mmv1/api/resource.go @@ -14,7 +14,9 @@ package api import ( "fmt" + "maps" "regexp" + "sort" "strings" "github.com/GoogleCloudPlatform/magic-modules/mmv1/api/product" @@ -222,6 +224,9 @@ type Resource struct { // If true, skip sweeper generation for this resource SkipSweeper bool `yaml:"skip_sweeper"` + // Override sweeper settings + Sweeper resource.Sweeper + Timeouts *Timeouts // An array of function names that determine whether an error is retryable. @@ -317,8 +322,12 @@ func (r *Resource) UnmarshalYAML(n *yaml.Node) error { return err } - r.ApiName = r.Name - r.CollectionUrlKey = google.Camelize(google.Plural(r.Name), "lower") + if r.ApiName == "" { + r.ApiName = r.Name + } + if r.CollectionUrlKey == "" { + r.CollectionUrlKey = google.Camelize(google.Plural(r.Name), "lower") + } return nil } @@ -441,6 +450,16 @@ func (r Resource) SettableProperties() []*Type { return props } +func (r Resource) IsSettableProperty(t *Type) bool { + return slices.Contains(r.SettableProperties(), t) +} + +func (r Resource) UnorderedListProperties() []*Type { + return google.Select(r.SettableProperties(), func(t *Type) bool { + return t.UnorderedList + }) +} + // Properties that will be returned in the API body // def gettable_properties @@ -501,7 +520,6 @@ func (r Resource) GetIdentity() []*Type { return google.Select(props, func(p *Type) bool { return p.Name == "name" }) - } // def add_labels_related_fields(props, parent) @@ -541,6 +559,15 @@ func (r *Resource) addLabelsFields(props []*Type, parent *Type, labels *Type) [] return props } +func (r *Resource) HasLabelsField() bool { + for _, p := range r.Properties { + if p.Name == "labels" { + return true + } + } + return false +} + // def add_annotations_fields(props, parent, annotations) func (r *Resource) addAnnotationsFields(props []*Type, parent *Type, annotations *Type) []*Type { @@ -566,9 +593,6 @@ func buildEffectiveLabelsField(name string, labels *Type) *Type { "including the %s configured through Terraform, other clients and services.", name, name) t := "KeyValueEffectiveLabels" - if name == "annotations" { - t = "KeyValueEffectiveAnnotations" - } n := fmt.Sprintf("effective%s", strings.Title(name)) @@ -644,6 +668,10 @@ func getLabelsFieldNote(title string) string { title, title, title) } +func (r Resource) StateMigrationFile() string { + return fmt.Sprintf("templates/terraform/state_migrations/go/%s_%s.go.tmpl", google.Underscore(r.ProductMetadata.Name), google.Underscore(r.Name)) +} + // ==================== // Version-related methods // ==================== @@ -830,21 +858,42 @@ func (r Resource) HasProject() bool { return strings.Contains(r.BaseUrl, "{{project}}") || strings.Contains(r.CreateUrl, "{{project}}") } +func (r Resource) IncludeProjectForOperation() bool { + return strings.Contains(r.BaseUrl, "{{project}}") || (r.GetAsync().IsA("OpAsync") && r.GetAsync().IncludeProject) +} + // def region? func (r Resource) HasRegion() bool { - return strings.Contains(r.BaseUrl, "{{region}}") || strings.Contains(r.CreateUrl, "{{region}}") + found := false + for _, p := range r.Parameters { + if p.Name == "region" && p.IgnoreRead { + found = true + break + } + } + return found && strings.Contains(r.BaseUrl, "{{region}}") } // def zone? func (r Resource) HasZone() bool { - return strings.Contains(r.BaseUrl, "{{zone}}") || strings.Contains(r.CreateUrl, "{{zone}}") + found := false + for _, p := range r.Parameters { + if p.Name == "zone" && p.IgnoreRead { + found = true + break + } + } + return found && strings.Contains(r.BaseUrl, "{{zone}}") } // resource functions needed for template that previously existed in terraform.go but due to how files are being inherited here it was easier to put in here // taken wholesale from tpgtools func (r Resource) Updatable() bool { + if !r.Immutable { + return true + } for _, p := range r.AllProperties() { - if !p.Immutable && !(p.Required && p.DefaultFromApi) { + if p.UpdateUrl != "" { return true } } @@ -872,6 +921,11 @@ func (r Resource) TerraformName() string { } func (r Resource) ImportIdFormatsFromResource() []string { + + var ids []string + for _, id := range r.GetIdentity() { + ids = append(ids, google.Underscore(id.Name)) + } return ImportIdFormats(r.ImportFormat, r.Identity, r.BaseUrl) } @@ -895,10 +949,7 @@ func ImportIdFormats(importFormat, identity []string, baseUrl string) []string { var idFormats []string if len(importFormat) == 0 { underscoredBaseUrl := baseUrl - // TODO Q2: underscore base url needed? - // underscored_base_url = base_url.gsub( - // /{{[[:word:]]+}}/, &:underscore - // ) + if len(identity) == 0 { idFormats = []string{fmt.Sprintf("%s/{{name}}", underscoredBaseUrl)} } else { @@ -907,7 +958,7 @@ func ImportIdFormats(importFormat, identity []string, baseUrl string) []string { transformedIdentity = append(transformedIdentity, fmt.Sprintf("{{%s}}", id)) } identityPath := strings.Join(transformedIdentity, "/") - idFormats = []string{fmt.Sprintf("%s/{{name}}", identityPath)} + idFormats = []string{fmt.Sprintf("%s/%s", underscoredBaseUrl, google.Underscore(identityPath))} } } else { idFormats = importFormat @@ -932,15 +983,9 @@ func ImportIdFormats(importFormat, identity []string, baseUrl string) []string { // `{{project}}/{{%name}}` as there is no way to differentiate between // project-name/resource-name and resource-name/with-slash if !strings.Contains(idFormats[0], "%") { - idFormats = append(idFormats, shortIdFormat, shortIdDefaultProjectFormat) - if shortIdDefaultProjectFormat != shortIdDefaultFormat { - idFormats = append(idFormats, shortIdDefaultFormat) - } + idFormats = append(idFormats, shortIdFormat, shortIdDefaultProjectFormat, shortIdDefaultFormat) } - idFormats = google.Reject(slices.Compact(idFormats), func(i string) bool { - return i == "" - }) slices.SortFunc(idFormats, func(a, b string) int { i := strings.Count(a, "/") j := strings.Count(b, "/") @@ -950,26 +995,62 @@ func ImportIdFormats(importFormat, identity []string, baseUrl string) []string { return i - j }) slices.Reverse(idFormats) - return idFormats + + // Remove duplicates from idFormats + uniq := make([]string, len(idFormats)) + uniq[0] = idFormats[0] + i := 1 + j := 1 + for j < len(idFormats) { + format := idFormats[j] + if format != uniq[i-1] { + uniq[i] = format + i++ + } + j++ + } + + uniq = google.Reject(slices.Compact(uniq), func(i string) bool { + return i == "" + }) + return uniq } func (r Resource) IgnoreReadPropertiesToString(e resource.Examples) string { var props []string for _, tp := range r.AllUserProperties() { - if tp.UrlParamOnly || tp.IgnoreRead || tp.IsA("ResourceRef") { + if tp.UrlParamOnly || tp.IsA("ResourceRef") { props = append(props, fmt.Sprintf("\"%s\"", google.Underscore(tp.Name))) } } for _, tp := range e.IgnoreReadExtra { - props = append(props, fmt.Sprintf("\"%s\"", google.Underscore(tp))) + props = append(props, fmt.Sprintf("\"%s\"", tp)) } for _, tp := range r.IgnoreReadLabelsFields(r.PropertiesWithExcluded()) { - props = append(props, fmt.Sprintf("\"%s\"", google.Underscore(tp))) + props = append(props, fmt.Sprintf("\"%s\"", tp)) + } + for _, tp := range ignoreReadFields(r.AllUserProperties()) { + props = append(props, fmt.Sprintf("\"%s\"", tp)) } slices.Sort(props) - return fmt.Sprintf("[]string{%s}", strings.Join(props, ", ")) + if len(props) > 0 { + return fmt.Sprintf("[]string{%s}", strings.Join(props, ", ")) + } + return "" +} + +func ignoreReadFields(props []*Type) []string { + var fields []string + for _, tp := range props { + if tp.IgnoreRead && !tp.UrlParamOnly && !tp.IsA("ResourceRef") { + fields = append(fields, tp.TerraformLineage()) + } else if tp.IsA("NestedObject") && tp.AllProperties() != nil { + fields = append(fields, ignoreReadFields(tp.AllProperties())...) + } + } + return fields } func (r *Resource) SetCompiler(t string) { @@ -1014,6 +1095,9 @@ func (r Resource) IsInIdentity(t Type) bool { return false } +// ==================== +// Iam Methods +// ==================== func (r Resource) IamParentResourceName() string { var parentResourceName string @@ -1028,6 +1112,7 @@ func (r Resource) IamParentResourceName() string { return parentResourceName } +// For example: "projects/{{project}}/schemas/{{name}}" func (r Resource) IamResourceUri() string { var resourceUri string if r.IamPolicy != nil { @@ -1039,13 +1124,15 @@ func (r Resource) IamResourceUri() string { return resourceUri } -func (r Resource) IamImportUrl() string { - r.IamResourceUri() +// For example: "projects/%s/schemas/%s" +func (r Resource) IamResourceUriFormat() string { return regexp.MustCompile(`\{\{%?(\w+)\}\}`).ReplaceAllString(r.IamResourceUri(), "%s") } +// For example: the uri "projects/{{project}}/schemas/{{name}}" +// The paramerters are "project", "schema". func (r Resource) IamResourceParams() []string { - resourceUri := strings.ReplaceAll(r.IamResourceUri(), "{{name}}", fmt.Sprintf("{{%s}}}", r.IamParentResourceName())) + resourceUri := strings.ReplaceAll(r.IamResourceUri(), "{{name}}", fmt.Sprintf("{{%s}}", r.IamParentResourceName())) return r.ExtractIdentifiers(resourceUri) } @@ -1054,7 +1141,9 @@ func (r Resource) IsInIamResourceParams(param string) bool { return slices.Contains(r.IamResourceParams(), param) } -func (r Resource) IamStringQualifiers() string { +// For example: for the uri "projects/{{project}}/schemas/{{name}}", +// the string qualifiers are "u.project, u.schema" +func (r Resource) IamResourceUriStringQualifiers() string { var transformed []string for _, param := range r.IamResourceParams() { transformed = append(transformed, fmt.Sprintf("u.%s", google.Camelize(param, "lower"))) @@ -1062,6 +1151,8 @@ func (r Resource) IamStringQualifiers() string { return strings.Join(transformed[:], ", ") } +// For example, for the url "projects/{{project}}/schemas/{{schema}}", +// the identifiers are "project", "schema". // def extract_identifiers(url) func (r Resource) ExtractIdentifiers(url string) []string { matches := regexp.MustCompile(`\{\{%?(\w+)\}\}`).FindAllStringSubmatch(url, -1) @@ -1072,6 +1163,7 @@ func (r Resource) ExtractIdentifiers(url string) []string { return result } +// For example, "projects/{{project}}/schemas/{{name}}", "{{project}}/{{name}}", "{{name}}" func (r Resource) RawImportIdFormatsFromIam() []string { var importFormat []string @@ -1085,6 +1177,7 @@ func (r Resource) RawImportIdFormatsFromIam() []string { return ImportIdFormats(importFormat, r.Identity, r.BaseUrl) } +// For example, projects/(?P[^/]+)/schemas/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+) func (r Resource) ImportIdRegexesFromIam() string { var transformed []string @@ -1095,9 +1188,10 @@ func (r Resource) ImportIdRegexesFromIam() string { transformed = append(transformed, s) } - return strings.Join(transformed[:], "\", \"") + return strings.Join(slices.Compact(transformed[:]), "\", \"") } +// For example, "projects/{{project}}/schemas/{{name}}", "{{project}}/{{name}}", "{{name}}" func (r Resource) ImportIdFormatsFromIam() []string { importIdFormats := r.RawImportIdFormatsFromIam() var transformed []string @@ -1107,6 +1201,7 @@ func (r Resource) ImportIdFormatsFromIam() []string { return transformed } +// For example, projects/{{project}}/schemas/{{schema}} func (r Resource) FirstIamImportIdFormat() string { importIdFormats := r.ImportIdFormatsFromIam() if len(importIdFormats) == 0 { @@ -1133,6 +1228,7 @@ func (r Resource) IamSelfLinkIdentifiers() []string { return r.ExtractIdentifiers(selfLink) } +// Returns the resource properties that are idenfifires in the selflink url func (r Resource) IamSelfLinkProperties() []*Type { params := r.IamSelfLinkIdentifiers() @@ -1143,6 +1239,7 @@ func (r Resource) IamSelfLinkProperties() []*Type { return urlProperties } +// Returns the attributes from the selflink url func (r Resource) IamAttributes() []string { var attributes []string ids := r.IamSelfLinkIdentifiers() @@ -1161,6 +1258,19 @@ func (r Resource) IamAttributes() []string { return attributes } +// Since most resources define a "basic" config as their first example, +// we can reuse that config to create a resource to test IAM resources with. +func (r Resource) FirstTestExample() resource.Examples { + examples := google.Reject(r.Examples, func(e resource.Examples) bool { + return e.SkipTest + }) + examples = google.Reject(examples, func(e resource.Examples) bool { + return (r.ProductMetadata.VersionObjOrClosest(r.TargetVersionName).CompareTo(r.ProductMetadata.VersionObjOrClosest(e.MinVersion)) < 0) + }) + + return examples[0] +} + func (r Resource) ExamplePrimaryResourceId() string { examples := google.Reject(r.Examples, func(e resource.Examples) bool { return e.SkipTest @@ -1185,7 +1295,68 @@ func (r Resource) IamParentSourceType() string { return t } -func OrderProperties(props []*Type) []*Type { +func (r Resource) IamImportFormat() string { + var importFormat string + if len(r.IamPolicy.ImportFormat) > 0 { + importFormat = r.IamPolicy.ImportFormat[0] + } else { + importFormat = r.IamPolicy.SelfLink + if importFormat == "" { + importFormat = r.SelfLinkUrl() + } + } + + importFormat = regexp.MustCompile(`\{\{%?(\w+)\}\}`).ReplaceAllString(importFormat, "%s") + return strings.ReplaceAll(importFormat, r.ProductMetadata.BaseUrl, "") +} + +func (r Resource) IamImportQualifiersForTest() string { + var importFormat string + if len(r.IamPolicy.ImportFormat) > 0 { + importFormat = r.IamPolicy.ImportFormat[0] + } else { + importFormat = r.IamPolicy.SelfLink + if importFormat == "" { + importFormat = r.SelfLinkUrl() + } + } + + params := r.ExtractIdentifiers(importFormat) + var importQualifiers []string + for i, param := range params { + if param == "project" { + if i != len(params)-1 { + // If the last parameter is project then we want to create a new project to use for the test, so don't default from the environment + if r.IamPolicy.TestProjectName == "" { + importQualifiers = append(importQualifiers, "envvar.GetTestProjectFromEnv()") + } else { + importQualifiers = append(importQualifiers, `context["project_id"]`) + } + } + } else if param == "zone" && r.IamPolicy.SubstituteZoneValue { + importQualifiers = append(importQualifiers, "envvar.GetTestZoneFromEnv()") + } else if param == "region" || param == "location" { + example := r.FirstTestExample() + if example.RegionOverride == "" { + importQualifiers = append(importQualifiers, "envvar.GetTestRegionFromEnv()") + } else { + importQualifiers = append(importQualifiers, fmt.Sprintf("\"%s\"", example.RegionOverride)) + } + } else if param == "universe_domain" { + importQualifiers = append(importQualifiers, "envvar.GetTestUniverseDomainFromEnv()") + } else { + break + } + } + + if len(importQualifiers) == 0 { + return "" + } + + return strings.Join(importQualifiers, ", ") +} + +func (r Resource) OrderProperties(props []*Type) []*Type { req := google.Select(props, func(p *Type) bool { return p.Required }) @@ -1206,20 +1377,197 @@ func CompareByName(a, b *Type) int { return strings.Compare(a.Name, b.Name) } -func (r Resource) GetPropertyUpdateMasksGroups() map[string][]string { +func (r Resource) GetPropertyUpdateMasksGroupKeys(properties []*Type) []string { + keys := []string{} + for _, prop := range properties { + if prop.FlattenObject { + k := r.GetPropertyUpdateMasksGroupKeys(prop.Properties) + keys = append(keys, k...) + } else { + keys = append(keys, google.Underscore(prop.Name)) + } + } + return keys +} + +func (r Resource) GetPropertyUpdateMasksGroups(properties []*Type, maskPrefix string) map[string][]string { maskGroups := map[string][]string{} - for _, prop := range r.AllUserProperties() { + for _, prop := range properties { if prop.FlattenObject { - prop.GetNestedPropertyUpdateMasksGroups(maskGroups, prop.ApiName) + maps.Copy(maskGroups, r.GetPropertyUpdateMasksGroups(prop.Properties, prop.ApiName+".")) } else if len(prop.UpdateMaskFields) > 0 { maskGroups[google.Underscore(prop.Name)] = prop.UpdateMaskFields } else { - maskGroups[google.Underscore(prop.Name)] = []string{prop.ApiName} + maskGroups[google.Underscore(prop.Name)] = []string{maskPrefix + prop.ApiName} } } return maskGroups } +// Formats whitespace in the style of the old Ruby generator's descriptions in documentation +func (r Resource) FormatDocDescription(desc string, indent bool) string { + if desc == "" { + return "" + } + returnString := desc + if indent { + returnString = strings.ReplaceAll(returnString, "\n\n", "\n") + returnString = strings.ReplaceAll(returnString, "\n", "\n ") + + // fix removing for ruby -> go transition diffs + returnString = strings.ReplaceAll(returnString, "\n \n **Note**: This field is non-authoritative,", "\n\n **Note**: This field is non-authoritative,") + + return fmt.Sprintf("\n %s", strings.TrimSuffix(returnString, "\n ")) + } + return strings.TrimSuffix(returnString, "\n") +} + func (r Resource) CustomTemplate(templatePath string, appendNewline bool) string { - return resource.ExecuteTemplate(&r, templatePath, appendNewline) + output := resource.ExecuteTemplate(&r, templatePath, appendNewline) + if !appendNewline { + output = strings.TrimSuffix(output, "\n") + } + return output +} + +// Returns the key of the list of resources in the List API response +// Used to get the list of resources to sweep +func (r Resource) ResourceListKey() string { + var k string + if r.NestedQuery != nil && len(r.NestedQuery.Keys) > 0 { + k = r.NestedQuery.Keys[0] + } + + if k == "" { + k = r.CollectionUrlKey + } + + return k +} + +func (r Resource) ListUrlTemplate() string { + return strings.Replace(r.CollectionUrl(), "zones/{{zone}}", "aggregated", 1) +} + +func (r Resource) DeleteUrlTemplate() string { + return fmt.Sprintf("%s%s", r.ProductMetadata.BaseUrl, r.DeleteUri()) +} + +func (r Resource) LastNestedQueryKey() string { + if r.NestedQuery == nil { + return "" + } + len := len(r.NestedQuery.Keys) + return r.NestedQuery.Keys[len-1] +} + +func (r Resource) FirstIdentityProp() *Type { + idProps := r.GetIdentity() + if len(idProps) == 0 { + return nil + } + + return idProps[0] +} + +type UpdateGroup struct { + UpdateUrl string + UpdateVerb string + UpdateId string + FingerprintName string +} + +// def properties_without_custom_update(properties) +func (r Resource) propertiesWithCustomUpdate(properties []*Type) []*Type { + return google.Reject(properties, func(p *Type) bool { + return p.UpdateUrl == "" || p.UpdateVerb == "" || p.UpdateVerb == "NOOP" || + p.IsA("KeyValueTerraformLabels") || p.IsA("KeyValueLabels") + }) +} + +func (r Resource) PropertiesByCustomUpdate(properties []*Type) map[UpdateGroup][]*Type { + customUpdateProps := r.propertiesWithCustomUpdate(properties) + groupedCustomUpdateProps := map[UpdateGroup][]*Type{} + for _, prop := range customUpdateProps { + groupedProperty := UpdateGroup{UpdateUrl: prop.UpdateUrl, + UpdateVerb: prop.UpdateVerb, + UpdateId: prop.UpdateId, + FingerprintName: prop.FingerprintName} + groupedCustomUpdateProps[groupedProperty] = append(groupedCustomUpdateProps[groupedProperty], prop) + } + return groupedCustomUpdateProps +} + +func (r Resource) PropertiesByCustomUpdateGroups() []UpdateGroup { + customUpdateProps := r.propertiesWithCustomUpdate(r.RootProperties()) + var updateGroups []UpdateGroup + for _, prop := range customUpdateProps { + groupedProperty := UpdateGroup{UpdateUrl: prop.UpdateUrl, + UpdateVerb: prop.UpdateVerb, + UpdateId: prop.UpdateId, + FingerprintName: prop.FingerprintName} + + if slices.Contains(updateGroups, groupedProperty) { + continue + } + updateGroups = append(updateGroups, groupedProperty) + } + sort.Slice(updateGroups, func(i, j int) bool { + a := updateGroups[i] + b := updateGroups[j] + if a.UpdateVerb != b.UpdateVerb { + return a.UpdateVerb > b.UpdateVerb + } + return a.UpdateId < b.UpdateId + }) + return updateGroups +} + +func (r Resource) FieldSpecificUpdateMethods() bool { + return (len(r.PropertiesByCustomUpdate(r.RootProperties())) > 0) +} + +func (r Resource) CustomUpdatePropertiesByKey(properties []*Type, updateUrl string, updateId string, fingerprintName string, updateVerb string) []*Type { + groupedProperties := r.PropertiesByCustomUpdate(properties) + groupedProperty := UpdateGroup{UpdateUrl: updateUrl, + UpdateVerb: updateVerb, + UpdateId: updateId, + FingerprintName: fingerprintName} + return groupedProperties[groupedProperty] +} + +func (r Resource) PropertyNamesToStrings(properties []*Type) []string { + var propertyNames []string + for _, prop := range properties { + propertyNames = append(propertyNames, google.Underscore(prop.Name)) + } + return propertyNames +} + +func (r Resource) IsExcluded() bool { + return r.Exclude || r.ExcludeResource +} + +func (r Resource) TestExamples() []resource.Examples { + return google.Reject(google.Reject(r.Examples, func(e resource.Examples) bool { + return e.SkipTest + }), func(e resource.Examples) bool { + return e.MinVersion != "" && slices.Index(product.ORDER, r.TargetVersionName) < slices.Index(product.ORDER, e.MinVersion) + }) +} + +func (r Resource) VersionedProvider(exampleVersion string) bool { + vp := r.MinVersion + if exampleVersion != "" { + vp = exampleVersion + } + return vp != "" && vp != "ga" +} + +func (r Resource) StateUpgradersCount() []int { + var nums []int + for i := r.StateUpgradeBaseSchemaVersion; i < r.SchemaVersion; i++ { + nums = append(nums, i) + } + return nums } diff --git a/mmv1/api/resource.rb b/mmv1/api/resource.rb index b4c6eea2515d..98d2b0fe775a 100644 --- a/mmv1/api/resource.rb +++ b/mmv1/api/resource.rb @@ -393,6 +393,16 @@ def all_nested_properties(props) nested end + def convert_go_file(file) + dir, base = File.split(file) + base.slice! '.erb' + if dir.end_with?('terraform') + "#{dir}/#{base}.go.tmpl" + else + "#{dir}/go/#{base}.tmpl" + end + end + # All settable properties in the resource. # Fingerprints aren't *really" settable properties, but they behave like one. # At Create, they have no value but they can just be read in anyways, and after a Read diff --git a/mmv1/api/resource/docs.go b/mmv1/api/resource/docs.go index 01fec263dd87..2b81541c09c3 100644 --- a/mmv1/api/resource/docs.go +++ b/mmv1/api/resource/docs.go @@ -33,10 +33,10 @@ type Docs struct { Note string // attr_reader : - RequiredProperties string + RequiredProperties string `yaml:"required_properties"` // attr_reader : - OptionalProperties string + OptionalProperties string `yaml:"optional_properties"` // attr_reader : Attributes string diff --git a/mmv1/api/resource/examples.go b/mmv1/api/resource/examples.go index d5a5dde96cf8..bc24fede5793 100644 --- a/mmv1/api/resource/examples.go +++ b/mmv1/api/resource/examples.go @@ -18,6 +18,7 @@ import ( "fmt" "net/url" "path/filepath" + "regexp" "strings" "text/template" @@ -148,7 +149,7 @@ type Examples struct { // If the example should be skipped during VCR testing. // This is the case when something about the resource or config causes VCR to fail for example - // a resource with a unique identifier generated within the resource via resource.UniqueId() + // a resource with a unique identifier generated within the resource via id.UniqueId() // Or a config with two fine grained resources that have a race condition during create SkipVcr bool `yaml:"skip_vcr"` @@ -171,7 +172,9 @@ func (e *Examples) UnmarshalYAML(n *yaml.Node) error { return err } - e.ConfigPath = fmt.Sprintf("templates/terraform/examples/go/%s.tf.tmpl", e.Name) + if e.ConfigPath == "" { + e.ConfigPath = fmt.Sprintf("templates/terraform/examples/go/%s.tf.tmpl", e.Name) + } e.SetHCLText() return nil @@ -179,13 +182,44 @@ func (e *Examples) UnmarshalYAML(n *yaml.Node) error { // Executes example templates for documentation and tests func (e *Examples) SetHCLText() { + originalVars := e.Vars + originalTestEnvVars := e.TestEnvVars + docTestEnvVars := make(map[string]string) + docs_defaults := map[string]string{ + "PROJECT_NAME": "my-project-name", + "CREDENTIALS": "my/credentials/filename.json", + "REGION": "us-west1", + "ORG_ID": "123456789", + "ORG_DOMAIN": "example.com", + "ORG_TARGET": "123456789", + "BILLING_ACCT": "000000-0000000-0000000-000000", + "MASTER_BILLING_ACCT": "000000-0000000-0000000-000000", + "SERVICE_ACCT": "my@service-account.com", + "CUST_ID": "A01b123xz", + "IDENTITY_USER": "cloud_identity_user", + "PAP_DESCRIPTION": "description", + } + + // Apply doc defaults to test_env_vars from YAML + for key := range e.TestEnvVars { + docTestEnvVars[key] = docs_defaults[e.TestEnvVars[key]] + } + e.TestEnvVars = docTestEnvVars e.DocumentationHCLText = ExecuteTemplate(e, e.ConfigPath, true) + e.DocumentationHCLText = regexp.MustCompile(`\n\n$`).ReplaceAllString(e.DocumentationHCLText, "\n") + + // Remove region tags + re1 := regexp.MustCompile(`# \[[a-zA-Z_ ]+\]\n`) + re2 := regexp.MustCompile(`\n# \[[a-zA-Z_ ]+\]`) + e.DocumentationHCLText = re1.ReplaceAllString(e.DocumentationHCLText, "") + e.DocumentationHCLText = re2.ReplaceAllString(e.DocumentationHCLText, "") - copy := e + testVars := make(map[string]string) + testTestEnvVars := make(map[string]string) // Override vars to inject test values into configs - will have // - "a-example-var-value%{random_suffix}"" // - "%{my_var}" for overrides that have custom Golang values - for key, value := range copy.Vars { + for key, value := range originalVars { var newVal string if strings.Contains(value, "-") { newVal = fmt.Sprintf("tf-test-%s", value) @@ -199,24 +233,45 @@ func (e *Examples) SetHCLText() { if len(newVal) > 54 { newVal = newVal[:54] } - copy.Vars[key] = fmt.Sprintf("%s%%{random_suffix}", newVal) + testVars[key] = fmt.Sprintf("%s%%{random_suffix}", newVal) } // Apply overrides from YAML - for key := range copy.TestVarsOverrides { - copy.Vars[key] = fmt.Sprintf("%%{%s}", key) + for key := range e.TestVarsOverrides { + testVars[key] = fmt.Sprintf("%%{%s}", key) + } + for key := range originalTestEnvVars { + testTestEnvVars[key] = fmt.Sprintf("%%{%s}", key) } - e.TestHCLText = ExecuteTemplate(copy, copy.ConfigPath, true) + e.Vars = testVars + e.TestEnvVars = testTestEnvVars + e.TestHCLText = ExecuteTemplate(e, e.ConfigPath, true) + e.TestHCLText = regexp.MustCompile(`\n\n$`).ReplaceAllString(e.TestHCLText, "\n") + // Remove region tags + e.TestHCLText = re1.ReplaceAllString(e.TestHCLText, "") + e.TestHCLText = re2.ReplaceAllString(e.TestHCLText, "") + e.TestHCLText = SubstituteTestPaths(e.TestHCLText) + + // Reset the example + e.Vars = originalVars + e.TestEnvVars = originalTestEnvVars } func ExecuteTemplate(e any, templatePath string, appendNewline bool) string { templates := []string{ templatePath, + "templates/terraform/expand_resource_ref.tmpl", + "templates/terraform/custom_flatten/go/bigquery_table_ref.go.tmpl", + "templates/terraform/flatten_property_method.go.tmpl", + "templates/terraform/expand_property_method.go.tmpl", + "templates/terraform/update_mask.go.tmpl", + "templates/terraform/nested_query.go.tmpl", + "templates/terraform/unordered_list_customize_diff.go.tmpl", } templateFileName := filepath.Base(templatePath) - tmpl, err := template.New(templateFileName).ParseFiles(templates...) + tmpl, err := template.New(templateFileName).Funcs(google.TemplateFunctions).ParseFiles(templates...) if err != nil { glog.Exit(err) } @@ -235,114 +290,6 @@ func ExecuteTemplate(e any, templatePath string, appendNewline bool) string { return rs } -// func (e *Examples) config_documentation(pwd) { -// docs_defaults = { -// PROJECT_NAME: 'my-project-name', -// CREDENTIALS: 'my/credentials/filename.json', -// REGION: 'us-west1', -// ORG_ID: '123456789', -// ORG_DOMAIN: 'example.com', -// ORG_TARGET: '123456789', -// BILLING_ACCT: '000000-0000000-0000000-000000', -// MASTER_BILLING_ACCT: '000000-0000000-0000000-000000', -// SERVICE_ACCT: 'my@service-account.com', -// CUST_ID: 'A01b123xz', -// IDENTITY_USER: 'cloud_identity_user', -// PAP_DESCRIPTION: 'description' -// } -// @vars ||= {} -// @test_env_vars ||= {} -// body = lines(compile_file( -// { -// vars:, -// test_env_vars: test_env_vars.to_h { |k, v| [k, docs_defaults[v]] }, -// primary_resource_id: -// }, -// "//{pwd}///{config_path}" -// )) - -// // Remove region tags -// body = body.gsub(/// \[[a-zA-Z_ ]+\]\n/, '') -// body = body.gsub(/\n// \[[a-zA-Z_ ]+\]/, '') -// lines(compile_file( -// { content: body }, -// "//{pwd}/templates/terraform/examples/base_configs/documentation.tf.erb" -// )) -// } - -// func (e *Examples) config_test(pwd) { -// body = config_test_body(pwd) -// lines(compile_file( -// { -// content: body -// }, -// "//{pwd}/templates/terraform/examples/base_configs/test_body.go.erb" -// )) -// } - -// rubocop:disable Style/FormatStringToken -// func (e *Examples) config_test_body(pwd) { -// @vars ||= {} -// @test_env_vars ||= {} -// @test_vars_overrides ||= {} - -// // Construct map for vars to inject into config - will have -// // - "a-example-var-value%{random_suffix}"" -// // - "%{my_var}" for overrides that have custom Golang values -// rand_vars = vars.map do |k, v| -// // Some resources only allow underscores. -// testv = if v.include?('-') -// "tf-test-//{v}" -// elsif v.include?('_') -// "tf_test_//{v}" -// else -// // Some vars like descriptions shouldn't have prefix -// v -// end -// // Random suffix is 10 characters and standard name length <= 64 -// testv = "//{testv[0...54]}%{random_suffix}" -// [k, testv] -// end - -// rand_vars = rand_vars.to_h -// overrides = test_vars_overrides.to_h { |k, _| [k, "%{//{k}}"] } -// body = lines(compile_file( -// { -// vars: rand_vars.merge(overrides), -// test_env_vars: test_env_vars.to_h { |k, _| [k, "%{//{k}}"] }, -// primary_resource_id:, -// primary_resource_type: -// }, -// "//{pwd}///{config_path}" -// )) - -// // Remove region tags -// body = body.gsub(/// \[[a-zA-Z_ ]+\]\n/, '') -// body = body.gsub(/\n// \[[a-zA-Z_ ]+\]/, '') -// substitute_test_paths body -// } - -// func (e *Examples) config_oics(pwd) { -// @vars ||= [] -// @oics_vars_overrides ||= {} - -// rand_vars = vars.to_h { |k, str| [k, "//{str}-${local.name_suffix}"] } - -// // Examples with test_env_vars are skipped elsewhere -// body = lines(compile_file( -// { -// vars: rand_vars.merge(oics_vars_overrides), -// primary_resource_id: -// }, -// "//{pwd}///{config_path}" -// )) - -// // Remove region tags -// body = body.gsub(/// \[[a-zA-Z_ ]+\]\n/, '') -// body = body.gsub(/\n// \[[a-zA-Z_ ]+\]/, '') -// substitute_example_paths body -// } - func (e *Examples) OiCSLink() string { v := url.Values{} // TODO Q2: Values.Encode() sorts the values by key alphabetically. This will produce @@ -375,27 +322,23 @@ func (e *Examples) ResourceType(terraformName string) string { return terraformName } -// rubocop:disable Layout/LineLength -// func (e *Examples) substitute_test_paths(config) { -// config.gsub!('../static/img/header-logo.png', 'test-fixtures/header-logo.png') -// config.gsub!('path/to/private.key', 'test-fixtures/test.key') -// config.gsub!('path/to/certificate.crt', 'test-fixtures/test.crt') -// config.gsub!('path/to/index.zip', '%{zip_path}') -// config.gsub!('verified-domain.com', 'tf-test-domain%{random_suffix}.gcp.tfacc.hashicorptest.com') -// config.gsub!('path/to/id_rsa.pub', 'test-fixtures/ssh_rsa.pub') -// config -// } +func SubstituteExamplePaths(config string) string { + config = strings.ReplaceAll(config, "../static/img/header-logo.png", "../static/header-logo.png") + config = strings.ReplaceAll(config, "path/to/private.key", "../static/ssl_cert/test.key") + config = strings.ReplaceAll(config, "path/to/id_rsa.pub", "../static/ssh_rsa.pub") + config = strings.ReplaceAll(config, "path/to/certificate.crt", "../static/ssl_cert/test.crt") + return config +} -// func (e *Examples) substitute_example_paths(config) { -// config.gsub!('../static/img/header-logo.png', '../static/header-logo.png') -// config.gsub!('path/to/private.key', '../static/ssl_cert/test.key') -// config.gsub!('path/to/id_rsa.pub', '../static/ssh_rsa.pub') -// config.gsub!('path/to/certificate.crt', '../static/ssl_cert/test.crt') -// config -// end -// // rubocop:enable Layout/LineLength -// // rubocop:enable Style/FormatStringToken -// } +func SubstituteTestPaths(config string) string { + config = strings.ReplaceAll(config, "../static/img/header-logo.png", "test-fixtures/header-logo.png") + config = strings.ReplaceAll(config, "path/to/private.key", "test-fixtures/test.key") + config = strings.ReplaceAll(config, "path/to/certificate.crt", "test-fixtures/test.crt") + config = strings.ReplaceAll(config, "path/to/index.zip", "%{zip_path}") + config = strings.ReplaceAll(config, "verified-domain.com", "tf-test-domain%{random_suffix}.gcp.tfacc.hashicorptest.com") + config = strings.ReplaceAll(config, "path/to/id_rsa.pub", "test-fixtures/ssh_rsa.pub") + return config +} // func (e *Examples) validate() { // super diff --git a/mmv1/api/resource/iam_policy.go b/mmv1/api/resource/iam_policy.go index 84f90f7e0c8f..812e18ab8170 100644 --- a/mmv1/api/resource/iam_policy.go +++ b/mmv1/api/resource/iam_policy.go @@ -40,9 +40,9 @@ type IamPolicy struct { // While Compute subnetwork uses {resource}/getIamPolicy MethodNameSeparator string `yaml:"method_name_separator"` - // The terraform type of the parent resource if it is not the same as the - // IAM resource. The IAP product needs these as its IAM policies refer - // to compute resources + // The terraform type (e.g. 'google_endpoints_service') of the parent resource + // if it is not the same as the IAM resource. The IAP product needs these + // as its IAM policies refer to compute resources. ParentResourceType string `yaml:"parent_resource_type"` // Some resources allow retrieving the IAM policy with GET requests, @@ -84,7 +84,7 @@ type IamPolicy struct { // Some resources (IAP) use fields named differently from the parent resource. // We need to use the parent's attributes to create an IAM policy, but they may not be - // named as the IAM IAM resource expects. + // named as the IAM resource expects. // This allows us to specify a file (relative to MM root) containing a partial terraform // config with the test/example attributes of the IAM resource. ExampleConfigBody string `yaml:"example_config_body"` diff --git a/mmv1/api/resource/iam_policy.rb b/mmv1/api/resource/iam_policy.rb index 2acb14185d0d..951bd123da00 100644 --- a/mmv1/api/resource/iam_policy.rb +++ b/mmv1/api/resource/iam_policy.rb @@ -138,7 +138,7 @@ def validate check :import_format, type: Array, item_type: String check( :example_config_body, - type: String, default: 'templates/terraform/iam/iam_attributes.tf.erb' + type: String, default: 'templates/terraform/iam/iam_attributes.go.erb' ) check :iam_policy_version, type: String check :min_version, type: String diff --git a/mmv1/api/resource/sweeper.go b/mmv1/api/resource/sweeper.go new file mode 100644 index 000000000000..7ba3e789e203 --- /dev/null +++ b/mmv1/api/resource/sweeper.go @@ -0,0 +1,27 @@ +// Copyright 2024 Google Inc. +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package resource + +type Sweeper struct { + //Google::YamlValidator + // The field checked by sweeper to determine + // eligibility for deletion for generated resources + SweepableIdentifierField string `yaml:"sweepable_identifier_field"` +} + +// def validate +// super + +// check :sweepable_identifier_field, type: String +// end diff --git a/mmv1/api/type.go b/mmv1/api/type.go index 7cd9cccc74b1..39380fce194b 100644 --- a/mmv1/api/type.go +++ b/mmv1/api/type.go @@ -138,9 +138,12 @@ type Type struct { // ==================== // Array Fields // ==================== - ItemType *Type `yaml:"item_type"` - MinSize int `yaml:"min_size"` - MaxSize int `yaml:"max_size"` + ItemType *Type `yaml:"item_type"` + MinSize string `yaml:"min_size"` + MaxSize string `yaml:"max_size"` + // Adds a ValidateFunc to the item schema + ItemValidation resource.Validation `yaml:"item_validation"` + // __name ParentName string @@ -211,16 +214,16 @@ type Type struct { // because in Terraform the key has to be a property of the object. // // The name of the key. Used in the Terraform schema as a field name. - KeyName string `yaml:"key_name` + KeyName string `yaml:"key_name"` // A description of the key's format. Used in Terraform to describe // the field in documentation. - KeyDescription string `yaml:"key_description` + KeyDescription string `yaml:"key_description"` // ==================== // KeyValuePairs Fields // ==================== - IgnoreWrite bool `yaml:"ignore_write` + IgnoreWrite bool `yaml:"ignore_write"` // ==================== // Schema Modifications @@ -293,12 +296,12 @@ func (t *Type) SetDefault(r *Resource) { switch { case t.IsA("Array"): t.ItemType.ParentName = t.Name - t.ItemType.ParentMetadata = t.ParentMetadata + t.ItemType.ParentMetadata = t t.ItemType.SetDefault(r) case t.IsA("Map"): t.KeyExpander = "tpgresource.ExpandString" t.ValueType.ParentName = t.Name - t.ValueType.ParentMetadata = t.ParentMetadata + t.ValueType.ParentMetadata = t t.ValueType.SetDefault(r) case t.IsA("NestedObject"): if t.Name == "" { @@ -443,7 +446,15 @@ func (t *Type) GetPrefix() string { t.Prefix = fmt.Sprintf("%s%s", nestedPrefix, t.ResourceMetadata.ResourceName()) } else { - t.Prefix = fmt.Sprintf("%s%s", t.ParentMetadata.GetPrefix(), t.ParentMetadata.TitlelizeProperty()) + if t.ParentMetadata != nil && (t.ParentMetadata.IsA("Array") || t.ParentMetadata.IsA("Map")) { + t.Prefix = t.ParentMetadata.GetPrefix() + } else { + if t.ParentMetadata != nil && t.ParentMetadata.ParentMetadata != nil && t.ParentMetadata.ParentMetadata.IsA("Map") { + t.Prefix = fmt.Sprintf("%s%s", t.ParentMetadata.GetPrefix(), t.ParentMetadata.ParentMetadata.TitlelizeProperty()) + } else { + t.Prefix = fmt.Sprintf("%s%s", t.ParentMetadata.GetPrefix(), t.ParentMetadata.TitlelizeProperty()) + } + } } } return t.Prefix @@ -1270,14 +1281,14 @@ func (t Type) PropertyNsPrefix() []string { // information from the "object" variable func (t Type) NamespaceProperty() string { - name := google.Camelize(t.Name, "lower") + name := google.Camelize(t.Name, "upper") p := t for p.Parent() != nil { p = *p.Parent() - name = fmt.Sprintf("%s%s", google.Camelize(p.Name, "lower"), name) + name = fmt.Sprintf("%s%s", google.Camelize(p.Name, "upper"), name) } - return fmt.Sprintf("%s%s%s", google.Camelize(t.ApiName, "lower"), t.ResourceMetadata.Name, name) + return fmt.Sprintf("%s%s%s", google.Camelize(t.ResourceMetadata.ProductMetadata.ApiName, "lower"), t.ResourceMetadata.Name, name) } // def namespace_property_from_object(property, object) @@ -1292,20 +1303,6 @@ func (t Type) NamespaceProperty() string { // // end -// new utility function for recursive calls to GetPropertyUpdateMasksGroups - -func (t Type) GetNestedPropertyUpdateMasksGroups(maskGroups map[string][]string, maskPrefix string) { - for _, prop := range t.AllProperties() { - if prop.FlattenObject { - prop.GetNestedPropertyUpdateMasksGroups(maskGroups, prop.ApiName) - } else if len(prop.UpdateMaskFields) > 0 { - maskGroups[google.Underscore(prop.Name)] = prop.UpdateMaskFields - } else { - maskGroups[google.Underscore(prop.Name)] = []string{maskPrefix + prop.ApiName} - } - } -} - func (t Type) CustomTemplate(templatePath string, appendNewline bool) string { return resource.ExecuteTemplate(&t, templatePath, appendNewline) } @@ -1317,11 +1314,11 @@ func (t *Type) GetIdFormat() string { func (t *Type) GoLiteral(value interface{}) string { switch v := value.(type) { case int: - return fmt.Sprintf("\"%d\"", v) + return fmt.Sprintf("%d", v) case float64: - return fmt.Sprintf("\"%f\"", v) + return fmt.Sprintf("%.1f", v) case bool: - return fmt.Sprintf("\"%v\"", v) + return fmt.Sprintf("%v", v) case string: if !strings.HasPrefix(v, "\"") { return fmt.Sprintf("\"%s\"", v) @@ -1337,3 +1334,81 @@ func (t *Type) GoLiteral(value interface{}) string { panic(fmt.Errorf("unknown go literal type %+v", value)) } } + +// def force_new?(property, resource) +func (t *Type) IsForceNew() bool { + if t.IsA("KeyValueLabels") && t.ResourceMetadata.RootLabels() { + return false + } + + if t.IsA("KeyValueTerraformLabels") && !t.ResourceMetadata.Updatable() && !t.ResourceMetadata.RootLabels() { + return true + } + + parent := t.Parent() + return (!t.Output || t.IsA("KeyValueEffectiveLabels")) && + (t.Immutable || + (t.ResourceMetadata.Immutable && t.UpdateUrl == "" && + (parent == nil || + (parent.IsForceNew() && + !(parent.FlattenObject && t.IsA("KeyValueLabels")))))) +} + +// Returns an updated path for a given Terraform field path (e.g. +// 'a_field', 'parent_field.0.child_name'). Returns nil if the property +// is not included in the resource's properties and removes keys that have +// been flattened +// FYI: Fields that have been renamed should use the new name, however, flattened +// fields still need to be included, ie: +// flattenedField > newParent > renameMe should be passed to this function as +// flattened_field.0.new_parent.0.im_renamed +// TODO(emilymye): Change format of input for +// exactly_one_of/at_least_one_of/etc to use camelcase, MM properities and +// convert to snake in this method +// def get_property_schema_path(schema_path, resource) +func (t *Type) GetPropertySchemaPath(schemaPath string) string { + nestedProps := t.ResourceMetadata.UserProperites() + + var pathTkns []string + for _, pname := range strings.Split(schemaPath, ".0.") { + camelPname := google.Camelize(pname, "lower") + index := slices.IndexFunc(nestedProps, func(p *Type) bool { + return p.Name == camelPname + }) + + // if we couldn't find it, see if it was renamed at the top level + if index == -1 { + index = slices.IndexFunc(nestedProps, func(p *Type) bool { + return p.Name == schemaPath + }) + } + + if index == -1 { + continue + } + + prop := nestedProps[index] + + nestedProps = prop.NestedProperties() + if !prop.FlattenObject { + pathTkns = append(pathTkns, google.Underscore(pname)) + } + } + + if len(pathTkns) == 0 || pathTkns[len(pathTkns)-1] == "" { + return "" + } + + return strings.Join(pathTkns[:], ".0.") +} + +func (t Type) GetPropertySchemaPathList(propertyList []string) []string { + var list []string + for _, path := range propertyList { + path = t.GetPropertySchemaPath(path) + if path != "" { + list = append(list, path) + } + } + return list +} diff --git a/mmv1/api/type.rb b/mmv1/api/type.rb index dd66b3d8a800..9e78817fcabc 100644 --- a/mmv1/api/type.rb +++ b/mmv1/api/type.rb @@ -583,7 +583,9 @@ def nested_properties def item_type_class return @item_type \ - if @item_type.instance_of?(Class) + if @item_type.instance_of?(Class) \ + || @item_type.is_a?(Api::Type::ResourceRef) \ + || @item_type.is_a?(Api::Type::Enum) Object.const_get(@item_type) end diff --git a/mmv1/compiler.rb b/mmv1/compiler.rb index ebd2b6886a4c..304a245c6e78 100755 --- a/mmv1/compiler.rb +++ b/mmv1/compiler.rb @@ -37,6 +37,7 @@ products_to_generate = nil all_products = false yaml_dump = false +go_yaml = false generate_code = true generate_docs = true output_path = nil @@ -95,6 +96,9 @@ opt.on('--openapi-generate', 'Generate MMv1 YAML from openapi directory (Experimental)') do openapi_generate = true end + opt.on('--go-yaml', 'Generate MMv1 Go YAML from Ruby YAML') do + go_yaml = true + end end.parse! # rubocop:enable Metrics/BlockLength @@ -120,6 +124,14 @@ if override_dir Google::LOGGER.info "Using override directory '#{override_dir}'" + + # Normalize override dir to a path that is relative to the magic-modules directory + # This is needed for templates that concatenate pwd + override dir + path + if Pathname.new(override_dir).absolute? + override_dir = Pathname.new(override_dir).relative_path_from(__dir__).to_s + Google::LOGGER.info "Override directory normalized to relative path '#{override_dir}'" + end + Dir["#{override_dir}/products/**/product.yaml"].each do |file_path| product = File.dirname(Pathname.new(file_path).relative_path_from(override_dir)) all_product_files.push(product) unless all_product_files.include? product @@ -272,7 +284,8 @@ product_name, yaml_dump, generate_code, - generate_docs + generate_docs, + go_yaml ) # we need to preserve a single provider instance to use outside of this loop. diff --git a/mmv1/description-copy.go b/mmv1/description-copy.go new file mode 100644 index 000000000000..1cd004b31a2d --- /dev/null +++ b/mmv1/description-copy.go @@ -0,0 +1,169 @@ +package main + +import ( + "bufio" + "fmt" + "log" + "os" + "path/filepath" + "regexp" + "strings" +) + +func CopyAllDescriptions() { + identifiers := []string{ + "description:", + "note:", + "set_hash_func:", + "warning:", + "required_properties:", + "optional_properties:", + "attributes:", + } + + for i, id := range identifiers { + CopyText(id, len(identifiers)-1 == i) + } +} + +// Used to copy/paste text from Ruby -> Go YAML files +func CopyText(identifier string, last bool) { + var allProductFiles []string = make([]string, 0) + files, err := filepath.Glob("products/**/go_product.yaml") + if err != nil { + return + } + for _, filePath := range files { + dir := filepath.Dir(filePath) + allProductFiles = append(allProductFiles, fmt.Sprintf("products/%s", filepath.Base(dir))) + } + + for _, productPath := range allProductFiles { + // Gather go and ruby file pairs + yamlMap := make(map[string][]string) + yamlPaths, err := filepath.Glob(fmt.Sprintf("%s/*", productPath)) + if err != nil { + log.Fatalf("Cannot get yaml files: %v", err) + } + for _, yamlPath := range yamlPaths { + if strings.HasSuffix(yamlPath, "_new") { + continue + } + fileName := filepath.Base(yamlPath) + baseName, found := strings.CutPrefix(fileName, "go_") + if yamlMap[baseName] == nil { + yamlMap[baseName] = make([]string, 2) + } + if found { + yamlMap[baseName][1] = yamlPath + } else { + yamlMap[baseName][0] = yamlPath + } + } + + for _, files := range yamlMap { + rubyPath := files[0] + goPath := files[1] + var text []string + currText := "" + recording := false + + if strings.Contains(rubyPath, "product.yaml") { + // log.Printf("skipping %s", rubyPath) + continue + } + + // Ready Ruby yaml + file, _ := os.Open(rubyPath) + defer file.Close() + scanner := bufio.NewScanner(file) + for scanner.Scan() { + line := scanner.Text() + if strings.Contains(line, identifier) && !strings.HasPrefix(strings.TrimSpace(line), "#") { + currText = strings.SplitAfter(line, identifier)[1] + recording = true + } else if recording { + if terminateText(line) { + text = append(text, currText) + currText = "" + recording = false + } else { + currText = fmt.Sprintf("%s\n%s", currText, line) + } + } + } + if recording { + text = append(text, currText) + } + + // Read Go yaml while writing to a temp file + index := 0 + firstLine := true + newFilePath := fmt.Sprintf("%s_new", goPath) + fo, _ := os.Create(newFilePath) + w := bufio.NewWriter(fo) + file, _ = os.Open(goPath) + defer file.Close() + scanner = bufio.NewScanner(file) + for scanner.Scan() { + line := scanner.Text() + if firstLine { + if strings.Contains(line, "NOT CONVERTED - RUN YAML MODE") { + firstLine = false + if !last { + w.WriteString(fmt.Sprintf("NOT CONVERTED - RUN YAML MODE\n")) + } + continue + } else { + break + } + } + if strings.Contains(line, identifier) { + if index >= len(text) { + log.Printf("did not replace %s correctly! Is the file named correctly?", goPath) + w.Flush() + break + } + line = fmt.Sprintf("%s%s", line, text[index]) + index += 1 + } + w.WriteString(fmt.Sprintf("%s\n", line)) + } + + if !firstLine { + if index != len(text) { + log.Printf("potential issue with %s, only completed %d index out of %d replacements", goPath, index, len(text)) + } + if err = w.Flush(); err != nil { + panic(err) + } + + // Overwrite original file with temp + os.Rename(newFilePath, goPath) + } else { + os.Remove(newFilePath) + } + } + + } + +} + +// quick and dirty logic to determine if a description/note is terminated +func terminateText(line string) bool { + terminalStrings := []string{ + "!ruby/", + } + + for _, t := range terminalStrings { + if strings.Contains(line, t) { + return true + } + } + + if regexp.MustCompile(`^\s*https:[\s$]*`).MatchString(line) { + return false + } + + return regexp.MustCompile(`^\s*[a-z_]+:[\s$]*`).MatchString(line) +} diff --git a/mmv1/google/string_utils.go b/mmv1/google/string_utils.go index daeaf56baaf6..63d8fce9c683 100644 --- a/mmv1/google/string_utils.go +++ b/mmv1/google/string_utils.go @@ -158,6 +158,7 @@ func Format2Regex(format string) string { // TODO: the trims may not be needed with more effecient regex word := strings.TrimPrefix(match, "{{") word = strings.TrimSuffix(word, "}}") + word = strings.ReplaceAll(word, "%", "") return fmt.Sprintf("(?P<%s>.+)", word) }) re = regexp.MustCompile(`\{\{([[:word:]]+)\}\}`) diff --git a/mmv1/google/template_utils.go b/mmv1/google/template_utils.go new file mode 100644 index 000000000000..78eb2dea26ac --- /dev/null +++ b/mmv1/google/template_utils.go @@ -0,0 +1,128 @@ +// Copyright 2024 Google Inc. +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package google + +import ( + "bytes" + "errors" + "fmt" + "path/filepath" + "strings" + + "text/template" + + "github.com/golang/glog" +) + +// Build a map(map[string]interface{}) from a list of paramerter +// The format of passed in parmeters are key1, value1, key2, value2 ... +func wrapMultipleParams(params ...interface{}) (map[string]interface{}, error) { + if len(params)%2 != 0 { + return nil, errors.New("invalid number of arguments") + } + m := make(map[string]interface{}, len(params)/2) + for i := 0; i < len(params); i += 2 { + key, ok := params[i].(string) + if !ok { + return nil, errors.New("keys must be strings") + } + m[key] = params[i+1] + } + return m, nil +} + +// subtract returns the difference between a and b +// and used in Go templates +func subtract(a, b int) int { + return a - b +} + +// plus returns the sum of a and b +// and used in Go templates +func plus(a, b int) int { + return a + b +} + +var TemplateFunctions = template.FuncMap{ + "title": SpaceSeparatedTitle, + "replace": strings.Replace, + "replaceAll": strings.ReplaceAll, + "camelize": Camelize, + "underscore": Underscore, + "plural": Plural, + "contains": strings.Contains, + "join": strings.Join, + "lower": strings.ToLower, + "upper": strings.ToUpper, + "dict": wrapMultipleParams, + "format2regex": Format2Regex, + "hasPrefix": strings.HasPrefix, + "sub": subtract, + "plus": plus, + "firstSentence": FirstSentence, + "trimTemplate": TrimTemplate, +} + +// Temporary function to simulate how Ruby MMv1's lines() function works +// for nested documentation. Can replace with normal "template" after switchover +func TrimTemplate(templatePath string, e any) string { + templates := []string{ + fmt.Sprintf("templates/terraform/%s", templatePath), + "templates/terraform/expand_resource_ref.tmpl", + } + templateFileName := filepath.Base(templatePath) + + // Need to remake TemplateFunctions, referencing it directly here + // causes a declaration loop + var templateFunctions = template.FuncMap{ + "title": SpaceSeparatedTitle, + "replace": strings.Replace, + "replaceAll": strings.ReplaceAll, + "camelize": Camelize, + "underscore": Underscore, + "plural": Plural, + "contains": strings.Contains, + "join": strings.Join, + "lower": strings.ToLower, + "upper": strings.ToUpper, + "dict": wrapMultipleParams, + "format2regex": Format2Regex, + "hasPrefix": strings.HasPrefix, + "sub": subtract, + "plus": plus, + "firstSentence": FirstSentence, + "trimTemplate": TrimTemplate, + } + + tmpl, err := template.New(templateFileName).Funcs(templateFunctions).ParseFiles(templates...) + if err != nil { + glog.Exit(err) + } + + contents := bytes.Buffer{} + if err = tmpl.ExecuteTemplate(&contents, templateFileName, e); err != nil { + glog.Exit(err) + } + + rs := contents.String() + + if rs == "" { + return rs + } + + for strings.HasSuffix(rs, "\n") { + rs = strings.TrimSuffix(rs, "\n") + } + return fmt.Sprintf("%s\n", rs) +} diff --git a/mmv1/google/yaml_validator.go b/mmv1/google/yaml_validator.go index 4986e21e8e94..485db94d1dd0 100644 --- a/mmv1/google/yaml_validator.go +++ b/mmv1/google/yaml_validator.go @@ -22,12 +22,12 @@ import ( // A helper class to validate contents coming from YAML files. type YamlValidator struct{} -func (v *YamlValidator) Parse(content []byte, obj interface{}) { +func (v *YamlValidator) Parse(content []byte, obj interface{}, yamlPath string) { // TODO(nelsonjr): Allow specifying which symbols to restrict it further. // But it requires inspecting all configuration files for symbol sources, // such as Enum values. Leaving it as a nice-to-have for the future. if err := yaml.Unmarshal(content, obj); err != nil { - log.Fatalf("Cannot unmarshal data: %v", err) + log.Fatalf("Cannot unmarshal data from file %s: %v", yamlPath, err) } } diff --git a/mmv1/main.go b/mmv1/main.go index 59088cf3bb2d..851f05737390 100644 --- a/mmv1/main.go +++ b/mmv1/main.go @@ -27,19 +27,43 @@ var version = flag.String("version", "", "optional version name. If specified, t var product = flag.String("product", "", "optional product name. If specified, the resources under the specific product will be generated. Otherwise, resources under all products will be generated.") +// Example usage: --yaml +var yamlMode = flag.Bool("yaml", false, "copy text over from ruby yaml to go yaml") + +// Example usage: --template +var templateMode = flag.Bool("template", false, "copy templates over from .erb to go .tmpl") + +// Example usage: --handwritten +var handwrittenMode = flag.Bool("handwritten", false, "copy handwritten files over from .erb to go .tmpl") + func main() { + flag.Parse() - var generateCode = true - var generateDocs = true + + if *yamlMode { + CopyAllDescriptions() + } + + if *templateMode { + convertTemplates() + } + + if *handwrittenMode { + convertAllHandwrittenFiles() + } if outputPath == nil || *outputPath == "" { - log.Fatalf("No output path specified") + log.Printf("No output path specified, exiting") + return } if version == nil || *version == "" { - log.Fatalf("No version specified") + log.Printf("No version specified, assuming ga") + *version = "ga" } + var generateCode = true + var generateDocs = true var productsToGenerate []string var allProducts = false if product == nil || *product == "" { @@ -82,7 +106,11 @@ func main() { return false }) - var productsForVersion []map[string]interface{} + // In order to only copy/compile files once per provider this must be called outside + // of the products loop. This will get called with the provider from the final iteration + // of the loop + var providerToGenerate *provider.Terraform + var productsForVersion []*api.Product for _, productName := range allProductFiles { productYamlPath := path.Join(productName, "go_product.yaml") @@ -140,7 +168,9 @@ func main() { productApi.Validate() // TODO Q2: set other providers via flag - providerToGenerate := provider.NewTerraform(productApi, *version, startTime) + providerToGenerate = provider.NewTerraform(productApi, *version, startTime) + + productsForVersion = append(productsForVersion, productApi) if !slices.Contains(productsToGenerate, productName) { log.Printf("%s not specified, skipping generation", productName) @@ -149,32 +179,18 @@ func main() { log.Printf("%s: Generating files", productName) providerToGenerate.Generate(*outputPath, productName, generateCode, generateDocs) - - // we need to preserve a single provider instance to use outside of this loop. - productsForVersion = append(productsForVersion, map[string]interface{}{ - "Definitions": productApi, - "Provider": providerToGenerate, - }) } - - // TODO Q2: copy common files } - slices.SortFunc(productsForVersion, func(p1, p2 map[string]interface{}) int { - return strings.Compare(strings.ToLower(p1["Definitions"].(*api.Product).Name), strings.ToLower(p2["Definitions"].(*api.Product).Name)) + slices.SortFunc(productsForVersion, func(p1, p2 *api.Product) int { + return strings.Compare(strings.ToLower(p1.Name), strings.ToLower(p2.Name)) }) - // In order to only copy/compile files once per provider this must be called outside - // of the products loop. This will get called with the provider from the final iteration - // of the loop - finalProduct := productsForVersion[len(productsForVersion)-1] - provider := finalProduct["Provider"].(*provider.Terraform) - - provider.CopyCommonFiles(*outputPath, generateCode, generateDocs) + providerToGenerate.CopyCommonFiles(*outputPath, generateCode, generateDocs) log.Printf("Compiling common files for terraform") if generateCode { - provider.CompileCommonFiles(*outputPath, productsForVersion, "") + providerToGenerate.CompileCommonFiles(*outputPath, productsForVersion, "") // TODO Q2: product overrides } diff --git a/mmv1/products/accessapproval/go_FolderSettings.yaml b/mmv1/products/accessapproval/go_FolderSettings.yaml new file mode 100644 index 000000000000..a466d51e29dd --- /dev/null +++ b/mmv1/products/accessapproval/go_FolderSettings.yaml @@ -0,0 +1,151 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FolderSettings' +legacy_name: 'google_folder_access_approval_settings' +description: | + Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. +references: + guides: + api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/folders' +docs: +base_url: 'folders/{{folder_id}}/accessApprovalSettings' +self_link: 'folders/{{folder_id}}/accessApprovalSettings' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'folders/{{folder_id}}/accessApprovalSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/access_approval.go.tmpl' + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_folder_access_approval_settings.go.tmpl' +examples: + - name: 'folder_access_approval_full' + primary_resource_id: 'folder_access_approval' + vars: + folder_name: 'my-folder' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true + - name: 'folder_access_approval_active_key_version' + primary_resource_id: 'folder_access_approval' + vars: + folder_name: 'my-folder' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true +parameters: + - name: 'folder_id' + type: String + description: | + ID of the folder of the access approval settings. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings" + output: true + - name: 'notificationEmails' + type: Array + description: | + A list of email addresses to which notifications relating to approval requests should be sent. + Notifications relating to a resource will be sent to all emails in the settings of ancestor + resources of that resource. A maximum of 50 email addresses are allowed. + is_set: true + default_from_api: true + item_type: + type: String + max_size: 50 + - name: 'enrolledServices' + type: Array + description: | + A list of Google Cloud Services for which the given resource has Access Approval enrolled. + Access requests for the resource given by name against any of these services contained here will be required + to have explicit approval. Enrollment can only be done on an all or nothing basis. + + A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. + is_set: true + required: true + set_hash_func: accessApprovalEnrolledServicesHash + item_type: + type: NestedObject + properties: + - name: 'cloudProduct' + type: String + description: | + The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): + * all + * App Engine + * BigQuery + * Cloud Bigtable + * Cloud Key Management Service + * Compute Engine + * Cloud Dataflow + * Cloud Identity and Access Management + * Cloud Pub/Sub + * Cloud Storage + * Persistent Disk + + Note: These values are supported as input, but considered a legacy format: + * all + * appengine.googleapis.com + * bigquery.googleapis.com + * bigtable.googleapis.com + * cloudkms.googleapis.com + * compute.googleapis.com + * dataflow.googleapis.com + * iam.googleapis.com + * pubsub.googleapis.com + * storage.googleapis.com + required: true + - name: 'enrollmentLevel' + type: Enum + description: | + The enrollment level of the service. + default_value: "BLOCK_ALL" + enum_values: + - 'BLOCK_ALL' + - name: 'enrolledAncestor' + type: Boolean + description: | + If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder. + output: true + - name: 'activeKeyVersion' + type: String + description: | + The asymmetric crypto key version to use for signing approval requests. + Empty active_key_version indicates that a Google-managed key should be used for signing. + This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. + - name: 'ancestorHasActiveKeyVersion' + type: Boolean + description: | + If the field is true, that indicates that an ancestor of this Folder has set active_key_version. + output: true + - name: 'invalidKeyVersion' + type: Boolean + description: | + If the field is true, that indicates that there is some configuration issue with the active_key_version + configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the + correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, + as key versions are inherited top-down. + output: true diff --git a/mmv1/products/accessapproval/go_OrganizationSettings.yaml b/mmv1/products/accessapproval/go_OrganizationSettings.yaml new file mode 100644 index 000000000000..c486995d8b83 --- /dev/null +++ b/mmv1/products/accessapproval/go_OrganizationSettings.yaml @@ -0,0 +1,131 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSettings' +legacy_name: 'google_organization_access_approval_settings' +description: | + Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. +references: + guides: + api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations' +docs: +base_url: 'organizations/{{organization_id}}/accessApprovalSettings' +self_link: 'organizations/{{organization_id}}/accessApprovalSettings' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'organizations/{{organization_id}}/accessApprovalSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_organization_access_approval_settings.go.tmpl' +examples: + - name: 'organization_access_approval_full' + primary_resource_id: 'organization_access_approval' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true + - name: 'organization_access_approval_active_key_version' + primary_resource_id: 'organization_access_approval' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true +parameters: + - name: 'organization_id' + type: String + description: | + ID of the organization of the access approval settings. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the settings. Format is "organizations/{organization_id}/accessApprovalSettings" + output: true + - name: 'notificationEmails' + type: Array + description: | + A list of email addresses to which notifications relating to approval requests should be sent. + Notifications relating to a resource will be sent to all emails in the settings of ancestor + resources of that resource. A maximum of 50 email addresses are allowed. + is_set: true + default_from_api: true + item_type: + type: String + max_size: 50 + - name: 'enrolledServices' + type: Array + description: | + A list of Google Cloud Services for which the given resource has Access Approval enrolled. + Access requests for the resource given by name against any of these services contained here will be required + to have explicit approval. Enrollment can be done for individual services. + + A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. + is_set: true + required: true + set_hash_func: accessApprovalEnrolledServicesHash + item_type: + type: NestedObject + properties: + - name: 'cloudProduct' + type: String + description: | + The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): + all + appengine.googleapis.com + bigquery.googleapis.com + bigtable.googleapis.com + cloudkms.googleapis.com + compute.googleapis.com + dataflow.googleapis.com + iam.googleapis.com + pubsub.googleapis.com + storage.googleapis.com + required: true + - name: 'enrollmentLevel' + type: Enum + description: | + The enrollment level of the service. + default_value: "BLOCK_ALL" + enum_values: + - 'BLOCK_ALL' + - name: 'enrolledAncestor' + type: Boolean + description: | + This field will always be unset for the organization since organizations do not have ancestors. + output: true + - name: 'activeKeyVersion' + type: String + description: | + The asymmetric crypto key version to use for signing approval requests. + Empty active_key_version indicates that a Google-managed key should be used for signing. + - name: 'ancestorHasActiveKeyVersion' + type: Boolean + description: | + This field will always be unset for the organization since organizations do not have ancestors. + output: true + - name: 'invalidKeyVersion' + type: Boolean + description: | + If the field is true, that indicates that there is some configuration issue with the active_key_version + configured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the + correct permissions on it, etc.). + output: true diff --git a/mmv1/products/accessapproval/go_ProjectSettings.yaml b/mmv1/products/accessapproval/go_ProjectSettings.yaml new file mode 100644 index 000000000000..806609b22c4f --- /dev/null +++ b/mmv1/products/accessapproval/go_ProjectSettings.yaml @@ -0,0 +1,140 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectSettings' +legacy_name: 'google_project_access_approval_settings' +description: | + Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. +references: + guides: + api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/projects' +docs: +base_url: 'projects/{{project_id}}/accessApprovalSettings' +self_link: 'projects/{{project_id}}/accessApprovalSettings' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project_id}}/accessApprovalSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_project_access_approval_settings.go.tmpl' +examples: + - name: 'project_access_approval_full' + primary_resource_id: 'project_access_approval' + test_env_vars: + project: 'PROJECT_NAME' + org_id: 'ORG_ID' + skip_test: true + - name: 'project_access_approval_active_key_version' + primary_resource_id: 'project_access_approval' + test_env_vars: + project: 'PROJECT_NAME' + org_id: 'ORG_ID' + skip_test: true +parameters: + - name: 'project_id' + type: String + description: | + ID of the project of the access approval settings. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the settings. Format is "projects/{project_id}/accessApprovalSettings" + output: true + - name: 'notificationEmails' + type: Array + description: | + A list of email addresses to which notifications relating to approval requests should be sent. + Notifications relating to a resource will be sent to all emails in the settings of ancestor + resources of that resource. A maximum of 50 email addresses are allowed. + is_set: true + default_from_api: true + item_type: + type: String + max_size: 50 + - name: 'enrolledServices' + type: Array + description: | + A list of Google Cloud Services for which the given resource has Access Approval enrolled. + Access requests for the resource given by name against any of these services contained here will be required + to have explicit approval. Enrollment can only be done on an all or nothing basis. + + A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. + is_set: true + required: true + set_hash_func: accessApprovalEnrolledServicesHash + item_type: + type: NestedObject + properties: + - name: 'cloudProduct' + type: String + description: | + The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): + all + appengine.googleapis.com + bigquery.googleapis.com + bigtable.googleapis.com + cloudkms.googleapis.com + compute.googleapis.com + dataflow.googleapis.com + iam.googleapis.com + pubsub.googleapis.com + storage.googleapis.com + required: true + - name: 'enrollmentLevel' + type: Enum + description: | + The enrollment level of the service. + default_value: "BLOCK_ALL" + enum_values: + - 'BLOCK_ALL' + - name: 'enrolledAncestor' + type: Boolean + description: | + If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project. + output: true + - name: 'activeKeyVersion' + type: String + description: | + The asymmetric crypto key version to use for signing approval requests. + Empty active_key_version indicates that a Google-managed key should be used for signing. + This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. + - name: 'ancestorHasActiveKeyVersion' + type: Boolean + description: | + If the field is true, that indicates that an ancestor of this Project has set active_key_version. + output: true + - name: 'invalidKeyVersion' + type: Boolean + description: | + If the field is true, that indicates that there is some configuration issue with the active_key_version + configured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the + correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, + as key versions are inherited top-down. + output: true + - name: 'project' + type: String + description: | + Project id. + deprecation_message: '`project` is deprecated and will be removed in a future major release. Use `project_id` instead.' diff --git a/tpgtools/api/orgpolicy/samples/organization_policy.yaml b/mmv1/products/accessapproval/go_product.yaml old mode 100755 new mode 100644 similarity index 62% rename from tpgtools/api/orgpolicy/samples/organization_policy.yaml rename to mmv1/products/accessapproval/go_product.yaml index 9a8425662e39..d925b1742897 --- a/tpgtools/api/orgpolicy/samples/organization_policy.yaml +++ b/mmv1/products/accessapproval/go_product.yaml @@ -1,26 +1,22 @@ -# Copyright 2021 Google LLC. All Rights Reserved. -# +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -description: A test of an orgpolicy policy for an organization -name: organization_policy -resource: samples/organization.policy.json -type: policy -updates: -- dependencies: [] - resource: samples/update_organization.policy.json -variables: -- name: org_id - type: org_id + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessApproval' +display_name: 'Access Approval' versions: -- ga -- beta + - name: 'ga' + base_url: 'https://accessapproval.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/accesscontextmanager/AccessLevels.yaml b/mmv1/products/accesscontextmanager/AccessLevels.yaml index ab2c88492f72..3dc73e403baf 100644 --- a/mmv1/products/accesscontextmanager/AccessLevels.yaml +++ b/mmv1/products/accesscontextmanager/AccessLevels.yaml @@ -22,6 +22,13 @@ references: !ruby/object:Api::Resource::ReferenceLinks guides: 'Access Policy Quickstart': 'https://cloud.google.com/access-context-manager/docs/quickstart' api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels' +docs: !ruby/object:Provider::Terraform::Docs + warning: | + This resource is authoritative over the access levels under an access policy. Due to a limitation in Terraform, + it will overwrite all preexisting access levels during a create opration without displaying the old values on + the left side of plan. To prevent this, we recommend importing the resource before applying it if overwriting + preexisting rules, as the plan will correctly display the complete changes to your access policy if the + resource is present in state. description: | Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically. This is a bulk edit of all Access Levels and may override existing Access Levels created by `google_access_context_manager_access_level`, diff --git a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml index d6b02a13d48d..b79c83c666cf 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml @@ -71,9 +71,6 @@ examples: primary_resource_id: 'service-perimeter' vars: service_perimeter_name: 'restrict_bigquery_dryrun_storage' - - !ruby/object:Provider::Terraform::Examples - name: 'access_context_manager_service_perimeter_granular_controls' - skip_test: true custom_code: !ruby/object:Provider::Terraform::CustomCode encoder: templates/terraform/encoders/access_level_never_send_parent.go.erb custom_import: templates/terraform/custom_import/set_access_policy_parent_from_self_link.go.erb @@ -243,10 +240,9 @@ properties: item_type: Api::Type::String is_set: true description: | - 'A list of identities that are allowed access through this `IngressPolicy`. - To specify an identity or identity group, use the IAM v1 - format specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. - !ruby/object:Api::Type::Array name: 'sources' description: | @@ -368,10 +364,9 @@ properties: - !ruby/object:Api::Type::Array name: 'identities' description: | - 'A list of identities that are allowed access through this `EgressPolicy`. - To specify an identity or identity group, use the IAM v1 - format specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. is_set: true item_type: Api::Type::String - !ruby/object:Api::Type::NestedObject @@ -533,10 +528,9 @@ properties: item_type: Api::Type::String is_set: true description: | - 'A list of identities that are allowed access through this `IngressPolicy`. - To specify an identity or identity group, use the IAM v1 - format specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. - !ruby/object:Api::Type::Array name: 'sources' description: | @@ -658,10 +652,9 @@ properties: - !ruby/object:Api::Type::Array name: 'identities' description: | - 'A list of identities that are allowed access through this `EgressPolicy`. - To specify an identity or identity group, use the IAM v1 - format specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. item_type: Api::Type::String is_set: true - !ruby/object:Api::Type::NestedObject diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml index 5c26b6c85bc8..2d2511ab8aec 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml @@ -84,8 +84,8 @@ properties: name: 'identities' description: | A list of identities that are allowed access through this `EgressPolicy`. - Should be in the format of an email address. The email address should - represent an individual user, service account, or Google group. + Should be in the format of email address. The email address should + represent individual user or service account only. item_type: Api::Type::String - !ruby/object:Api::Type::Array name: 'sources' diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml index c17f8a3e0471..a008c94e83e2 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml @@ -86,9 +86,9 @@ properties: name: 'identities' item_type: Api::Type::String description: | - A list of identities that are allowed access through this `IngressPolicy`. - Should be in the format of an email address. The email address should represent - an individual user, service account, or Google group. + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. - !ruby/object:Api::Type::Array name: 'sources' description: | diff --git a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml index 655c3545a2e6..98896714991d 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml @@ -57,6 +57,7 @@ properties: name: 'servicePerimeters' description: | The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy. + custom_flatten: 'templates/terraform/custom_flatten/accesscontextmanager_serviceperimeters_custom_flatten.go.erb' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String @@ -220,10 +221,9 @@ properties: is_set: true item_type: Api::Type::String description: | - 'A list of identities that are allowed access through this `IngressPolicy`. - To specify an identity or identity group, use the IAM v1 format - specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. - !ruby/object:Api::Type::Array name: 'sources' description: | @@ -330,10 +330,9 @@ properties: - !ruby/object:Api::Type::Array name: 'identities' description: | - 'A list of identities that are allowed access through this `EgressPolicy`. - To specify an identity or identity group, use the IAM v1 format - specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. is_set: true item_type: Api::Type::String - !ruby/object:Api::Type::Array @@ -516,10 +515,9 @@ properties: is_set: true item_type: Api::Type::String description: | - 'A list of identities that are allowed access through this `IngressPolicy`. - To specify an identity or identity group, use the IAM v1 format - specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. - !ruby/object:Api::Type::Array name: 'sources' description: | @@ -626,10 +624,9 @@ properties: - !ruby/object:Api::Type::Array name: 'identities' description: | - 'A list of identities that are allowed access through this `EgressPolicy`. - To specify an identity or identity group, use the IAM v1 format - specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1). - The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. item_type: Api::Type::String is_set: true - !ruby/object:Api::Type::Array diff --git a/mmv1/products/accesscontextmanager/go_AccessLevel.yaml b/mmv1/products/accesscontextmanager/go_AccessLevel.yaml new file mode 100644 index 000000000000..94d4ab67d78b --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_AccessLevel.yaml @@ -0,0 +1,312 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessLevel' +description: | + An AccessLevel is a label that can be applied to requests to GCP services, + along with a list of requirements necessary for the label to be applied. +references: + guides: + 'Access Policy Quickstart': 'https://cloud.google.com/access-context-manager/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{name}}' +base_url: '' +self_link: '{{name}}' +create_url: '{{parent}}/accessLevels' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/access_level_never_send_parent.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl' +skip_sweeper: true +examples: + - name: 'access_context_manager_access_level_basic' + primary_resource_id: 'access-level' + vars: + access_level_name: 'chromeos_no_lock' + skip_test: true +parameters: + - name: 'parent' + type: String + description: | + The AccessPolicy this AccessLevel lives in. + Format: accessPolicies/{policy_id} + required: true + immutable: true + ignore_read: true + - name: 'name' + type: String + description: | + Resource name for the Access Level. The short_name component must begin + with a letter and only include alphanumeric and '_'. + Format: accessPolicies/{policy_id}/accessLevels/{short_name} + required: true + immutable: true +properties: + - name: 'title' + type: String + description: | + Human readable title. Must be unique within the Policy. + required: true + - name: 'description' + type: String + description: | + Description of the AccessLevel and its use. Does not affect behavior. + - name: 'basic' + type: NestedObject + description: | + A set of predefined conditions for the access level and a combining function. + conflicts: + - custom + properties: + - name: 'combiningFunction' + type: Enum + description: | + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "AND" + enum_values: + - 'AND' + - 'OR' + - name: 'conditions' + type: Array + description: | + A set of requirements for the AccessLevel to be granted. + required: true + item_type: + type: NestedObject + properties: + - name: 'ipSubnetworks' + type: Array + description: | + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + item_type: + type: String + - name: 'requiredAccessLevels' + type: Array + description: | + A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name} + item_type: + type: String + - name: 'members' + type: Array + description: | + An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: `user:{emailid}`, `serviceAccount:{emailid}` + item_type: + type: String + - name: 'negate' + type: Boolean + description: | + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + - name: 'devicePolicy' + type: NestedObject + description: | + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + - name: 'requireScreenLock' + type: Boolean + description: | + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + api_name: requireScreenlock + - name: 'allowedEncryptionStatuses' + type: Array + description: | + A list of allowed encryptions statuses. + An empty list allows all statuses. + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'ENCRYPTION_UNSPECIFIED' + - 'ENCRYPTION_UNSUPPORTED' + - 'UNENCRYPTED' + - 'ENCRYPTED' + - name: 'allowedDeviceManagementLevels' + type: Array + description: | + A list of allowed device management levels. + An empty list allows all management levels. + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'MANAGEMENT_UNSPECIFIED' + - 'NONE' + - 'BASIC' + - 'COMPLETE' + - name: 'osConstraints' + type: Array + description: | + A list of allowed OS versions. + An empty list allows all types and all versions. + item_type: + type: NestedObject + properties: + - name: 'minimumVersion' + type: String + description: | + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + - name: 'requireVerifiedChromeOs' + type: Boolean + description: + If you specify DESKTOP_CHROME_OS for osType, you can + optionally include requireVerifiedChromeOs to require + Chrome Verified Access. + - name: 'osType' + type: Enum + description: | + The operating system type of the device. + required: true + enum_values: + - 'OS_UNSPECIFIED' + - 'DESKTOP_MAC' + - 'DESKTOP_WINDOWS' + - 'DESKTOP_LINUX' + - 'DESKTOP_CHROME_OS' + - 'ANDROID' + - 'IOS' + - name: 'requireAdminApproval' + type: Boolean + description: | + Whether the device needs to be approved by the customer admin. + - name: 'requireCorpOwned' + type: Boolean + description: | + Whether the device needs to be corp owned. + - name: 'regions' + type: Array + description: | + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + item_type: + type: String + - name: 'vpcNetworkSources' + type: Array + description: 'The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.' + item_type: + type: NestedObject + properties: + - name: 'vpcSubnetwork' + type: NestedObject + description: 'Sub networks within a VPC network.' + properties: + - name: 'network' + type: String + description: 'Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires `compute.network.get` permission to be granted to caller.' + required: true + - name: 'vpcIpSubnetworks' + type: Array + description: 'CIDR block IP subnetwork specification. Must be IPv4.' + item_type: + type: String + min_size: 1 + - name: 'custom' + type: NestedObject + description: | + Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. + See CEL spec at: https://github.com/google/cel-spec. + conflicts: + - basic + properties: + - name: 'expr' + type: NestedObject + description: | + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + required: true + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + - name: 'description' + type: String + description: Description of the expression + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file diff --git a/mmv1/products/accesscontextmanager/go_AccessLevelCondition.yaml b/mmv1/products/accesscontextmanager/go_AccessLevelCondition.yaml new file mode 100644 index 000000000000..87288da3a1a0 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_AccessLevelCondition.yaml @@ -0,0 +1,243 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessLevelCondition' +description: | + Allows configuring a single access level condition to be appended to an access level's conditions. + This resource is intended to be used in cases where it is not possible to compile a full list + of conditions to include in a `google_access_context_manager_access_level` resource, + to enable them to be added separately. + + ~> **Note:** If this resource is used alongside a `google_access_context_manager_access_level` resource, + the access level resource must have a `lifecycle` block with `ignore_changes = [basic[0].conditions]` so + they don't fight over which service accounts should be included. +references: + guides: + 'Access Policy Quickstart': 'https://cloud.google.com/access-context-manager/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{access_level}}' +base_url: '' +self_link: '{{access_level}}' +create_url: '{{access_level}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +mutex: '{{access_level}}' +import_format: + - '{{access_level}}' +exclude_import: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + type: 'PollAsync' + check_response_func_existence: 'transport_tpg.PollCheckForExistence' + check_response_func_absence: 'transport_tpg.PollCheckForAbsence' + suppress_error: false + target_occurrences: 1 + actions: ['create'] +identity: + - ipSubnetworks + - requiredAccessLevels + - members + - negate + - devicePolicy + - regions +nested_query: + keys: + - basic + - conditions + is_list_of_ids: false + modify_by_patch: true +custom_code: +exclude_tgc: true +skip_sweeper: true +examples: + - name: 'access_context_manager_access_level_condition_basic' + primary_resource_id: 'access-level-condition' + vars: + access_level_name: 'chromeos_no_lock' + account_id: 'my-account-id' + skip_test: true +parameters: + - name: 'accessLevel' + type: ResourceRef + description: | + The name of the Access Level to add this condition to. + url_param_only: true + required: true + immutable: true + resource: 'AccessLevel' + imports: 'name' +properties: + - name: 'ipSubnetworks' + type: Array + description: | + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + item_type: + type: String + - name: 'requiredAccessLevels' + type: Array + description: | + A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name} + item_type: + type: String + - name: 'members' + type: Array + description: | + An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: `user:{emailid}`, `serviceAccount:{emailid}` + item_type: + type: String + - name: 'negate' + type: Boolean + description: | + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + - name: 'devicePolicy' + type: NestedObject + description: | + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + - name: 'requireScreenLock' + type: Boolean + description: | + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + api_name: requireScreenlock + - name: 'allowedEncryptionStatuses' + type: Array + description: | + A list of allowed encryptions statuses. + An empty list allows all statuses. + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'ENCRYPTION_UNSPECIFIED' + - 'ENCRYPTION_UNSUPPORTED' + - 'UNENCRYPTED' + - 'ENCRYPTED' + - name: 'allowedDeviceManagementLevels' + type: Array + description: | + A list of allowed device management levels. + An empty list allows all management levels. + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'MANAGEMENT_UNSPECIFIED' + - 'NONE' + - 'BASIC' + - 'COMPLETE' + - name: 'osConstraints' + type: Array + description: | + A list of allowed OS versions. + An empty list allows all types and all versions. + item_type: + type: NestedObject + properties: + - name: 'minimumVersion' + type: String + description: | + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + - name: 'osType' + type: Enum + description: | + The operating system type of the device. + required: true + enum_values: + - 'OS_UNSPECIFIED' + - 'DESKTOP_MAC' + - 'DESKTOP_WINDOWS' + - 'DESKTOP_LINUX' + - 'DESKTOP_CHROME_OS' + - 'ANDROID' + - 'IOS' + - name: 'requireAdminApproval' + type: Boolean + description: | + Whether the device needs to be approved by the customer admin. + - name: 'requireCorpOwned' + type: Boolean + description: | + Whether the device needs to be corp owned. + - name: 'regions' + type: Array + description: | + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + item_type: + type: String + - name: 'vpcNetworkSources' + type: Array + description: 'The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.' + item_type: + type: NestedObject + properties: + - name: 'vpcSubnetwork' + type: NestedObject + description: 'Sub networks within a VPC network.' + properties: + - name: 'network' + type: String + description: 'Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires `compute.network.get` permission to be granted to caller.' + required: true + - name: 'vpcIpSubnetworks' + type: Array + description: 'CIDR block IP subnetwork specification. Must be IPv4.' + item_type: + type: String diff --git a/mmv1/products/accesscontextmanager/go_AccessLevels.yaml b/mmv1/products/accesscontextmanager/go_AccessLevels.yaml new file mode 100644 index 000000000000..08927a954e4f --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_AccessLevels.yaml @@ -0,0 +1,316 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessLevels' +description: | + Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically. + This is a bulk edit of all Access Levels and may override existing Access Levels created by `google_access_context_manager_access_level`, + thus causing a permadiff if used alongside `google_access_context_manager_access_level` on the same parent. +references: + guides: + 'Access Policy Quickstart': 'https://cloud.google.com/access-context-manager/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels' +docs: + warning: | + This resource is authoritative over the access levels under an access policy. Due to a limitation in Terraform, + it will overwrite all preexisting access levels during a create opration without displaying the old values on + the left side of plan. To prevent this, we recommend importing the resource before applying it if overwriting + preexisting rules, as the plan will correctly display the complete changes to your access policy if the + resource is present in state. +id_format: '{{parent}}/accessLevels' +base_url: '{{parent}}/accessLevels:replaceAll' +self_link: '{{parent}}/accessLevels' +update_url: '{{parent}}/accessLevels:replaceAll' +update_verb: 'POST' +import_format: + - '{{parent}}/accessLevels' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_delete: 'templates/terraform/custom_delete/go/replace_all_access_levels_empty_list.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_access_policy.go.tmpl' +skip_sweeper: true +examples: + - name: 'access_context_manager_access_levels_basic' + primary_resource_id: 'access-levels' + vars: + access_level_name1: 'chromeos_no_lock' + access_level_name2: 'mac_no_lock' + skip_test: true +parameters: + - name: 'parent' + type: String + description: | + The AccessPolicy this AccessLevel lives in. + Format: accessPolicies/{policy_id} + url_param_only: true + required: true + immutable: true + ignore_read: true +properties: + - name: 'accessLevels' + type: Array + description: | + The desired Access Levels that should replace all existing Access Levels in the Access Policy. + is_set: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Resource name for the Access Level. The short_name component must begin + with a letter and only include alphanumeric and '_'. + Format: accessPolicies/{policy_id}/accessLevels/{short_name} + required: true + immutable: true + - name: 'title' + type: String + description: | + Human readable title. Must be unique within the Policy. + required: true + - name: 'description' + type: String + description: | + Description of the AccessLevel and its use. Does not affect behavior. + - name: 'basic' + type: NestedObject + description: | + A set of predefined conditions for the access level and a combining function. + # conflicts: + # - custom + properties: + - name: 'combiningFunction' + type: Enum + description: | + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "AND" + enum_values: + - 'AND' + - 'OR' + - name: 'conditions' + type: Array + description: | + A set of requirements for the AccessLevel to be granted. + required: true + item_type: + type: NestedObject + properties: + - name: 'ipSubnetworks' + type: Array + description: | + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + item_type: + type: String + - name: 'requiredAccessLevels' + type: Array + description: | + A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name} + item_type: + type: String + - name: 'members' + type: Array + description: | + An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: `user:{emailid}`, `serviceAccount:{emailid}` + item_type: + type: String + - name: 'negate' + type: Boolean + description: | + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + - name: 'devicePolicy' + type: NestedObject + description: | + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + - name: 'requireScreenLock' + type: Boolean + description: | + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + api_name: requireScreenlock + - name: 'allowedEncryptionStatuses' + type: Array + description: | + A list of allowed encryptions statuses. + An empty list allows all statuses. + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'ENCRYPTION_UNSPECIFIED' + - 'ENCRYPTION_UNSUPPORTED' + - 'UNENCRYPTED' + - 'ENCRYPTED' + - name: 'allowedDeviceManagementLevels' + type: Array + description: | + A list of allowed device management levels. + An empty list allows all management levels. + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'MANAGEMENT_UNSPECIFIED' + - 'NONE' + - 'BASIC' + - 'COMPLETE' + - name: 'osConstraints' + type: Array + description: | + A list of allowed OS versions. + An empty list allows all types and all versions. + item_type: + type: NestedObject + properties: + - name: 'minimumVersion' + type: String + description: | + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + - name: 'osType' + type: Enum + description: | + The operating system type of the device. + required: true + enum_values: + - 'OS_UNSPECIFIED' + - 'DESKTOP_MAC' + - 'DESKTOP_WINDOWS' + - 'DESKTOP_LINUX' + - 'DESKTOP_CHROME_OS' + - 'ANDROID' + - 'IOS' + - name: 'requireAdminApproval' + type: Boolean + description: | + Whether the device needs to be approved by the customer admin. + - name: 'requireCorpOwned' + type: Boolean + description: | + Whether the device needs to be corp owned. + - name: 'regions' + type: Array + description: | + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + item_type: + type: String + - name: 'vpcNetworkSources' + type: Array + description: 'The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.' + item_type: + type: NestedObject + properties: + - name: 'vpcSubnetwork' + type: NestedObject + description: 'Sub networks within a VPC network.' + properties: + - name: 'network' + type: String + description: 'Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires `compute.network.get` permission to be granted to caller.' + required: true + - name: 'vpcIpSubnetworks' + type: Array + description: 'CIDR block IP subnetwork specification. Must be IPv4.' + item_type: + type: String + min_size: 1 + - name: 'custom' + type: NestedObject + description: | + Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. + See CEL spec at: https://github.com/google/cel-spec. + # conflicts: + # - basic + properties: + - name: 'expr' + type: NestedObject + description: | + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + required: true + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + - name: 'description' + type: String + description: Description of the expression + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file diff --git a/mmv1/products/accesscontextmanager/go_AccessPolicy.yaml b/mmv1/products/accesscontextmanager/go_AccessPolicy.yaml new file mode 100644 index 000000000000..80787619400d --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_AccessPolicy.yaml @@ -0,0 +1,119 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessPolicy' +description: | + AccessPolicy is a container for AccessLevels (which define the necessary + attributes to use GCP services) and ServicePerimeters (which define + regions of services able to freely pass data within a perimeter). An + access policy is globally visible within an organization, and the + restrictions it specifies apply to all projects within an organization. +references: + guides: + 'Access Policy Quickstart': 'https://cloud.google.com/access-context-manager/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{name}}' +base_url: 'accessPolicies' +self_link: 'accessPolicies/{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + allowed_iam_role: 'roles/accesscontextmanager.policyAdmin' + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'accessPolicies/{{name}}' + - '{{name}}' +custom_code: + post_create: 'templates/terraform/post_create/go/accesspolicy.tmpl' +skip_sweeper: true +examples: + - name: 'access_context_manager_access_policy_basic' + primary_resource_id: 'access-policy' + skip_test: true + - name: 'access_context_manager_access_policy_scoped' + primary_resource_id: 'access-policy' + test_env_vars: + org_id: 'ORG_ID' + project: 'PROJECT_NAME' + skip_test: true + skip_import_test: true +parameters: + - name: 'parent' + type: String + description: | + The parent of this AccessPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} + required: true + immutable: true + - name: 'title' + type: String + description: | + Human readable title. Does not affect behavior. + required: true + - name: 'scopes' + type: Array + description: | + Folder or project on which this policy is applicable. + Format: folders/{{folder_id}} or projects/{{project_id}} + item_type: + type: String + max_size: 1 +properties: + - name: 'name' + type: String + description: | + Resource name of the AccessPolicy. Format: {policy_id} + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'createTime' + type: Time + description: | + Time the AccessPolicy was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the AccessPolicy was updated in UTC. + output: true diff --git a/mmv1/products/accesscontextmanager/go_AuthorizedOrgsDesc.yaml b/mmv1/products/accesscontextmanager/go_AuthorizedOrgsDesc.yaml new file mode 100644 index 000000000000..e2b8a4dd71a3 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_AuthorizedOrgsDesc.yaml @@ -0,0 +1,146 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AuthorizedOrgsDesc' +description: | + An authorized organizations description describes a list of organizations + (1) that have been authorized to use certain asset (for example, device) data + owned by different organizations at the enforcement points, or (2) with certain + asset (for example, device) have been authorized to access the resources in + another organization at the enforcement points. +references: + guides: + 'gcloud docs': 'https://cloud.google.com/beyondcorp-enterprise/docs/cross-org-authorization' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.authorizedOrgsDescs' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{name}}' +base_url: '' +self_link: '{{name}}' +create_url: '{{parent}}/authorizedOrgsDescs' +update_verb: 'PATCH' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/access_level_never_send_parent.go.tmpl' + post_create: 'templates/terraform/post_create/go/sleep_2_min.go.tmpl' + pre_update: 'templates/terraform/update_mask.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl' +skip_sweeper: true +examples: + - name: 'access_context_manager_authorized_orgs_desc_basic' + primary_resource_id: 'authorized-orgs-desc' + skip_test: true +parameters: + - name: 'parent' + type: String + description: | + Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. + required: true + immutable: true + ignore_read: true + - name: 'name' + type: String + description: | + Resource name for the `AuthorizedOrgsDesc`. Format: + `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. + The `authorized_orgs_desc` component must begin with a letter, followed by + alphanumeric characters or `_`. + After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. + required: true + immutable: true + - name: 'orgs' + type: Array + description: | + The list of organization ids in this AuthorizedOrgsDesc. + Format: `organizations/` + Example: `organizations/123456` + item_type: + type: String + - name: 'assetType' + type: Enum + description: | + The type of entities that need to use the authorization relationship during + evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and + "ASSET_TYPE_CREDENTIAL_STRENGTH". + immutable: true + enum_values: + - 'ASSET_TYPE_DEVICE' + - 'ASSET_TYPE_CREDENTIAL_STRENGTH' + - name: 'authorizationDirection' + type: Enum + description: | + The direction of the authorization relationship between this organization + and the organizations listed in the "orgs" field. The valid values for this + field include the following: + + AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic + in the organizations listed in the `orgs` field. + + AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` + field to evaluate the traffic in this organization. + + For the authorization relationship to take effect, all of the organizations + must authorize and specify the appropriate relationship direction. For + example, if organization A authorized organization B and C to evaluate its + traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization + direction, organizations B and C must specify + "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their + "AuthorizedOrgsDesc" resource. + immutable: true + enum_values: + - 'AUTHORIZATION_DIRECTION_TO' + - 'AUTHORIZATION_DIRECTION_FROM' + - name: 'authorizationType' + type: Enum + description: | + A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". + immutable: true + enum_values: + - 'AUTHORIZATION_TYPE_TRUST' +properties: + - name: 'createTime' + type: Time + description: | + Time the AuthorizedOrgsDesc was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the AuthorizedOrgsDesc was updated in UTC. + output: true diff --git a/mmv1/products/accesscontextmanager/go_EgressPolicy.yaml b/mmv1/products/accesscontextmanager/go_EgressPolicy.yaml new file mode 100644 index 000000000000..4b26c2008ae9 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_EgressPolicy.yaml @@ -0,0 +1,79 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EgressPolicy' +description: | + This resource has been deprecated, please refer to ServicePerimeterEgressPolicy. +references: + guides: + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy' +docs: +id_format: '{{egress_policy_name}}/{{resource}}' +base_url: '' +self_link: '{{egress_policy_name}}' +create_url: '{{egress_policy_name}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +import_format: + - '{{egress_policy_name}}/{{resource}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - resource +nested_query: + keys: + - status + - resources + is_list_of_ids: true + modify_by_patch: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_egress_policy.go.tmpl' +exclude_tgc: true +skip_sweeper: true +parameters: + - name: 'egressPolicyName' + type: ResourceRef + description: | + The name of the Service Perimeter to add this resource to. + url_param_only: true + required: true + immutable: true + resource: 'ServicePerimeter' + imports: 'name' +properties: + - name: 'resource' + type: String + description: | + A GCP resource that is inside of the service perimeter. + required: true + immutable: true diff --git a/mmv1/products/accesscontextmanager/go_GcpUserAccessBinding.yaml b/mmv1/products/accesscontextmanager/go_GcpUserAccessBinding.yaml new file mode 100644 index 000000000000..e4280b48dcaa --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_GcpUserAccessBinding.yaml @@ -0,0 +1,91 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'GcpUserAccessBinding' +description: | + Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access. +references: + guides: + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/organizations.gcpUserAccessBindings' +docs: +id_format: '{{name}}' +base_url: 'organizations/{{organization_id}}/gcpUserAccessBindings' +self_link: '{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/set_id_name_with_slashes.go.tmpl' +exclude_tgc: true +examples: + - name: 'access_context_manager_gcp_user_access_binding_basic' + primary_resource_id: 'gcp_user_access_binding' + vars: + group_id: 'my-identity-group' + access_level_id: 'access_level_id_for_user_access_binding' + access_level_name: 'chromeos_no_lock' + test_env_vars: + org_id: 'ORG_ID' + org_domain: 'ORG_DOMAIN' + cust_id: 'CUST_ID' + skip_test: true +parameters: + - name: 'organizationId' + type: String + description: | + Required. ID of the parent organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" + output: true + - name: 'groupKey' + type: String + description: | + Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht" + required: true + immutable: true + - name: 'accessLevels' + type: Array + description: | + Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted" + required: true + item_type: + type: String + min_size: 1 + max_size: 1 diff --git a/mmv1/products/accesscontextmanager/go_IngressPolicy.yaml b/mmv1/products/accesscontextmanager/go_IngressPolicy.yaml new file mode 100644 index 000000000000..ae95287f2d22 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_IngressPolicy.yaml @@ -0,0 +1,79 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'IngressPolicy' +description: | + This resource has been deprecated, please refer to ServicePerimeterIngressPolicy. +references: + guides: + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy' +docs: +id_format: '{{ingress_policy_name}}/{{resource}}' +base_url: '' +self_link: '{{ingress_policy_name}}' +create_url: '{{ingress_policy_name}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +import_format: + - '{{ingress_policy_name}}/{{resource}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - resource +nested_query: + keys: + - status + - resources + is_list_of_ids: true + modify_by_patch: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl' +exclude_tgc: true +skip_sweeper: true +parameters: + - name: 'ingressPolicyName' + type: ResourceRef + description: | + The name of the Service Perimeter to add this resource to. + url_param_only: true + required: true + immutable: true + resource: 'ServicePerimeter' + imports: 'name' +properties: + - name: 'resource' + type: String + description: | + A GCP resource that is inside of the service perimeter. + required: true + immutable: true diff --git a/mmv1/products/accesscontextmanager/go_ServicePerimeter.yaml b/mmv1/products/accesscontextmanager/go_ServicePerimeter.yaml new file mode 100644 index 000000000000..e85986dff856 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_ServicePerimeter.yaml @@ -0,0 +1,769 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServicePerimeter' +description: | + ServicePerimeter describes a set of GCP resources which can freely import + and export data amongst themselves, but not export outside of the + ServicePerimeter. If a request with a source within this ServicePerimeter + has a target outside of the ServicePerimeter, the request will be blocked. + Otherwise the request is allowed. There are two types of Service Perimeter + - Regular and Bridge. Regular Service Perimeters cannot overlap, a single + GCP project can only belong to a single regular Service Perimeter. Service + Perimeter Bridges can contain only GCP projects as members, a single GCP + project may belong to multiple Service Perimeter Bridges. +references: + guides: + 'Service Perimeter Quickstart': 'https://cloud.google.com/vpc-service-controls/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{name}}' +base_url: '' +self_link: '{{name}}' +create_url: '{{parent}}/servicePerimeters' +update_verb: 'PATCH' +update_mask: true +mutex: '{{name}}' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/access_level_never_send_parent.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl' +skip_sweeper: true +examples: + - name: 'access_context_manager_service_perimeter_basic' + primary_resource_id: 'service-perimeter' + vars: + access_level_name: 'chromeos_no_lock' + service_perimeter_name: 'restrict_storage' + skip_test: true + - name: 'access_context_manager_service_perimeter_secure_data_exchange' + primary_resource_id: 'secure-data-exchange' + vars: + access_level_name: 'secure_data_exchange' + skip_test: true + - name: 'access_context_manager_service_perimeter_dry-run' + primary_resource_id: 'service-perimeter' + vars: + service_perimeter_name: 'restrict_bigquery_dryrun_storage' + skip_test: true +parameters: + - name: 'parent' + type: String + description: | + The AccessPolicy this ServicePerimeter lives in. + Format: accessPolicies/{policy_id} + required: true + immutable: true + ignore_read: true + - name: 'name' + type: String + description: | + Resource name for the ServicePerimeter. The short_name component must + begin with a letter and only include alphanumeric and '_'. + Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} + required: true + immutable: true +properties: + - name: 'title' + type: String + description: | + Human readable title. Must be unique within the Policy. + required: true + - name: 'description' + type: String + description: | + Description of the ServicePerimeter and its use. Does not affect + behavior. + - name: 'createTime' + type: Time + description: | + Time the AccessPolicy was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the AccessPolicy was updated in UTC. + output: true + - name: 'perimeterType' + type: Enum + description: | + Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "PERIMETER_TYPE_REGULAR" + enum_values: + - 'PERIMETER_TYPE_REGULAR' + - 'PERIMETER_TYPE_BRIDGE' + - name: 'status' + type: NestedObject + description: | + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + - name: 'resources' + type: Array + description: | + A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + is_set: true + at_least_one_of: + - 'status.0.resources' + - 'status.0.access_levels' + - 'status.0.restricted_services' + item_type: + type: String + - name: 'accessLevels' + type: Array + description: | + A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. + AccessLevels listed must be in the same policy as this + ServicePerimeter. Referencing a nonexistent AccessLevel is a + syntax error. If no AccessLevel names are listed, resources within + the perimeter can only be accessed via GCP calls with request + origins within the perimeter. For Service Perimeter Bridge, must + be empty. + + Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} + is_set: true + at_least_one_of: + - 'status.0.resources' + - 'status.0.access_levels' + - 'status.0.restricted_services' + item_type: + type: String + - name: 'restrictedServices' + type: Array + description: | + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + `storage.googleapis.com` is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + is_set: true + at_least_one_of: + - 'status.0.resources' + - 'status.0.access_levels' + - 'status.0.restricted_services' + item_type: + type: String + - name: 'vpcAccessibleServices' + type: NestedObject + description: | + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + - name: 'enableRestriction' + type: Boolean + description: | + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + - name: 'allowedServices' + type: Array + description: | + The list of APIs usable within the Service Perimeter. + Must be empty unless `enableRestriction` is True. + is_set: true + item_type: + type: String + - name: 'ingressPolicies' + type: Array + description: | + List of `IngressPolicies` to apply to the perimeter. A perimeter may + have multiple `IngressPolicies`, each of which is evaluated + separately. Access is granted if any `Ingress Policy` grants it. + Must be empty for a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'ingressFrom' + type: NestedObject + description: | + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + is_set: true + item_type: + type: String + - name: 'sources' + type: Array + description: | + Sources that this `IngressPolicy` authorizes access from. + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: | + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + - name: 'resource' + type: String + description: | + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + - name: 'ingressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'egressPolicies' + type: Array + description: | + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'egressFrom' + type: NestedObject + description: | + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'sources' + type: Array + description: 'Sources that this EgressPolicy authorizes access from.' + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: 'An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.' + - name: 'sourceRestriction' + type: Enum + description: 'Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.' + enum_values: + - 'SOURCE_RESTRICTION_UNSPECIFIED' + - 'SOURCE_RESTRICTION_ENABLED' + - 'SOURCE_RESTRICTION_DISABLED' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + is_set: true + item_type: + type: String + - name: 'egressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + is_set: true + item_type: + type: String + - name: 'externalResources' + type: Array + description: | + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'spec' + type: NestedObject + description: | + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the `useExplicitDryRunSpec` flag is set. + properties: + - name: 'resources' + type: Array + description: | + A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + is_set: true + at_least_one_of: + - 'spec.0.resources' + - 'spec.0.access_levels' + - 'spec.0.restricted_services' + item_type: + type: String + - name: 'accessLevels' + type: Array + description: | + A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. + AccessLevels listed must be in the same policy as this + ServicePerimeter. Referencing a nonexistent AccessLevel is a + syntax error. If no AccessLevel names are listed, resources within + the perimeter can only be accessed via GCP calls with request + origins within the perimeter. For Service Perimeter Bridge, must + be empty. + + Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} + is_set: true + at_least_one_of: + - 'spec.0.resources' + - 'spec.0.access_levels' + - 'spec.0.restricted_services' + item_type: + type: String + - name: 'restrictedServices' + type: Array + description: | + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + `storage.googleapis.com` is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + is_set: true + at_least_one_of: + - 'spec.0.resources' + - 'spec.0.access_levels' + - 'spec.0.restricted_services' + item_type: + type: String + - name: 'vpcAccessibleServices' + type: NestedObject + description: | + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + - name: 'enableRestriction' + type: Boolean + description: | + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + - name: 'allowedServices' + type: Array + description: | + The list of APIs usable within the Service Perimeter. + Must be empty unless `enableRestriction` is True. + is_set: true + item_type: + type: String + - name: 'ingressPolicies' + type: Array + description: | + List of `IngressPolicies` to apply to the perimeter. A perimeter may + have multiple `IngressPolicies`, each of which is evaluated + separately. Access is granted if any `Ingress Policy` grants it. + Must be empty for a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'ingressFrom' + type: NestedObject + description: | + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + is_set: true + item_type: + type: String + - name: 'sources' + type: Array + description: | + Sources that this `IngressPolicy` authorizes access from. + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: | + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + - name: 'resource' + type: String + description: | + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + - name: 'ingressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'egressPolicies' + type: Array + description: | + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'egressFrom' + type: NestedObject + description: | + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'sources' + type: Array + description: 'Sources that this EgressPolicy authorizes access from.' + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: 'An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.' + - name: 'sourceRestriction' + type: Enum + description: 'Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.' + enum_values: + - 'SOURCE_RESTRICTION_UNSPECIFIED' + - 'SOURCE_RESTRICTION_ENABLED' + - 'SOURCE_RESTRICTION_DISABLED' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + is_set: true + item_type: + type: String + - name: 'egressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + is_set: true + item_type: + type: String + - name: 'externalResources' + type: Array + description: | + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'useExplicitDryRunSpec' + type: Boolean + description: | + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. diff --git a/mmv1/products/accesscontextmanager/go_ServicePerimeterDryRunResource.yaml b/mmv1/products/accesscontextmanager/go_ServicePerimeterDryRunResource.yaml new file mode 100644 index 000000000000..33401434214b --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_ServicePerimeterDryRunResource.yaml @@ -0,0 +1,106 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServicePerimeterDryRunResource' +description: | + Allows configuring a single GCP resource that should be inside of the `spec` block of a dry run service perimeter. + This resource is intended to be used in cases where it is not possible to compile a full list + of projects to include in a `google_access_context_manager_service_perimeter` resource, + to enable them to be added separately. + If your perimeter is NOT in dry-run mode use `google_access_context_manager_service_perimeter_resource` instead. + + ~> **Note:** If this resource is used alongside a `google_access_context_manager_service_perimeter` resource, + the service perimeter resource must have a `lifecycle` block with `ignore_changes = [spec[0].resources]` so + they don't fight over which resources should be in the policy. +references: + guides: + 'Service Perimeter Quickstart': 'https://cloud.google.com/vpc-service-controls/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{perimeter_name}}/{{resource}}' +base_url: '' +self_link: '{{perimeter_name}}' +create_url: '{{perimeter_name}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +mutex: '{{perimeter_name}}' +import_format: + - '{{perimeter_name}}/{{resource}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - resource +nested_query: + keys: + - spec + - resources + is_list_of_ids: true + modify_by_patch: true +custom_code: + pre_create: 'templates/terraform/pre_create/go/access_context_manager_service_perimeter_dry_run_resource.go.tmpl' + pre_update: 'templates/terraform/pre_create/go/access_context_manager_service_perimeter_dry_run_resource.go.tmpl' + pre_delete: 'templates/terraform/pre_create/go/access_context_manager_service_perimeter_dry_run_resource.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_resource.go.tmpl' +exclude_tgc: true +skip_sweeper: true +examples: + - name: 'access_context_manager_service_perimeter_dry_run_resource_basic' + primary_resource_id: 'service-perimeter-dry-run-resource' + vars: + service_perimeter_name: 'restrict_all' + skip_test: true +parameters: + - name: 'perimeterName' + type: ResourceRef + description: | + The name of the Service Perimeter to add this resource to. + url_param_only: true + required: true + immutable: true + resource: 'ServicePerimeter' + imports: 'name' +properties: + - name: 'resource' + type: String + description: | + A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + required: true + immutable: true diff --git a/mmv1/products/accesscontextmanager/go_ServicePerimeterEgressPolicy.yaml b/mmv1/products/accesscontextmanager/go_ServicePerimeterEgressPolicy.yaml new file mode 100644 index 000000000000..849dea461231 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_ServicePerimeterEgressPolicy.yaml @@ -0,0 +1,185 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServicePerimeterEgressPolicy' +description: | + EgressPolicies match requests based on egressFrom and egressTo stanzas. + For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. + If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter + boundary. For example, an EgressPolicy can be used to allow VMs on networks + within the ServicePerimeter to access a defined set of projects outside the + perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket + or query against a BigQuery dataset). + + ~> **Note:** By default, updates to this resource will remove the EgressPolicy from the + from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy + is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. +references: + guides: + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy' +docs: +id_format: '{{perimeter}}' +base_url: '' +self_link: '{{perimeter}}' +create_url: '{{perimeter}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +mutex: '{{perimeter}}' +import_format: + - '{{perimeter}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - egressFrom + - egressTo +nested_query: + keys: + - status + - egressPolicies + is_list_of_ids: false + modify_by_patch: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl' +exclude_tgc: true +skip_sweeper: true +examples: + - name: 'access_context_manager_service_perimeter_egress_policy' + skip_test: true +parameters: + - name: 'perimeter' + type: ResourceRef + description: | + The name of the Service Perimeter to add this resource to. + url_param_only: true + required: true + resource: 'ServicePerimeter' + imports: 'name' +properties: + - name: 'egressFrom' + type: NestedObject + description: | + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + enum_values: + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + item_type: + type: String + - name: 'sources' + type: Array + description: 'Sources that this EgressPolicy authorizes access from.' + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: 'An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.' + - name: 'sourceRestriction' + type: Enum + description: 'Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.' + enum_values: + - 'SOURCE_RESTRICTION_UNSPECIFIED' + - 'SOURCE_RESTRICTION_ENABLED' + - 'SOURCE_RESTRICTION_DISABLED' + - name: 'egressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + item_type: + type: String + - name: 'externalResources' + type: Array + description: | + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. diff --git a/mmv1/products/accesscontextmanager/go_ServicePerimeterIngressPolicy.yaml b/mmv1/products/accesscontextmanager/go_ServicePerimeterIngressPolicy.yaml new file mode 100644 index 000000000000..e5d15022dc31 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_ServicePerimeterIngressPolicy.yaml @@ -0,0 +1,193 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServicePerimeterIngressPolicy' +description: | + IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, + both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, + the request is allowed through the perimeter boundary from outside the perimeter. + For example, access from the internet can be allowed either based on an AccessLevel or, + for traffic hosted on Google Cloud, the project of the source network. + For access from private networks, using the project of the hosting network is required. + Individual ingress policies can be limited by restricting which services and/ + or actions they match using the ingressTo field. + + ~> **Note:** By default, updates to this resource will remove the IngressPolicy from the + from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy + is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. +references: + guides: + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy' +docs: +id_format: '{{perimeter}}' +base_url: '' +self_link: '{{perimeter}}' +create_url: '{{perimeter}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +mutex: '{{perimeter}}' +import_format: + - '{{perimeter}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - ingressFrom + - ingressTo +nested_query: + keys: + - status + - ingressPolicies + is_list_of_ids: false + modify_by_patch: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl' +exclude_tgc: true +skip_sweeper: true +examples: + - name: 'access_context_manager_service_perimeter_ingress_policy' + skip_test: true +parameters: + - name: 'perimeter' + type: ResourceRef + description: | + The name of the Service Perimeter to add this resource to. + url_param_only: true + required: true + resource: 'ServicePerimeter' + imports: 'name' +properties: + - name: 'ingressFrom' + type: NestedObject + description: | + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + enum_values: + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + item_type: + type: String + - name: 'sources' + type: Array + description: | + Sources that this `IngressPolicy` authorizes access from. + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: | + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + - name: 'resource' + type: String + description: | + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + - name: 'ingressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. diff --git a/mmv1/products/accesscontextmanager/go_ServicePerimeterResource.yaml b/mmv1/products/accesscontextmanager/go_ServicePerimeterResource.yaml new file mode 100644 index 000000000000..47a67d2a16b1 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_ServicePerimeterResource.yaml @@ -0,0 +1,103 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServicePerimeterResource' +description: | + Allows configuring a single GCP resource that should be inside the `status` block of a service perimeter. + This resource is intended to be used in cases where it is not possible to compile a full list + of projects to include in a `google_access_context_manager_service_perimeter` resource, + to enable them to be added separately. + If your perimeter is in dry-run mode use `google_access_context_manager_service_perimeter_dry_run_resource` instead. + + ~> **Note:** If this resource is used alongside a `google_access_context_manager_service_perimeter` resource, + the service perimeter resource must have a `lifecycle` block with `ignore_changes = [status[0].resources]` so + they don't fight over which resources should be in the policy. +references: + guides: + 'Service Perimeter Quickstart': 'https://cloud.google.com/vpc-service-controls/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: '{{perimeter_name}}/{{resource}}' +base_url: '' +self_link: '{{perimeter_name}}' +create_url: '{{perimeter_name}}' +create_verb: 'PATCH' +update_mask: true +delete_verb: 'PATCH' +immutable: true +mutex: '{{perimeter_name}}' +import_format: + - '{{perimeter_name}}/{{resource}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - resource +nested_query: + keys: + - status + - resources + is_list_of_ids: true + modify_by_patch: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_resource.go.tmpl' +exclude_tgc: true +skip_sweeper: true +examples: + - name: 'access_context_manager_service_perimeter_resource_basic' + primary_resource_id: 'service-perimeter-resource' + vars: + service_perimeter_name: 'restrict_all' + skip_test: true +parameters: + - name: 'perimeterName' + type: ResourceRef + description: | + The name of the Service Perimeter to add this resource to. + url_param_only: true + required: true + immutable: true + resource: 'ServicePerimeter' + imports: 'name' +properties: + - name: 'resource' + type: String + description: | + A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + required: true + immutable: true diff --git a/mmv1/products/accesscontextmanager/go_ServicePerimeters.yaml b/mmv1/products/accesscontextmanager/go_ServicePerimeters.yaml new file mode 100644 index 000000000000..3f7bdc130a8c --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_ServicePerimeters.yaml @@ -0,0 +1,766 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServicePerimeters' +description: | + Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically. + This is a bulk edit of all Service Perimeters and may override existing Service Perimeters created by `google_access_context_manager_service_perimeter`, + thus causing a permadiff if used alongside `google_access_context_manager_service_perimeter` on the same parent. +references: + guides: + 'Service Perimeter Quickstart': 'https://cloud.google.com/vpc-service-controls/docs/quickstart' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters' +docs: +id_format: '{{parent}}/servicePerimeters' +base_url: '{{parent}}/servicePerimeters:replaceAll' +self_link: '{{parent}}/servicePerimeters' +update_url: '{{parent}}/servicePerimeters:replaceAll' +update_verb: 'POST' +import_format: + - '{{parent}}/servicePerimeters' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_delete: 'templates/terraform/custom_delete/go/replace_all_service_perimeters_empty_list.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_access_policy.go.tmpl' +skip_sweeper: true +examples: + - name: 'access_context_manager_service_perimeters_basic' + primary_resource_id: 'service-perimeter' + vars: + access_level_name: 'chromeos_no_lock' + service_perimeter_name: 'restrict_storage' + skip_test: true +parameters: + - name: 'parent' + type: String + description: | + The AccessPolicy this ServicePerimeter lives in. + Format: accessPolicies/{policy_id} + required: true + immutable: true + ignore_read: true +properties: + - name: 'servicePerimeters' + type: Array + description: | + The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy. + custom_flatten: 'templates/terraform/custom_flatten/go/accesscontextmanager_serviceperimeters_custom_flatten.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Resource name for the ServicePerimeter. The short_name component must + begin with a letter and only include alphanumeric and '_'. + Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} + required: true + immutable: true + - name: 'title' + type: String + description: | + Human readable title. Must be unique within the Policy. + required: true + - name: 'description' + type: String + description: | + Description of the ServicePerimeter and its use. Does not affect + behavior. + - name: 'createTime' + type: Time + description: | + Time the AccessPolicy was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the AccessPolicy was updated in UTC. + output: true + - name: 'perimeterType' + type: Enum + description: | + Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "PERIMETER_TYPE_REGULAR" + enum_values: + - 'PERIMETER_TYPE_REGULAR' + - 'PERIMETER_TYPE_BRIDGE' + - name: 'status' + type: NestedObject + description: | + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + - name: 'resources' + type: Array + description: | + A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # at_least_one_of: + # - status.0.resources + # - status.0.access_levels + # - status.0.restricted_services + is_set: true + item_type: + type: String + - name: 'accessLevels' + type: Array + description: | + A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. + AccessLevels listed must be in the same policy as this + ServicePerimeter. Referencing a nonexistent AccessLevel is a + syntax error. If no AccessLevel names are listed, resources within + the perimeter can only be accessed via GCP calls with request + origins within the perimeter. For Service Perimeter Bridge, must + be empty. + + Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} + # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # at_least_one_of: + # - status.0.resources + # - status.0.access_levels + # - status.0.restricted_services + is_set: true + item_type: + type: String + - name: 'restrictedServices' + type: Array + description: | + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + `storage.googleapis.com` is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # at_least_one_of: + # - status.0.resources + # - status.0.access_levels + # - status.0.restricted_services + is_set: true + item_type: + type: String + - name: 'vpcAccessibleServices' + type: NestedObject + description: | + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + - name: 'enableRestriction' + type: Boolean + description: | + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + - name: 'allowedServices' + type: Array + description: | + The list of APIs usable within the Service Perimeter. + Must be empty unless `enableRestriction` is True. + is_set: true + item_type: + type: String + - name: 'ingressPolicies' + type: Array + description: | + List of `IngressPolicies` to apply to the perimeter. A perimeter may + have multiple `IngressPolicies`, each of which is evaluated + separately. Access is granted if any `Ingress Policy` grants it. + Must be empty for a perimeter bridge. + is_set: true + item_type: + type: NestedObject + properties: + - name: 'ingressFrom' + type: NestedObject + description: | + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + is_set: true + item_type: + type: String + - name: 'sources' + type: Array + description: | + Sources that this `IngressPolicy` authorizes access from. + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: | + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + - name: 'resource' + type: String + description: | + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + - name: 'ingressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'egressPolicies' + type: Array + description: | + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'egressFrom' + type: NestedObject + description: | + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + is_set: true + item_type: + type: String + - name: 'sources' + type: Array + description: 'Sources that this EgressPolicy authorizes access from.' + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: 'An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.' + - name: 'sourceRestriction' + type: Enum + description: 'Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.' + enum_values: + - 'SOURCE_RESTRICTION_UNSPECIFIED' + - 'SOURCE_RESTRICTION_ENABLED' + - 'SOURCE_RESTRICTION_DISABLED' + - name: 'egressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + is_set: true + item_type: + type: String + - name: 'externalResources' + type: Array + description: | + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'spec' + type: NestedObject + description: | + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the `useExplicitDryRunSpec` flag is set. + properties: + - name: 'resources' + type: Array + description: | + A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # at_least_one_of: + # - spec.0.resources + # - spec.0.access_levels + # - spec.0.restricted_services + is_set: true + item_type: + type: String + - name: 'accessLevels' + type: Array + description: | + A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. + AccessLevels listed must be in the same policy as this + ServicePerimeter. Referencing a nonexistent AccessLevel is a + syntax error. If no AccessLevel names are listed, resources within + the perimeter can only be accessed via GCP calls with request + origins within the perimeter. For Service Perimeter Bridge, must + be empty. + + Format: accessPolicies/{policy_id}/accessLevels/{access_level_name} + # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # at_least_one_of: + # - spec.0.resources + # - spec.0.access_levels + # - spec.0.restricted_services + is_set: true + item_type: + type: String + - name: 'restrictedServices' + type: Array + description: | + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + `storage.googleapis.com` is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # at_least_one_of: + # - spec.0.resources + # - spec.0.access_levels + # - spec.0.restricted_services + is_set: true + item_type: + type: String + - name: 'vpcAccessibleServices' + type: NestedObject + description: | + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + - name: 'enableRestriction' + type: Boolean + description: | + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + - name: 'allowedServices' + type: Array + description: | + The list of APIs usable within the Service Perimeter. + Must be empty unless `enableRestriction` is True. + is_set: true + item_type: + type: String + - name: 'ingressPolicies' + type: Array + description: | + List of `IngressPolicies` to apply to the perimeter. A perimeter may + have multiple `IngressPolicies`, each of which is evaluated + separately. Access is granted if any `Ingress Policy` grants it. + Must be empty for a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'ingressFrom' + type: NestedObject + description: | + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + is_set: true + item_type: + type: String + - name: 'sources' + type: Array + description: | + Sources that this `IngressPolicy` authorizes access from. + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: | + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + - name: 'resource' + type: String + description: | + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + - name: 'ingressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'egressPolicies' + type: Array + description: | + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + item_type: + type: NestedObject + properties: + - name: 'egressFrom' + type: NestedObject + description: | + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + properties: + - name: 'identityType' + type: Enum + description: | + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + enum_values: + - 'IDENTITY_TYPE_UNSPECIFIED' + - 'ANY_IDENTITY' + - 'ANY_USER_ACCOUNT' + - 'ANY_SERVICE_ACCOUNT' + - name: 'identities' + type: Array + description: | + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + is_set: true + item_type: + type: String + - name: 'sources' + type: Array + description: 'Sources that this EgressPolicy authorizes access from.' + item_type: + type: NestedObject + properties: + - name: 'accessLevel' + type: String + description: 'An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.' + - name: 'sourceRestriction' + type: Enum + description: 'Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.' + enum_values: + - 'SOURCE_RESTRICTION_UNSPECIFIED' + - 'SOURCE_RESTRICTION_ENABLED' + - 'SOURCE_RESTRICTION_DISABLED' + - name: 'egressTo' + type: NestedObject + description: | + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + properties: + - name: 'resources' + type: Array + description: | + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + is_set: true + item_type: + type: String + - name: 'externalResources' + type: Array + description: | + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + is_set: true + item_type: + type: String + - name: 'operations' + type: Array + description: | + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + item_type: + type: NestedObject + properties: + - name: 'serviceName' + type: String + description: | + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + - name: 'methodSelectors' + type: Array + description: | + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + item_type: + type: NestedObject + properties: + - name: 'method' + type: String + description: | + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + - name: 'permission' + type: String + description: | + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + - name: 'useExplicitDryRunSpec' + type: Boolean + description: | + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. diff --git a/mmv1/products/accesscontextmanager/go_product.yaml b/mmv1/products/accesscontextmanager/go_product.yaml new file mode 100644 index 000000000000..a6d7fbade4e6 --- /dev/null +++ b/mmv1/products/accesscontextmanager/go_product.yaml @@ -0,0 +1,34 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessContextManager' +display_name: 'Access Context Manager (VPC Service Controls)' +versions: + - name: 'ga' + base_url: 'https://accesscontextmanager.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' +async: + type: "OpAsync" + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' diff --git a/mmv1/products/activedirectory/Domain.yaml b/mmv1/products/activedirectory/Domain.yaml index 7ca646ef3565..b9aaf2e7f287 100644 --- a/mmv1/products/activedirectory/Domain.yaml +++ b/mmv1/products/activedirectory/Domain.yaml @@ -74,8 +74,8 @@ parameters: url_param_only: true immutable: true description: | - The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, - https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. + The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions + of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. validation: !ruby/object:Provider::Terraform::Validation function: 'verify.ValidateADDomainName()' properties: diff --git a/mmv1/products/activedirectory/DomainTrust.yaml b/mmv1/products/activedirectory/DomainTrust.yaml index e29652b1f4c1..60dcfd8d5a7d 100644 --- a/mmv1/products/activedirectory/DomainTrust.yaml +++ b/mmv1/products/activedirectory/DomainTrust.yaml @@ -78,8 +78,8 @@ parameters: url_param_only: true immutable: true description: | - The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, - https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. + The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions + of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. properties: - !ruby/object:Api::Type::String name: 'targetDomainName' diff --git a/mmv1/products/activedirectory/go_Domain.yaml b/mmv1/products/activedirectory/go_Domain.yaml new file mode 100644 index 000000000000..6b385c90e0ad --- /dev/null +++ b/mmv1/products/activedirectory/go_Domain.yaml @@ -0,0 +1,123 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Domain' +kind: 'activedirectory#domain' +description: Creates a Microsoft AD domain +references: + guides: + 'Managed Microsoft Active Directory Quickstart': 'https://cloud.google.com/managed-microsoft-ad/docs/quickstarts' + api: 'https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains' +docs: +id_format: '{{name}}' +base_url: 'projects/{{project}}/locations/global/domains' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/global/domains?domainName={{domain_name}}' +update_verb: 'PATCH' +update_mask: true +delete_url: 'projects/{{project}}/locations/global/domains/{{domain_name}}' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 +autogen_async: true +async: + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/self_link_as_name.tmpl' +error_abort_predicates: + + - 'transport_tpg.Is429QuotaError' +examples: + - name: 'active_directory_domain_basic' + primary_resource_id: 'ad-domain' + vars: + name: 'myorg' + domain_name: 'tfgen' + skip_test: true +parameters: + - name: 'domainName' + type: String + description: | + The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions + of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. + url_param_only: true + required: true + immutable: true + validation: + function: 'verify.ValidateADDomainName()' +properties: + - name: 'name' + type: String + description: + 'The unique name of the domain using the format: + `projects/{project}/locations/global/domains/{domainName}`.' + output: true + - name: 'labels' + type: KeyValueLabels + description: 'Resource labels that can contain user-provided metadata' + immutable: false + - name: 'authorizedNetworks' + type: Array + description: | + The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks. + If CIDR subnets overlap between networks, domain creation will fail. + is_set: true + item_type: + type: String + - name: 'reservedIpRange' + type: String + description: | + The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger. + Ranges must be unique and non-overlapping with existing subnets in authorizedNetworks + required: true + immutable: true + - name: 'locations' + type: Array + description: | + Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/] + e.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block. + required: true + item_type: + type: String + - name: 'admin' + type: String + description: | + The name of delegated administrator account used to perform Active Directory operations. + If not specified, setupadmin will be used. + immutable: true + default_value: setupadmin + - name: 'fqdn' + type: String + description: | + The fully-qualified domain name of the exposed domain used by clients to connect to the service. + Similar to what would be chosen for an Active Directory set up on an internal network. + output: true diff --git a/mmv1/products/activedirectory/go_DomainTrust.yaml b/mmv1/products/activedirectory/go_DomainTrust.yaml new file mode 100644 index 000000000000..5540fc424a36 --- /dev/null +++ b/mmv1/products/activedirectory/go_DomainTrust.yaml @@ -0,0 +1,122 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DomainTrust' +kind: 'activedirectory#trust' +description: Adds a trust between Active Directory domains +references: + guides: + 'Active Directory Trust': 'https://cloud.google.com/managed-microsoft-ad/docs/create-one-way-trust' + api: 'https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains/attachTrust' +docs: +id_format: 'projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}' +base_url: 'projects/{{project}}/locations/global/domains' +self_link: 'projects/{{project}}/locations/global/domains/{{domain}}' +create_url: 'projects/{{project}}/locations/global/domains/{{domain}}:attachTrust' +update_url: 'projects/{{project}}/locations/global/domains/{{domain}}:reconfigureTrust' +update_verb: 'POST' +delete_url: 'projects/{{project}}/locations/global/domains/{{domain}}:detachTrust' +delete_verb: 'POST' +import_format: + - 'projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - targetDomainName +nested_query: + keys: + - trusts + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/active_directory_domain_trust.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/active_directory_domain_trust.go.tmpl' + decoder: 'templates/terraform/decoders/go/unwrap_resource.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/active_directory_domain_trust.go.tmpl' +examples: + - name: 'active_directory_domain_trust_basic' + primary_resource_id: 'ad-domain-trust' + skip_test: true +parameters: + - name: 'domain' + type: String + description: | + The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions + of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. + url_param_only: true + required: true + immutable: true +properties: + - name: 'targetDomainName' + type: String + description: + 'The fully qualified target domain name which will be in trust with the + current domain.' + required: true + - name: 'trustType' + type: Enum + description: 'The type of trust represented by the trust resource.' + required: true + immutable: true + enum_values: + - 'FOREST' + - 'EXTERNAL' + - name: 'trustDirection' + type: Enum + description: + 'The trust direction, which decides if the current domain is trusted, + trusting, or both.' + required: true + immutable: true + enum_values: + - 'INBOUND' + - 'OUTBOUND' + - 'BIDIRECTIONAL' + - name: 'selectiveAuthentication' + type: Boolean + description: | + Whether the trusted side has forest/domain wide access or selective access to an approved set of resources. + immutable: true + - name: 'targetDnsIpAddresses' + type: Array + description: | + The target DNS server IP addresses which can resolve the remote domain involved in the trust. + is_set: true + required: true + item_type: + type: String + - name: 'trustHandshakeSecret' + type: String + description: | + The trust secret used for the handshake with the target domain. This will not be stored. + required: true + immutable: true + ignore_read: true + sensitive: true diff --git a/mmv1/products/activedirectory/go_Peering.yaml b/mmv1/products/activedirectory/go_Peering.yaml new file mode 100644 index 000000000000..97a81343d131 --- /dev/null +++ b/mmv1/products/activedirectory/go_Peering.yaml @@ -0,0 +1,109 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Peering' +kind: 'activedirectory#peering' +description: Creates a Peering for Managed AD instance. +min_version: 'beta' +references: + guides: + 'Active Directory Domain Peering': 'https://cloud.google.com/managed-microsoft-ad/docs/domain-peering' + api: 'https://cloud.google.com/managed-microsoft-ad/reference/rest/v1beta1/projects.locations.global.peerings' +docs: +id_format: 'projects/{{project}}/locations/global/domains/{{peering_id}}' +base_url: 'projects/{{project}}/locations/global/peerings' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/global/peerings?peeringId={{peering_id}}' +update_verb: 'PATCH' +update_mask: false +delete_url: 'projects/{{project}}/locations/global/peerings/{{peering_id}}' +exclude_import: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'active_directory_peering_basic' + primary_resource_id: 'ad-domain-peering' + vars: + domain_name: 'ad.test.hashicorptest.com' + project_id: 'my-peered-project' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_test: true + skip_import_test: true +parameters: + - name: 'peeringId' + type: String + description: '' + min_version: 'beta' + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Unique name of the peering in this scope including projects and location using the form: projects/{projectId}/locations/global/peerings/{peeringId}. + min_version: 'beta' + output: true + - name: 'labels' + type: KeyValueLabels + description: 'Resource labels that can contain user-provided metadata' + min_version: 'beta' + immutable: false + - name: 'authorizedNetwork' + type: String + description: | + The full names of the Google Compute Engine networks to which the instance is connected. Caller needs to make sure that CIDR subnets do not overlap between networks, else peering creation will fail. + min_version: 'beta' + required: true + immutable: true + - name: 'domainResource' + type: String + description: | + Full domain resource path for the Managed AD Domain involved in peering. The resource path should be in the form projects/{projectId}/locations/global/domains/{domainName} + min_version: 'beta' + required: true + immutable: true + - name: 'status' + type: String + description: | + The current state of this Peering. + min_version: 'beta' + url_param_only: true + ignore_read: true + - name: 'statusMessage' + type: String + description: | + Additional information about the current status of this peering, if available. + + min_version: 'beta' + ignore_read: true diff --git a/tpgtools/api/orgpolicy/samples/folder_policy.yaml b/mmv1/products/activedirectory/go_product.yaml old mode 100755 new mode 100644 similarity index 54% rename from tpgtools/api/orgpolicy/samples/folder_policy.yaml rename to mmv1/products/activedirectory/go_product.yaml index 4a43fbb9052b..7ed90e7f66b8 --- a/tpgtools/api/orgpolicy/samples/folder_policy.yaml +++ b/mmv1/products/activedirectory/go_product.yaml @@ -1,31 +1,24 @@ -# Copyright 2021 Google LLC. All Rights Reserved. -# +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -dependencies: -- samples/basic.cloudresourcemanager.folder.json -description: A test of an orgpolicy policy for a folder -name: folder_policy -resource: samples/folder.policy.json -type: policy -updates: -- dependencies: - - samples/basic.cloudresourcemanager.folder.json - resource: samples/update_folder.policy.json -variables: -- name: org_id - type: org_id -- name: folder - type: resource_name + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ActiveDirectory' +display_name: 'Managed Microsoft Active Directory' versions: -- ga -- beta + - name: 'ga' + base_url: 'https://managedidentities.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://managedidentities.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/alloydb/Cluster.yaml b/mmv1/products/alloydb/Cluster.yaml index 67b4d85f02fd..ea2fcce5a130 100644 --- a/mmv1/products/alloydb/Cluster.yaml +++ b/mmv1/products/alloydb/Cluster.yaml @@ -18,6 +18,13 @@ docs: !ruby/object:Provider::Terraform::Docs Users can promote a secondary cluster to a primary cluster with the help of `cluster_type`. To promote, users have to set the `cluster_type` property as `PRIMARY` and remove the `secondary_config` field from cluster configuration. [See Example](https://github.com/hashicorp/terraform-provider-google/pull/16413). + + Switchover is supported in terraform by refreshing the state of the terraform configurations. + The switchover operation still needs to be called outside of terraform. + After the switchover operation is completed successfully: + 1. Refresh the state of the AlloyDB resources by running `terraform apply -refresh-only --auto-approve` . + 2. Manually update the terraform configuration file(s) to match the actual state of the resources by modifying the `cluster_type` and `secondary_config` fields. + 3. Verify the sync of terraform state by running `terraform plan` and ensure that the infrastructure matches the configuration and no changes are required. self_link: 'projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}' base_url: 'projects/{{project}}/locations/{{location}}/clusters' create_url: 'projects/{{project}}/locations/{{location}}/clusters?clusterId={{cluster_id}}' @@ -106,6 +113,17 @@ custom_code: !ruby/object:Provider::Terraform::CustomCode pre_create: templates/terraform/pre_create/alloydb_cluster.go.erb pre_update: templates/terraform/pre_update/alloydb_cluster.go.erb pre_delete: templates/terraform/pre_delete/alloydb_cluster.go.erb +virtual_fields: + - !ruby/object:Api::Type::Enum + name: 'deletion_policy' + description: | + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + values: + - :DEFAULT + - :FORCE + default_value: :DEFAULT parameters: - !ruby/object:Api::Type::String name: 'clusterId' @@ -208,6 +226,7 @@ properties: exactly_one_of: - network - network_config.0.network + - psc_config.0.psc_enabled default_from_api: true deprecation_message: >- `network` is deprecated and will be removed in a future major release. Instead, use `network_config` to define the network configuration. @@ -227,6 +246,7 @@ properties: exactly_one_of: - network - network_config.0.network + - psc_config.0.psc_enabled description: | The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". @@ -264,6 +284,13 @@ properties: default_from_api: true description: | The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. + - !ruby/object:Api::Type::NestedObject + name: 'pscConfig' + description: 'Configuration for Private Service Connect (PSC) for the cluster.' + properties: + - !ruby/object:Api::Type::Boolean + name: 'pscEnabled' + description: 'Create an instance that allows connections from Private Service Connect endpoints to the instance.' - !ruby/object:Api::Type::NestedObject name: 'initialUser' description: | @@ -547,14 +574,3 @@ properties: name: nanos description: | Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. -virtual_fields: - - !ruby/object:Api::Type::Enum - name: 'deletion_policy' - description: | - Policy to determine if the cluster should be deleted forcefully. - Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. - Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. - values: - - :DEFAULT - - :FORCE - default_value: :DEFAULT diff --git a/mmv1/products/alloydb/Instance.yaml b/mmv1/products/alloydb/Instance.yaml index 3204fef7377e..19c4763fc626 100644 --- a/mmv1/products/alloydb/Instance.yaml +++ b/mmv1/products/alloydb/Instance.yaml @@ -56,7 +56,6 @@ custom_code: !ruby/object:Provider::Terraform::CustomCode custom_import: templates/terraform/custom_import/alloydb_instance.go.erb pre_create: templates/terraform/pre_create/alloydb_instance.go.erb pre_delete: templates/terraform/pre_delete/alloydb_instance.go.erb - post_create: templates/terraform/post_create/alloydb_instance.go.erb examples: - !ruby/object:Provider::Terraform::Examples name: 'alloydb_instance_basic' @@ -237,6 +236,36 @@ properties: - !ruby/object:Api::Type::Integer name: 'queryPlansPerMinute' description: 'Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.' + - !ruby/object:Api::Type::NestedObject + name: 'observabilityConfig' + description: 'Configuration for enhanced query insights.' + default_from_api: true + min_version: beta + properties: + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: 'Observability feature status for an instance.' + - !ruby/object:Api::Type::Boolean + name: 'preserveComments' + description: 'Preserve comments in the query string.' + - !ruby/object:Api::Type::Boolean + name: 'trackWaitEvents' + description: 'Record wait events during query execution for an instance.' + - !ruby/object:Api::Type::Boolean + name: 'trackWaitEventTypes' + description: 'Record wait event types during query execution for an instance.' + - !ruby/object:Api::Type::Integer + name: 'maxQueryStringLength' + description: 'Query string length. The default value is 10240. Any integer between 1024 and 100000 is considered valid.' + - !ruby/object:Api::Type::Boolean + name: 'recordApplicationTags' + description: 'Record application tags for an instance. This flag is turned "on" by default.' + - !ruby/object:Api::Type::Integer + name: 'queryPlansPerMinute' + description: 'Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 200 is considered valid.' + - !ruby/object:Api::Type::Boolean + name: 'trackActiveQueries' + description: 'Track actively running queries. If not set, default value is "off".' - !ruby/object:Api::Type::NestedObject name: 'readPoolConfig' description: 'Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.' @@ -279,6 +308,32 @@ properties: values: - :ENCRYPTED_ONLY - :ALLOW_UNENCRYPTED_AND_ENCRYPTED + - !ruby/object:Api::Type::NestedObject + name: 'pscInstanceConfig' + description: | + Configuration for Private Service Connect (PSC) for the instance. + properties: + - !ruby/object:Api::Type::String + name: 'serviceAttachmentLink' + output: true + description: | + The service attachment created when Private Service Connect (PSC) is enabled for the instance. + The name of the resource will be in the format of + `projects//regions//serviceAttachments/` + - !ruby/object:Api::Type::Array + name: allowedConsumerProjects + item_type: Api::Type::String + description: | + List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance. + These should be specified as project numbers only. + item_validation: !ruby/object:Provider::Terraform::Validation + regex: '^\d+$' + - !ruby/object:Api::Type::String + name: 'pscDnsName' + output: true + description: | + The DNS name of the instance for PSC connectivity. + Name convention: ...alloydb-psc.goog - !ruby/object:Api::Type::NestedObject name: 'networkConfig' description: | diff --git a/mmv1/products/alloydb/go_Backup.yaml b/mmv1/products/alloydb/go_Backup.yaml new file mode 100644 index 000000000000..c5ad9794c13b --- /dev/null +++ b/mmv1/products/alloydb/go_Backup.yaml @@ -0,0 +1,247 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Backup' +description: 'An AlloyDB Backup.' +references: + guides: + 'AlloyDB': 'https://cloud.google.com/alloydb/docs/' + api: 'https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.backups/create' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/backups' +self_link: 'projects/{{project}}/locations/{{location}}/backups/{{backup_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/backups?backupId={{backup_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/backups/{{backup_id}}' +timeouts: + insert_minutes: 10 + update_minutes: 10 + delete_minutes: 10 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false +custom_code: + encoder: 'templates/terraform/encoders/go/alloydb_backup.tmpl' +examples: + - name: 'alloydb_backup_basic' + primary_resource_id: 'default' + vars: + alloydb_backup_id: 'alloydb-backup' + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_test: true + - name: 'alloydb_backup_basic_test' + primary_resource_id: 'default' + vars: + alloydb_backup_id: 'alloydb-backup' + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_docs: true + - name: 'alloydb_backup_full' + primary_resource_id: 'default' + vars: + alloydb_backup_id: 'alloydb-backup' + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_test: true + - name: 'alloydb_backup_full_test' + primary_resource_id: 'default' + vars: + alloydb_backup_id: 'alloydb-backup' + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_docs: true + skip_vcr: true +parameters: + - name: 'backupId' + type: String + description: | + The ID of the alloydb backup. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The location where the alloydb backup should reside. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId} + output: true + - name: 'displayName' + type: String + description: | + User-settable and human-readable display name for the Backup. + - name: 'uid' + type: String + description: | + Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted. + output: true + - name: 'createTime' + type: Time + description: | + Output only. Create time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: Time + description: | + Output only. Update time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'deleteTime' + type: Time + description: | + Output only. Delete time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'labels' + type: KeyValueLabels + description: | + User-defined labels for the alloydb backup. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + immutable: false + - name: 'state' + type: String + description: Output only. The current state of the backup. + output: true + - name: 'type' + type: Enum + description: 'The backup type, which suggests the trigger for the backup.' + default_from_api: true + enum_values: + - 'TYPE_UNSPECIFIED' + - 'ON_DEMAND' + - 'AUTOMATED' + - 'CONTINUOUS' + - name: 'description' + type: String + description: 'User-provided description of the backup.' + - name: 'clusterUid' + type: String + description: 'Output only. The system-generated UID of the cluster which was used to create this resource.' + output: true + - name: 'clusterName' + type: String + description: + 'The full resource name of the backup source cluster (e.g., + projects/{project}/locations/{location}/clusters/{clusterId}).' + required: true + immutable: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'reconciling' + type: Boolean + description: | + Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource. + This can happen due to user-triggered updates or system actions like failover or maintenance. + output: true + - name: 'encryptionConfig' + type: NestedObject + description: | + EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). + properties: + - name: 'kmsKeyName' + type: String + description: | + The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. + immutable: true + - name: 'encryptionInfo' + type: NestedObject + description: | + EncryptionInfo describes the encryption information of a cluster or a backup. + output: true + properties: + - name: 'encryptionType' + type: Enum + description: 'Output only. Type of encryption.' + output: true + enum_values: + - 'TYPE_UNSPECIFIED' + - 'GOOGLE_DEFAULT_ENCRYPTION' + - 'CUSTOMER_MANAGED_ENCRYPTION' + - name: 'kmsKeyVersions' + type: Array + description: | + Output only. Cloud KMS key versions that are being used to protect the database or the backup. + output: true + item_type: + type: String + - name: 'etag' + type: String + description: 'For Resource freshness validation (https://google.aip.dev/154)' + output: true + - name: 'annotations' + type: KeyValueAnnotations + description: | + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - name: 'sizeBytes' + type: String + description: 'Output only. The size of the backup in bytes.' + output: true + - name: 'expiryTime' + type: String + description: | + Output only. The time at which after the backup is eligible to be garbage collected. + It is the duration specified by the backup's retention policy, added to the backup's createTime. + output: true + - name: 'expiryQuantity' + type: NestedObject + description: | + Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy. + Once the expiry quantity is over retention, the backup is eligible to be garbage collected. + output: true + properties: + - name: 'retentionCount' + type: Integer + description: | + Output only. The backup's position among its backups with the same source cluster and type, by descending chronological order create time (i.e. newest first). + output: true + - name: 'totalRetentionCount' + type: Integer + description: | + Output only. The length of the quantity-based queue, specified by the backup's retention policy. + output: true diff --git a/mmv1/products/alloydb/go_Cluster.yaml b/mmv1/products/alloydb/go_Cluster.yaml new file mode 100644 index 000000000000..0e8c4a2cd6c1 --- /dev/null +++ b/mmv1/products/alloydb/go_Cluster.yaml @@ -0,0 +1,570 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Cluster' +description: 'A managed alloydb cluster.' +references: + guides: + 'AlloyDB': 'https://cloud.google.com/alloydb/docs/' + api: 'https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters/create' +docs: + note: | + Users can promote a secondary cluster to a primary cluster with the help of `cluster_type`. + To promote, users have to set the `cluster_type` property as `PRIMARY` and remove the `secondary_config` field from cluster configuration. + [See Example](https://github.com/hashicorp/terraform-provider-google/pull/16413). + + Switchover is supported in terraform by refreshing the state of the terraform configurations. + The switchover operation still needs to be called outside of terraform. + After the switchover operation is completed successfully: + 1. Refresh the state of the AlloyDB resources by running `terraform apply -refresh-only --auto-approve` . + 2. Manually update the terraform configuration file(s) to match the actual state of the resources by modifying the `cluster_type` and `secondary_config` fields. + 3. Verify the sync of terraform state by running `terraform plan` and ensure that the infrastructure matches the configuration and no changes are required. +base_url: 'projects/{{project}}/locations/{{location}}/clusters' +self_link: 'projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/clusters?clusterId={{cluster_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/clusters/{{cluster_id}}' + - '{{cluster_id}}' +timeouts: + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: + pre_create: 'templates/terraform/pre_create/go/alloydb_cluster.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/alloydb_cluster.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/alloydb_cluster.go.tmpl' +skip_sweeper: true +examples: + - name: 'alloydb_cluster_basic' + primary_resource_id: 'default' + vars: + alloydb_cluster_name: 'alloydb-cluster' + - name: 'alloydb_cluster_full' + primary_resource_id: 'full' + vars: + alloydb_cluster_name: 'alloydb-cluster-full' + - name: 'alloydb_cluster_restore' + primary_resource_id: 'source' + vars: + alloydb_cluster_name: 'alloydb-source-cluster' + alloydb_backup_restored_cluster_name: 'alloydb-backup-restored' + alloydb_pitr_restored_cluster_name: 'alloydb-pitr-restored' + alloydb_backup_id: 'alloydb-backup' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedTestNetwork(t, "alloydb-instance-basic")' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_test: true + - name: 'alloydb_secondary_cluster_basic' + primary_resource_id: 'secondary' + vars: + alloydb_primary_cluster_name: 'alloydb-primary-cluster' + alloydb_primary_instance_name: 'alloydb-primary-instance' + alloydb_secondary_cluster_name: 'alloydb-secondary-cluster' + skip_test: true + - name: 'alloydb_secondary_cluster_basic_test' + primary_resource_id: 'secondary' + vars: + alloydb_primary_cluster_name: 'alloydb-primary-cluster' + alloydb_primary_instance_name: 'alloydb-primary-instance' + alloydb_secondary_cluster_name: 'alloydb-secondary-cluster' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + skip_docs: true +virtual_fields: + - name: 'deletion_policy' + description: | + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: Enum + default_value: "DEFAULT" +parameters: + - name: 'clusterId' + type: String + description: | + The ID of the alloydb cluster. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The location where the alloydb cluster should reside. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The name of the cluster resource. + output: true + - name: 'uid' + type: String + description: | + The system-generated UID of the resource. + output: true + - name: 'labels' + type: KeyValueLabels + description: 'User-defined labels for the alloydb cluster.' + immutable: false + - name: 'encryptionConfig' + type: NestedObject + description: | + EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). + properties: + - name: 'kmsKeyName' + type: String + description: | + The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. + immutable: true + - name: 'encryptionInfo' + type: NestedObject + description: | + EncryptionInfo describes the encryption information of a cluster or a backup. + output: true + properties: + - name: 'encryptionType' + type: Enum + description: 'Output only. Type of encryption.' + output: true + enum_values: + - 'TYPE_UNSPECIFIED' + - 'GOOGLE_DEFAULT_ENCRYPTION' + - 'CUSTOMER_MANAGED_ENCRYPTION' + - name: 'kmsKeyVersions' + type: Array + description: | + Output only. Cloud KMS key versions that are being used to protect the database or the backup. + output: true + item_type: + type: String + - name: 'continuousBackupInfo' + type: NestedObject + description: | + ContinuousBackupInfo describes the continuous backup properties of a cluster. + output: true + properties: + - name: 'enabledTime' + type: String + description: | + When ContinuousBackup was most recently enabled. Set to null if ContinuousBackup is not enabled. + output: true + - name: 'schedule' + type: Array + description: | + Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request. + output: true + item_type: + type: String + - name: 'earliestRestorableTime' + type: String + description: | + The earliest restorable time that can be restored to. Output only field. + output: true + - name: 'encryptionInfo' + type: NestedObject + description: | + Output only. The encryption information for the WALs and backups required for ContinuousBackup. + output: true + properties: + - name: 'encryptionType' + type: String + description: 'Output only. Type of encryption.' + output: true + - name: 'kmsKeyVersions' + type: Array + description: | + Output only. Cloud KMS key versions that are being used to protect the database or the backup. + output: true + item_type: + type: String + - name: 'network' + type: String + description: | + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". + default_from_api: true + exactly_one_of: + - 'network' + - 'network_config.0.network' + - 'psc_config.0.psc_enabled' + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + deprecation_message: '`network` is deprecated and will be removed in a future major release. Instead, use `network_config` to define the network configuration.' + - name: 'networkConfig' + type: NestedObject + description: | + Metadata related to network configuration. + default_from_api: true + properties: + - name: 'network' + type: String + description: | + The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + It is specified in the form: "projects/{projectNumber}/global/networks/{network_id}". + exactly_one_of: + - 'network' + - 'network_config.0.network' + - 'psc_config.0.psc_enabled' + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'allocatedIpRange' + type: String + description: | + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + - name: 'displayName' + type: String + description: | + User-settable and human-readable display name for the Cluster. + - name: 'etag' + type: String + description: 'For Resource freshness validation (https://google.aip.dev/154)' + - name: 'reconciling' + type: Boolean + description: | + Output only. Reconciling (https://google.aip.dev/128#reconciliation). + Set to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them. + This can happen due to user-triggered updates or system actions like failover or maintenance. + output: true + - name: 'state' + type: String + description: 'Output only. The current serving state of the cluster.' + output: true + - name: 'annotations' + type: KeyValueAnnotations + description: | + Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128 + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - name: 'databaseVersion' + type: String + description: | + The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. + default_from_api: true + - name: 'pscConfig' + type: NestedObject + description: 'Configuration for Private Service Connect (PSC) for the cluster.' + properties: + - name: 'pscEnabled' + type: Boolean + description: 'Create an instance that allows connections from Private Service Connect endpoints to the instance.' + - name: 'initialUser' + type: NestedObject + description: | + Initial user to setup during cluster creation. + ignore_read: true + custom_flatten: 'templates/terraform/custom_flatten/go/alloydb_cluster_input_user_flatten.go.tmpl' + properties: + - name: 'user' + type: String + description: | + The database username. + - name: 'password' + type: String + description: | + The initial password for the user. + required: true + sensitive: true + - name: 'restoreBackupSource' + type: NestedObject + description: | + The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together. + immutable: true + ignore_read: true + conflicts: + - restore_continuous_backup_source + properties: + - name: 'backupName' + type: String + description: | + The name of the backup that this cluster is restored from. + required: true + immutable: true + - name: 'restoreContinuousBackupSource' + type: NestedObject + description: | + The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together. + immutable: true + ignore_read: true + conflicts: + - restore_backup_source + properties: + - name: 'cluster' + type: String + description: | + The name of the source cluster that this cluster is restored from. + required: true + immutable: true + - name: 'pointInTime' + type: String + description: | + The point in time that this cluster is restored to, in RFC 3339 format. + required: true + immutable: true + - name: 'continuousBackupConfig' + type: NestedObject + description: | + The continuous backup config for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. + default_from_api: true + properties: + - name: 'enabled' + type: Boolean + description: | + Whether continuous backup recovery is enabled. If not set, defaults to true. + send_empty_value: true + default_value: true + - name: 'recoveryWindowDays' + type: Integer + description: | + The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. + + If not set, defaults to 14 days. + default_from_api: true + - name: 'encryptionConfig' + type: NestedObject + description: | + EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). + properties: + - name: 'kmsKeyName' + type: String + description: | + The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. + - name: 'automatedBackupPolicy' + type: NestedObject + description: | + The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default. + default_from_api: true + properties: + - name: 'backupWindow' + type: String + description: | + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + default_from_api: true + - name: 'location' + type: String + description: | + The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster. + default_from_api: true + - name: 'labels' + type: KeyValuePairs + description: + 'Labels to apply to backups created using this configuration.' + - name: 'encryptionConfig' + type: NestedObject + description: | + EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key). + properties: + - name: 'kmsKeyName' + type: String + description: | + The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]. + - name: 'weeklySchedule' + type: NestedObject + description: 'Weekly schedule for the Backup.' + default_from_api: true + properties: + - name: 'daysOfWeek' + type: Array + description: 'The days of the week to perform a backup. At least one day of the week must be provided.' + item_type: + type: Enum + description: 'The days of the week to perform a backup. At least one day of the week must be provided.' + enum_values: + - 'MONDAY' + - 'TUESDAY' + - 'WEDNESDAY' + - 'THURSDAY' + - 'FRIDAY' + - 'SATURDAY' + - 'SUNDAY' + min_size: 1 + - name: 'startTimes' + type: Array + description: | + The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/alloydb_cluster_input_automated_backup_policy_start_times_flatten.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'hours' + type: Integer + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - name: 'minutes' + type: Integer + description: | + Minutes of hour of day. Currently, only the value 0 is supported. + - name: 'seconds' + type: Integer + description: | + Seconds of minutes of the time. Currently, only the value 0 is supported. + - name: 'nanos' + type: Integer + description: | + Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. + - name: 'timeBasedRetention' + type: NestedObject + description: | + Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together. + conflicts: + - automated_backup_policy.0.quantity_based_retention + properties: + - name: 'retentionPeriod' + type: String + description: | + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - name: 'quantityBasedRetention' + type: NestedObject + description: | + Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together. + conflicts: + - automated_backup_policy.0.time_based_retention + properties: + - name: 'count' + type: Integer + description: | + The number of backups to retain. + - name: 'enabled' + type: Boolean + description: | + Whether automated backups are enabled. + default_from_api: true + - name: 'backupSource' + type: NestedObject + description: 'Cluster created from backup.' + output: true + properties: + - name: 'backupName' + type: String + description: 'The name of the backup resource.' + - name: 'migrationSource' + type: NestedObject + description: 'Cluster created via DMS migration.' + output: true + properties: + - name: 'hostPort' + type: String + description: + 'The host and port of the on-premises instance in host:port format' + - name: 'referenceId' + type: String + description: + 'Place holder for the external source identifier(e.g DMS job name) + that created the cluster.' + - name: 'sourceType' + type: String + description: 'Type of migration source.' + - name: 'clusterType' + type: Enum + description: | + The type of cluster. If not set, defaults to PRIMARY. + default_value: "PRIMARY" + enum_values: + - 'PRIMARY' + - 'SECONDARY' + - name: 'secondaryConfig' + type: NestedObject + description: | + Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. + properties: + - name: 'primaryClusterName' + type: String + description: | + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + required: true + - name: 'maintenanceUpdatePolicy' + type: NestedObject + description: | + MaintenanceUpdatePolicy defines the policy for system updates. + properties: + - name: 'maintenanceWindows' + type: Array + description: | + Preferred windows to perform maintenance. Currently limited to 1. + item_type: + description: | + specifies a preferred day and time for maintenance. + type: NestedObject + properties: + - name: 'day' + type: Enum + description: | + Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + required: true + enum_values: + - 'MONDAY' + - 'TUESDAY' + - 'WEDNESDAY' + - 'THURSDAY' + - 'FRIDAY' + - 'SATURDAY' + - 'SUNDAY' + - name: 'startTime' + type: NestedObject + description: | + Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + required: true + properties: + - name: 'hours' + type: Integer + description: | + Hours of day in 24 hour format. Should be from 0 to 23. + required: true + - name: 'minutes' + type: Integer + description: | + Minutes of hour of day. Currently, only the value 0 is supported. + - name: 'seconds' + type: Integer + description: | + Seconds of minutes of the time. Currently, only the value 0 is supported. + - name: 'nanos' + type: Integer + description: | + Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. diff --git a/mmv1/products/alloydb/go_Instance.yaml b/mmv1/products/alloydb/go_Instance.yaml new file mode 100644 index 000000000000..531c73834079 --- /dev/null +++ b/mmv1/products/alloydb/go_Instance.yaml @@ -0,0 +1,368 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Instance' +description: 'A managed alloydb cluster instance.' +references: + guides: + 'AlloyDB': 'https://cloud.google.com/alloydb/docs/' + api: 'https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters.instances/create' +docs: + warning: | + Deleting an instance with instanceType = SECONDARY does not delete the secondary instance, and abandons it instead. + Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. +base_url: '{{cluster}}/instances?instanceId={{instance_id}}' +self_link: '{{cluster}}/instances/{{instance_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}' +timeouts: + insert_minutes: 120 + update_minutes: 120 + delete_minutes: 120 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 120 + update_minutes: 120 + delete_minutes: 120 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' + include_project: true +custom_code: + pre_create: 'templates/terraform/pre_create/go/alloydb_instance.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/alloydb_instance.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/alloydb_instance.go.tmpl' +skip_sweeper: true +examples: + - name: 'alloydb_instance_basic' + primary_resource_id: 'default' + vars: + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_test: true + - name: 'alloydb_secondary_instance_basic' + primary_resource_id: 'secondary' + vars: + alloydb_primary_cluster_name: 'alloydb-primary-cluster' + alloydb_primary_instance_name: 'alloydb-primary-instance' + alloydb_secondary_cluster_name: 'alloydb-secondary-cluster' + alloydb_secondary_instance_name: 'alloydb-secondary-instance' + network_name: 'alloydb-secondary-network' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_test: true + - name: 'alloydb_instance_basic_test' + primary_resource_id: 'default' + vars: + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_docs: true + - name: 'alloydb_secondary_instance_basic_test' + primary_resource_id: 'secondary' + vars: + alloydb_primary_cluster_name: 'alloydb-primary-cluster' + alloydb_primary_instance_name: 'alloydb-primary-instance' + alloydb_secondary_cluster_name: 'alloydb-secondary-cluster' + alloydb_secondary_instance_name: 'alloydb-secondary-instance' + network_name: 'alloydb-secondary-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + ignore_read_extra: + - 'reconciling' + - 'update_time' + skip_docs: true +parameters: + - name: 'cluster' + type: ResourceRef + description: | + Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + url_param_only: true + required: true + immutable: true + resource: 'Cluster' + imports: 'name' + - name: 'instanceId' + type: String + description: | + The ID of the alloydb instance. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The name of the instance resource. + output: true + - name: 'createTime' + type: Time + description: | + Time the Instance was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the Instance was updated in UTC. + output: true + - name: 'uid' + type: String + description: | + The system-generated UID of the resource. + output: true + - name: 'labels' + type: KeyValueLabels + description: 'User-defined labels for the alloydb instance.' + immutable: false + - name: 'annotations' + type: KeyValueAnnotations + description: + 'Annotations to allow client tools to store small amount of arbitrary + data. This is distinct from labels.' + - name: 'state' + type: String + description: | + The current state of the alloydb instance. + output: true + - name: 'displayName' + type: String + description: | + User-settable and human-readable display name for the Instance. + ignore_read: true + - name: 'gceZone' + type: String + description: | + The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity. + - name: 'reconciling' + type: Boolean + description: | + Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance. + output: true + - name: 'databaseFlags' + type: KeyValuePairs + description: + 'Database flags. Set at instance level. * They are copied from primary + instance on read instance creation. * Read instances can set new or + override existing flags that are relevant for reads, e.g. for enabling + columnar cache on a read instance. Flags set on read instance may or may + not be present on primary.' + default_from_api: true + - name: 'availabilityType' + type: Enum + description: | + 'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances. + Note that primary and read instances can have different availability types. + Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance. + Zone is automatically chosen from the list of zones in the region specified. + Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more + can have regional availability (nodes are present in 2 or more zones in a region).' + default_from_api: true + enum_values: + - 'AVAILABILITY_TYPE_UNSPECIFIED' + - 'ZONAL' + - 'REGIONAL' + - name: 'instanceType' + type: Enum + description: | + The type of the instance. + If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the `depends_on` meta-data attribute. + If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY. + Example: {instance_type = google_alloydb_cluster..cluster_type} instead of {instance_type = SECONDARY} + If the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead. + Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. + required: true + immutable: true + enum_values: + - 'PRIMARY' + - 'READ_POOL' + - 'SECONDARY' + - name: 'ipAddress' + type: String + description: | + The IP address for the Instance. This is the connection endpoint for an end-user application. + output: true + - name: 'queryInsightsConfig' + type: NestedObject + description: 'Configuration for query insights.' + default_from_api: true + properties: + - name: 'queryStringLength' + type: Integer + description: 'Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.' + - name: 'recordApplicationTags' + type: Boolean + description: 'Record application tags for an instance. This flag is turned "on" by default.' + - name: 'recordClientAddress' + type: Boolean + description: 'Record client address for an instance. Client address is PII information. This flag is turned "on" by default.' + - name: 'queryPlansPerMinute' + type: Integer + description: 'Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.' + - name: 'observabilityConfig' + type: NestedObject + description: 'Configuration for enhanced query insights.' + default_from_api: true + min_version: beta + properties: + - name: 'enabled' + type: Boolean + description: 'Observability feature status for an instance.' + - name: 'preserveComments' + type: Boolean + description: 'Preserve comments in the query string.' + - name: 'trackWaitEvents' + type: Boolean + description: 'Record wait events during query execution for an instance.' + - name: 'trackWaitEventTypes' + type: Boolean + description: 'Record wait event types during query execution for an instance.' + - name: 'maxQueryStringLength' + type: Integer + description: 'Query string length. The default value is 10240. Any integer between 1024 and 100000 is considered valid.' + - name: 'recordApplicationTags' + type: Boolean + description: 'Record application tags for an instance. This flag is turned "on" by default.' + - name: 'queryPlansPerMinute' + type: Integer + description: 'Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 200 is considered valid.' + - name: 'trackActiveQueries' + type: Boolean + description: 'Track actively running queries. If not set, default value is "off".' + - name: 'readPoolConfig' + type: NestedObject + description: 'Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.' + properties: + - name: 'nodeCount' + type: Integer + description: + 'Read capacity, i.e. number of nodes in a read pool instance.' + - name: 'machineConfig' + type: NestedObject + description: + 'Configurations for the machines that host the underlying database engine.' + default_from_api: true + properties: + - name: 'cpuCount' + type: Integer + description: "The number of CPU's in the VM instance." + + default_from_api: true + - name: 'clientConnectionConfig' + type: NestedObject + description: | + Client connection specific configurations. + default_from_api: true + properties: + - name: 'requireConnectors' + type: Boolean + description: | + Configuration to enforce connectors only (ex: AuthProxy) connections to the database. + - name: 'sslConfig' + type: NestedObject + description: | + SSL config option for this instance. + default_from_api: true + properties: + - name: 'sslMode' + type: Enum + description: 'SSL mode. Specifies client-server SSL/TLS connection behavior.' + default_from_api: true + enum_values: + - 'ENCRYPTED_ONLY' + - 'ALLOW_UNENCRYPTED_AND_ENCRYPTED' + - name: 'pscInstanceConfig' + type: NestedObject + description: | + Configuration for Private Service Connect (PSC) for the instance. + properties: + - name: 'serviceAttachmentLink' + type: String + description: | + The service attachment created when Private Service Connect (PSC) is enabled for the instance. + The name of the resource will be in the format of + `projects//regions//serviceAttachments/` + output: true + - name: 'allowedConsumerProjects' + type: Array + description: | + List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance. + These should be specified as project numbers only. + item_type: + type: String + item_validation: + regex: '^\d+$' + - name: 'pscDnsName' + type: String + description: | + The DNS name of the instance for PSC connectivity. + Name convention: ...alloydb-psc.goog + output: true + - name: 'networkConfig' + type: NestedObject + description: | + Instance level network configuration. + properties: + - name: 'authorizedExternalNetworks' + type: Array + description: | + A list of external networks authorized to access this instance. This + field is only allowed to be set when `enable_public_ip` is set to + true. + required_with: + - 'networkConfig.0.enablePublicIp' + item_type: + type: NestedObject + properties: + - name: 'cidrRange' + type: String + description: 'CIDR range for one authorized network of the instance.' + - name: 'enablePublicIp' + type: Boolean + description: | + Enabling public ip for the instance. If a user wishes to disable this, + please also clear the list of the authorized external networks set on + the same instance. + - name: 'publicIpAddress' + type: String + description: | + The public IP addresses for the Instance. This is available ONLY when + networkConfig.enablePublicIp is set to true. This is the connection + endpoint for an end-user application. + output: true diff --git a/mmv1/products/alloydb/go_User.yaml b/mmv1/products/alloydb/go_User.yaml new file mode 100644 index 000000000000..9c518aee6691 --- /dev/null +++ b/mmv1/products/alloydb/go_User.yaml @@ -0,0 +1,128 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'User' +description: 'A database user in an AlloyDB cluster.' +references: + guides: + 'AlloyDB': 'https://cloud.google.com/alloydb/docs/' + api: 'https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters.users/create' +docs: +base_url: '{{cluster}}/users' +self_link: '{{cluster}}/users/{{user_id}}' +create_url: '{{cluster}}/users?userId={{user_id}}' +update_url: '{{cluster}}/users?userId={{user_id}}' +update_verb: 'POST' +import_format: + - 'projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/users/{{user_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/alloydb_user.go.tmpl' +skip_sweeper: true +examples: + - name: 'alloydb_user_builtin' + primary_resource_id: 'user1' + vars: + alloydb_cluster_name: 'alloydb-cluster' + alloydb_cluster_pass: 'cluster_secret' + alloydb_instance_name: 'alloydb-instance' + alloydb_user_name: 'user1' + alloydb_user_pass: 'user_secret' + network_name: 'alloydb-network' + ignore_read_extra: + - 'password' + skip_test: true + - name: 'alloydb_user_builtin_test' + primary_resource_id: 'user1' + vars: + alloydb_cluster_name: 'alloydb-cluster' + alloydb_cluster_pass: 'cluster_secret' + alloydb_instance_name: 'alloydb-instance' + alloydb_user_name: 'user1' + alloydb_user_pass: 'user_secret' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + ignore_read_extra: + - 'password' + skip_docs: true + - name: 'alloydb_user_iam' + primary_resource_id: 'user2' + vars: + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + alloydb_cluster_pass: 'cluster_secret' + alloydb_user_name: 'user2@foo.com' + network_name: 'alloydb-network' + skip_test: true + - name: 'alloydb_user_iam_test' + primary_resource_id: 'user2' + vars: + alloydb_cluster_name: 'alloydb-cluster' + alloydb_instance_name: 'alloydb-instance' + alloydb_cluster_pass: 'cluster_secret' + alloydb_user_name: 'user2@foo.com' + network_name: 'alloydb-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedServiceNetworkingConnection(t, "alloydbinstance-network-config-1")' + skip_docs: true +parameters: + - name: 'cluster' + type: ResourceRef + description: | + Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + url_param_only: true + required: true + immutable: true + resource: 'Cluster' + imports: 'name' + - name: 'userId' + type: String + description: | + The database role name of the user. + url_param_only: true + required: true + immutable: true + - name: 'userType' + type: Enum + description: | + The type of this user. + required: true + immutable: true + enum_values: + - 'ALLOYDB_BUILT_IN' + - 'ALLOYDB_IAM_USER' +properties: + - name: 'name' + type: String + description: | + Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}. + output: true + - name: 'password' + type: String + description: | + Password for this database user. + ignore_read: true + - name: 'databaseRoles' + type: Array + description: | + List of database roles this database user has. + item_type: + type: String diff --git a/tpgtools/api/orgpolicy/samples/organization_dry_run_policy.yaml b/mmv1/products/alloydb/go_product.yaml similarity index 60% rename from tpgtools/api/orgpolicy/samples/organization_dry_run_policy.yaml rename to mmv1/products/alloydb/go_product.yaml index 809c10dde32e..082d410a4bca 100644 --- a/tpgtools/api/orgpolicy/samples/organization_dry_run_policy.yaml +++ b/mmv1/products/alloydb/go_product.yaml @@ -1,26 +1,24 @@ -# Copyright 2023 Google LLC. All Rights Reserved. -# +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -name: organization_dry_run_policy -description: A test of an dry run policy for an organization -type: policy + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Alloydb' +display_name: 'AlloyDB' versions: -- ga -- beta -resource: samples/organization_dry_run.policy.json -updates: -- resource: samples/update_organization_dry_run.policy.json - dependencies: [] -variables: -- name: org_id - type: org_id \ No newline at end of file + - name: 'beta' + base_url: 'https://alloydb.googleapis.com/v1beta/' + - name: 'ga' + base_url: 'https://alloydb.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-identity' diff --git a/mmv1/products/apigateway/ApiResource.yaml b/mmv1/products/apigateway/Api.yaml similarity index 100% rename from mmv1/products/apigateway/ApiResource.yaml rename to mmv1/products/apigateway/Api.yaml diff --git a/mmv1/products/apigateway/go_Api.yaml b/mmv1/products/apigateway/go_Api.yaml new file mode 100644 index 000000000000..97832cc6be8d --- /dev/null +++ b/mmv1/products/apigateway/go_Api.yaml @@ -0,0 +1,115 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Api' +description: | + A consumable API that can be used by multiple Gateways. +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/api-gateway/docs/quickstart' + api: 'https://cloud.google.com/api-gateway/docs/reference/rest/v1beta/projects.locations.apis' +docs: +base_url: 'projects/{{project}}/locations/global/apis' +self_link: 'projects/{{project}}/locations/global/apis/{{api_id}}' +create_url: 'projects/{{project}}/locations/global/apis?apiId={{api_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - apiId +iam_policy: + method_name_separator: ':' + allowed_iam_role: 'roles/apigateway.viewer' + parent_resource_attribute: 'api' + base_url: 'projects/{{project}}/locations/global/apis/{{api}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/global/apis/{{api}}' + - '{{project}}/{{api}}' + - '{{api}}' +custom_code: +examples: + - name: 'apigateway_api_basic' + primary_resource_id: 'api' + primary_resource_name: 'fmt.Sprintf("tf-test-my-api%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + - name: 'apigateway_api_full' + primary_resource_id: 'api' + primary_resource_name: 'fmt.Sprintf("tf-test-my-api%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + skip_docs: true +parameters: + - name: 'apiId' + type: String + description: | + Identifier to assign to the API. Must be unique within scope of the parent resource(project) + min_version: 'beta' + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the API. Format `projects/{{project}}/locations/global/apis/{{apiId}}` + min_version: 'beta' + output: true + - name: 'displayName' + type: String + description: | + A user-visible name for the API. + min_version: 'beta' + default_from_api: true + - name: 'managedService' + type: String + description: | + Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. + min_version: 'beta' + immutable: true + default_from_api: true + - name: 'createTime' + type: Time + description: Creation timestamp in RFC3339 text format. + min_version: 'beta' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels to represent user-provided metadata. + min_version: 'beta' + immutable: false diff --git a/mmv1/products/apigateway/go_ApiConfig.yaml b/mmv1/products/apigateway/go_ApiConfig.yaml new file mode 100644 index 000000000000..353500ec8445 --- /dev/null +++ b/mmv1/products/apigateway/go_ApiConfig.yaml @@ -0,0 +1,289 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ApiConfig' +description: | + An API Configuration is an association of an API Controller Config and a Gateway Config +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/api-gateway/docs/creating-api-config' + api: 'https://cloud.google.com/api-gateway/docs/reference/rest/v1beta/projects.locations.apis.configs' +docs: + optional_properties: | + * `api_config_id_prefix` - (Optional) Creates a unique name beginning with the + specified prefix. If this and api_config_id are unspecified, a random value is chosen for the name. +base_url: 'projects/{{project}}/locations/global/apis/{{api}}/configs' +self_link: 'projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config_id}}' +create_url: 'projects/{{project}}/locations/global/apis/{{api}}/configs?apiConfigId={{api_config_id}}' +update_verb: 'PATCH' +update_mask: true + +read_query_params: '?view=FULL' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - apiConfigId +iam_policy: + skip_import_test: true + method_name_separator: ':' + allowed_iam_role: 'roles/apigateway.viewer' + parent_resource_attribute: 'api_config' + base_url: 'projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}' + example_config_body: 'templates/terraform/iam/example_config_body/go/api_gateway_api_config.tf.tmpl' + import_format: + - 'projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}' + - '{{project}}/{{api}}/{{api_config}}' + - '{{api}}/{{api_config}}' + - '{{api_config}}' +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/api_config.tmpl' + encoder: 'templates/terraform/encoders/go/api_config.go.tmpl' +examples: + - name: 'apigateway_api_config_basic' + primary_resource_id: 'api_cfg' + primary_resource_name: 'fmt.Sprintf("tf-test-my-api%s", context["random_suffix"]), fmt.Sprintf("tf-test-my-config%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + config_id: 'my-config' + - name: 'apigateway_api_config_full' + primary_resource_id: 'api_cfg' + primary_resource_name: 'fmt.Sprintf("tf-test-my-api%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + config_id: 'my-config' + skip_docs: true + - name: 'apigateway_api_config_grpc' + primary_resource_id: 'api_cfg' + primary_resource_name: 'fmt.Sprintf("tf-test-my-api%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + config_id: 'my-config' + ignore_read_extra: + - 'grpc_services.0.file_descriptor_set' + - name: 'apigateway_api_config_grpc_full' + primary_resource_id: 'api_cfg' + min_version: 'beta' + vars: + api_id: 'my-api' + config_id: 'my-config' + skip_docs: true +parameters: + - name: 'api' + type: String + description: | + The API to attach the config to. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + - name: 'apiConfigId' + type: String + description: | + Identifier to assign to the API Config. Must be unique within scope of the parent resource(api). + min_version: 'beta' + url_param_only: true + immutable: true + default_from_api: true +properties: + - name: 'name' + type: String + description: The resource name of the API Config. + min_version: 'beta' + output: true + - name: 'displayName' + type: String + description: | + A user-visible name for the API. + min_version: 'beta' + default_from_api: true + - name: 'serviceConfigId' + type: String + description: | + The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). + min_version: 'beta' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels to represent user-provided metadata. + min_version: 'beta' + immutable: false + - name: 'gatewayConfig' + type: NestedObject + description: | + Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account + min_version: 'beta' + immutable: true + ignore_read: true + properties: + - name: 'backendConfig' + type: NestedObject + description: | + Backend settings that are applied to all backends of the Gateway. + min_version: 'beta' + required: true + properties: + - name: 'googleServiceAccount' + type: String + description: | + Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + min_version: 'beta' + required: true + immutable: true + - name: 'openapiDocuments' + type: Array + description: | + OpenAPI specification documents. If specified, grpcServices and managedServiceConfigs must not be included. + min_version: 'beta' + exactly_one_of: + - 'openapi_documents' + - 'grpc_services' + item_type: + type: NestedObject + properties: + - name: 'document' + type: NestedObject + description: The OpenAPI Specification document file. + min_version: 'beta' + required: true + properties: + - name: 'path' + type: String + description: | + The file path (full or relative path). This is typically the path of the file when it is uploaded. + min_version: 'beta' + required: true + immutable: true + - name: 'contents' + type: String + description: | + Base64 encoded content of the file. + min_version: 'beta' + required: true + immutable: true + validation: + function: 'verify.ValidateBase64String' + - name: 'grpcServices' + type: Array + description: | + gRPC service definition files. If specified, openapiDocuments must not be included. + min_version: 'beta' + ignore_read: true + exactly_one_of: + - 'openapi_documents' + - 'grpc_services' + required_with: + - 'managed_service_configs' + item_type: + type: NestedObject + properties: + - name: 'fileDescriptorSet' + type: NestedObject + description: | + Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb + min_version: 'beta' + required: true + immutable: true + properties: + - name: 'path' + type: String + description: | + The file path (full or relative path). This is typically the path of the file when it is uploaded. + min_version: 'beta' + required: true + immutable: true + - name: 'contents' + type: String + description: | + Base64 encoded content of the file. + min_version: 'beta' + required: true + immutable: true + validation: + function: 'verify.ValidateBase64String' + - name: 'source' + type: Array + description: | + Uncompiled proto files associated with the descriptor set, used for display purposes (server-side compilation is not supported). These should match the inputs to 'protoc' command used to generate fileDescriptorSet. + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'path' + type: String + description: | + The file path (full or relative path). This is typically the path of the file when it is uploaded. + min_version: 'beta' + required: true + immutable: true + - name: 'contents' + type: String + description: | + Base64 encoded content of the file. + min_version: 'beta' + required: true + immutable: true + validation: + function: 'verify.ValidateBase64String' + - name: 'managedServiceConfigs' + type: Array + description: | + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + min_version: 'beta' + required_with: + - 'grpc_services' + item_type: + type: NestedObject + properties: + - name: 'path' + type: String + description: | + The file path (full or relative path). This is typically the path of the file when it is uploaded. + min_version: 'beta' + required: true + immutable: true + - name: 'contents' + type: String + description: | + Base64 encoded content of the file. + min_version: 'beta' + required: true + immutable: true diff --git a/mmv1/products/apigateway/go_Gateway.yaml b/mmv1/products/apigateway/go_Gateway.yaml new file mode 100644 index 000000000000..ad642df0cd63 --- /dev/null +++ b/mmv1/products/apigateway/go_Gateway.yaml @@ -0,0 +1,132 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Gateway' +description: | + A consumable API that can be used by multiple Gateways. +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/api-gateway/docs/quickstart' + api: 'https://cloud.google.com/api-gateway/docs/reference/rest/v1beta/projects.locations.apis' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/gateways' +self_link: 'projects/{{project}}/locations/{{region}}/gateways/{{gateway_id}}' +create_url: 'projects/{{project}}/locations/{{region}}/gateways?gatewayId={{gateway_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - gatewayId +iam_policy: + skip_import_test: true + method_name_separator: ':' + allowed_iam_role: 'roles/apigateway.viewer' + parent_resource_attribute: 'gateway' + base_url: 'projects/{{project}}/locations/{{region}}/gateways/{{gateway}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{region}}/gateways/{{gateway}}' + - '{{project}}/{{region}}/{{gateway}}' + - '{{region}}/{{gateway}}' + - '{{gateway}}' +custom_code: +examples: + - name: 'apigateway_gateway_basic' + primary_resource_id: 'api_gw' + primary_resource_name: 'fmt.Sprintf("tf-test-my-gateway%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + config_id: 'my-config' + gateway_id: 'my-gateway' + - name: 'apigateway_gateway_full' + primary_resource_id: 'api_gw' + primary_resource_name: 'fmt.Sprintf("tf-test-my-gateway%s", context["random_suffix"])' + min_version: 'beta' + vars: + api_id: 'my-api' + config_id: 'my-config' + gateway_id: 'my-gateway' + skip_docs: true +parameters: + - name: 'region' + type: String + description: | + The region of the gateway for the API. + min_version: 'beta' + url_param_only: true + immutable: true + default_from_api: true + - name: 'gatewayId' + type: String + description: | + Identifier to assign to the Gateway. Must be unique within scope of the parent resource(project). + min_version: 'beta' + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway} + min_version: 'beta' + output: true + - name: 'displayName' + type: String + description: | + A user-visible name for the API. + min_version: 'beta' + default_from_api: true + - name: 'apiConfig' + type: String + description: | + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the + [lifecycle](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle) rule `create_before_destroy` is set. + min_version: 'beta' + required: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + - name: 'defaultHostname' + type: String + description: + The default API Gateway host name of the form + {gatewayId}-{hash}.{region_code}.gateway.dev. + min_version: 'beta' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels to represent user-provided metadata. + min_version: 'beta' + immutable: false diff --git a/mmv1/products/apigateway/go_product.yaml b/mmv1/products/apigateway/go_product.yaml new file mode 100644 index 000000000000..4e2b99e2e925 --- /dev/null +++ b/mmv1/products/apigateway/go_product.yaml @@ -0,0 +1,34 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ApiGateway' +display_name: 'API Gateway' +versions: + - name: 'beta' + base_url: 'https://apigateway.googleapis.com/v1beta/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' +async: + type: "OpAsync" + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' diff --git a/mmv1/products/apigee/EnvironmentKeyvaluemaps.yaml b/mmv1/products/apigee/EnvironmentKeyvaluemaps.yaml new file mode 100644 index 000000000000..9f6e10c8dff8 --- /dev/null +++ b/mmv1/products/apigee/EnvironmentKeyvaluemaps.yaml @@ -0,0 +1,76 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EnvironmentKeyvaluemaps' +description: | + Collection of key/value string pairs. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using key value maps': 'https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keyvaluemaps/create' + +base_url: '{{env_id}}/keyvaluemaps' +create_url: '{{env_id}}/keyvaluemaps' +delete_url: '{{env_id}}/keyvaluemaps/{{name}}' +self_link: '{{env_id}}/keyvaluemaps/{{name}}/entries' +import_format: ['{{env_id}}/keyvaluemaps/{{name}}', '{{env_id}}/{{name}}'] +skip_sweeper: true +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'apigee_environment_keyvaluemaps_basic' + primary_resource_id: 'apigee_environment_keyvaluemaps' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_test: true + - !ruby/object:Provider::Terraform::Examples + name: 'apigee_environment_keyvaluemaps_test' + primary_resource_id: 'apigee_environment_keyvaluemaps' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true + - !ruby/object:Provider::Terraform::Examples + name: 'apigee_environment_keyvaluemaps_beta_test' + primary_resource_id: 'apigee_environment_keyvaluemaps' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true + min_version: beta +immutable: true +timeouts: !ruby/object:Api::Timeouts + insert_minutes: 1 + delete_minutes: 1 +autogen_async: true +custom_code: !ruby/object:Provider::Terraform::CustomCode + custom_import: templates/terraform/custom_import/apigee_environment_keyvaluemaps.go.erb + custom_create: 'templates/terraform/custom_create/apigee_environment_keyvaluemaps.go' + decoder: templates/terraform/decoders/apigee_environment_keyvaluemaps.go.erb +parameters: + - !ruby/object:Api::Type::String + name: 'envId' + description: | + The Apigee environment group associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}`. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Required. ID of the key value map. + required: true + immutable: true diff --git a/mmv1/products/apigee/EnvironmentKeyvaluemapsEntries.yaml b/mmv1/products/apigee/EnvironmentKeyvaluemapsEntries.yaml new file mode 100644 index 000000000000..60a42db49fba --- /dev/null +++ b/mmv1/products/apigee/EnvironmentKeyvaluemapsEntries.yaml @@ -0,0 +1,81 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EnvironmentKeyvaluemapsEntries' +description: | + Creates key value entries in a key value map scoped to an environment. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using key value maps': 'https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.keyvaluemaps.entries/create' + +base_url: '{{env_keyvaluemap_id}}/entries' +create_url: '{{env_keyvaluemap_id}}/entries' +delete_url: '{{env_keyvaluemap_id}}/entries/{{name}}' +self_link: '{{env_keyvaluemap_id}}/entries/{{name}}' +import_format: + ['{{env_keyvaluemap_id}}/entries/{{name}}', '{{env_keyvaluemap_id}}/{{name}}'] +skip_sweeper: true +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'apigee_environment_keyvaluemaps_entries_basic' + primary_resource_id: 'apigee_environment_keyvaluemaps_entries' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_test: true + - !ruby/object:Provider::Terraform::Examples + name: 'apigee_environment_keyvaluemaps_entries_test' + primary_resource_id: 'apigee_environment_keyvaluemaps_entries' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true + - !ruby/object:Provider::Terraform::Examples + name: 'apigee_environment_keyvaluemaps_entries_beta_test' + primary_resource_id: 'apigee_environment_keyvaluemaps_entries' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true + min_version: beta +timeouts: !ruby/object:Api::Timeouts + insert_minutes: 1 + delete_minutes: 1 +immutable: true +autogen_async: true +custom_code: !ruby/object:Provider::Terraform::CustomCode + custom_import: templates/terraform/custom_import/apigee_environment_keyvaluemaps_entries.go.erb +parameters: + - !ruby/object:Api::Type::String + name: 'env_keyvaluemap_id' + description: | + The Apigee environment keyvalumaps Id associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}/keyvaluemaps/{{keyvaluemap_name}}`. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Required. Resource URI that can be used to identify the scope of the key value map entries. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'value' + description: | + Required. Data or payload that is being retrieved and associated with the unique key. + required: true + immutable: true diff --git a/mmv1/products/apigee/go_AddonsConfig.yaml b/mmv1/products/apigee/go_AddonsConfig.yaml new file mode 100644 index 000000000000..295fb7026857 --- /dev/null +++ b/mmv1/products/apigee/go_AddonsConfig.yaml @@ -0,0 +1,131 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AddonsConfig' +description: | + Configures the add-ons for the Apigee organization. The existing add-on configuration will be fully replaced. +references: + guides: + 'Creating an API organization': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-org' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations#setaddons' +docs: +base_url: 'organizations' +self_link: 'organizations/{{org}}' +create_url: 'organizations/{{org}}:setAddons' +update_url: 'organizations/{{org}}:setAddons' +update_verb: 'POST' +delete_url: 'organizations/{{org}}:setAddons' +delete_verb: 'POST' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'update', 'delete'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_addons.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/apigee_addons_override.go.tmpl' +examples: + - name: 'apigee_addons_basic' + skip_test: true + - name: 'apigee_addons_full' + skip_test: true + - name: 'apigee_addons_test' + primary_resource_id: 'apigee_org_addons' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true +parameters: + - name: 'org' + type: String + description: | + Name of the Apigee organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'addonsConfig' + type: NestedObject + description: Addon configurations of the Apigee organization. + properties: + - name: 'advancedApiOpsConfig' + type: NestedObject + description: Configuration for the Monetization add-on. + properties: + - name: 'enabled' + type: Boolean + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + - name: 'integrationConfig' + type: NestedObject + description: Configuration for the Monetization add-on. + properties: + - name: 'enabled' + type: Boolean + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + - name: 'monetizationConfig' + type: NestedObject + description: Configuration for the Monetization add-on. + properties: + - name: 'enabled' + type: Boolean + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + - name: 'apiSecurityConfig' + type: NestedObject + description: Configuration for the Monetization add-on. + properties: + - name: 'enabled' + type: Boolean + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + - name: 'expiresAt' + type: String + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + output: true + - name: 'connectorsPlatformConfig' + type: NestedObject + description: Configuration for the Monetization add-on. + properties: + - name: 'enabled' + type: Boolean + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + - name: 'expiresAt' + type: String + description: + Flag that specifies whether the Advanced API Ops add-on is + enabled. + output: true diff --git a/mmv1/products/apigee/go_EndpointAttachment.yaml b/mmv1/products/apigee/go_EndpointAttachment.yaml new file mode 100644 index 000000000000..f7cd692f1d9a --- /dev/null +++ b/mmv1/products/apigee/go_EndpointAttachment.yaml @@ -0,0 +1,105 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EndpointAttachment' +description: | + Apigee Endpoint Attachment. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.endpointAttachments/create' +docs: +base_url: 'endpointAttachments' +self_link: '{{org_id}}/endpointAttachments/{{endpoint_attachment_id}}' +create_url: '{{org_id}}/endpointAttachments?endpointAttachmentId={{endpoint_attachment_id}}' +delete_url: '{{org_id}}/endpointAttachments/{{endpoint_attachment_id}}' +immutable: true +import_format: + - '{{org_id}}/endpointAttachments/{{endpoint_attachment_id}}' + - '{{org_id}}/{{endpoint_attachment_id}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_endpoint_attachment.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_endpoint_attachment_basic' + skip_test: true + - name: 'apigee_endpoint_attachment_basic_test' + primary_resource_id: 'apigee_endpoint_attachment' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'orgId' + type: String + description: | + The Apigee Organization associated with the Apigee instance, + in the format `organizations/{{org_name}}`. + url_param_only: true + required: true + immutable: true + - name: 'endpointAttachmentId' + type: String + description: | + ID of the endpoint attachment. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + output: true + - name: 'location' + type: String + description: | + Location of the endpoint attachment. + required: true + - name: 'host' + type: String + description: | + Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server. + output: true + - name: 'serviceAttachment' + type: String + description: | + Format: projects/*/regions/*/serviceAttachments/* + required: true + - name: 'connectionState' + type: String + description: | + State of the endpoint attachment connection to the service attachment. + output: true diff --git a/mmv1/products/apigee/go_EnvKeystore.yaml b/mmv1/products/apigee/go_EnvKeystore.yaml new file mode 100644 index 000000000000..d0d9405d4385 --- /dev/null +++ b/mmv1/products/apigee/go_EnvKeystore.yaml @@ -0,0 +1,68 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EnvKeystore' +description: | + An `Environment KeyStore` in Apigee. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keystores/create' +docs: +base_url: '{{env_id}}/keystores' +self_link: '{{env_id}}/keystores/{{name}}' +create_url: '{{env_id}}/keystores' +delete_url: '{{env_id}}/keystores/{{name}}' +immutable: true +import_format: + - '{{env_id}}/keystores/{{name}}' + - '{{env_id}}/{{name}}' +timeouts: + insert_minutes: 1 + update_minutes: 20 + delete_minutes: 1 +autogen_async: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_environment_keystore.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_environment_keystore_test' + primary_resource_id: 'apigee_environment_keystore' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true +parameters: + - name: 'envId' + type: String + description: | + The Apigee environment group associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}`. + url_param_only: true + required: true + immutable: true + - name: 'name' + type: String + description: | + The name of the newly created keystore. + immutable: true +properties: + - name: 'aliases' + type: Array + description: | + Aliases in this keystore. + output: true + item_type: + type: String diff --git a/mmv1/products/apigee/go_EnvReferences.yaml b/mmv1/products/apigee/go_EnvReferences.yaml new file mode 100644 index 000000000000..57bef5c4ef68 --- /dev/null +++ b/mmv1/products/apigee/go_EnvReferences.yaml @@ -0,0 +1,79 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EnvReferences' +description: | + An `Environment Reference` in Apigee. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.references/create' +docs: +base_url: '{{env_id}}/references' +self_link: '{{env_id}}/references/{{name}}' +create_url: '{{env_id}}/references/' +delete_url: '{{env_id}}/references/{{name}}' +immutable: true +import_format: + - '{{env_id}}/references/{{name}}' + - '{{env_id}}/{{name}}' +timeouts: + insert_minutes: 1 + update_minutes: 20 + delete_minutes: 1 +autogen_async: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_environment_reference.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_environment_reference_test' + primary_resource_id: 'apigee_environment_reference' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true +parameters: + - name: 'envId' + type: String + description: | + The Apigee environment group associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Required. The resource id of this reference. Values must match the regular expression [\w\s-.]+. + required: true + immutable: true + - name: 'description' + type: String + description: | + Optional. A human-readable description of this reference. + immutable: true + - name: 'resourceType' + type: String + description: | + The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'. + required: true + immutable: true + - name: 'refers' + type: String + description: | + Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType. + required: true + immutable: true diff --git a/mmv1/products/apigee/go_Envgroup.yaml b/mmv1/products/apigee/go_Envgroup.yaml new file mode 100644 index 000000000000..fc52152fe58f --- /dev/null +++ b/mmv1/products/apigee/go_Envgroup.yaml @@ -0,0 +1,86 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Envgroup' +description: | + An `Environment group` in Apigee. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.envgroups/create' +docs: +base_url: 'envgroups' +self_link: '{{org_id}}/envgroups/{{name}}' +create_url: '{{org_id}}/envgroups' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{org_id}}/envgroups/{{name}}' + - '{{org_id}}/{{name}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_environment_group.go.tmpl' +examples: + - name: 'apigee_environment_group_basic' + vars: + envgroup_name: 'my-envgroup' + skip_test: true + - name: 'apigee_environment_group_basic_test' + primary_resource_id: 'apigee_environment_group' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'orgId' + type: String + description: | + The Apigee Organization associated with the Apigee environment group, + in the format `organizations/{{org_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource ID of the environment group. + required: true + immutable: true + - name: 'hostnames' + type: Array + description: | + Hostnames of the environment group. + required: false + item_type: + type: String diff --git a/mmv1/products/apigee/go_EnvgroupAttachment.yaml b/mmv1/products/apigee/go_EnvgroupAttachment.yaml new file mode 100644 index 000000000000..9f59f1128e28 --- /dev/null +++ b/mmv1/products/apigee/go_EnvgroupAttachment.yaml @@ -0,0 +1,85 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EnvgroupAttachment' +description: | + An `Environment Group attachment` in Apigee. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.envgroups.attachments/create' +docs: +base_url: '{{envgroup_id}}/attachments' +self_link: '{{envgroup_id}}/attachments/{{name}}' +create_url: '{{envgroup_id}}/attachments' +delete_url: '{{envgroup_id}}/attachments/{{name}}' +immutable: true +import_format: + - '{{envgroup_id}}/attachments/{{name}}' + - '{{envgroup_id}}/{{name}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_environment_group_attachment.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_environment_group_attachment_basic' + vars: + project_id: 'my-project' + envgroup_name: 'my-envgroup' + environment_name: 'my-environment' + skip_test: true + - name: 'apigee_environment_group_attachment_basic_test' + primary_resource_id: 'apigee_environment_group_attachment' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'envgroupId' + type: String + description: | + The Apigee environment group associated with the Apigee environment, + in the format `organizations/{{org_name}}/envgroups/{{envgroup_name}}`. + url_param_only: true + required: true +properties: + - name: 'environment' + type: String + description: | + The resource ID of the environment. + required: true + - name: 'name' + type: String + description: | + The name of the newly created attachment (output parameter). + output: true diff --git a/mmv1/products/apigee/go_Environment.yaml b/mmv1/products/apigee/go_Environment.yaml new file mode 100644 index 000000000000..3ab557f5a5b8 --- /dev/null +++ b/mmv1/products/apigee/go_Environment.yaml @@ -0,0 +1,188 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Environment' +description: | + An `Environment` in Apigee. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments/create' +docs: +base_url: 'environments' +self_link: '{{org_id}}/environments/{{name}}' +create_url: '{{org_id}}/environments' +update_url: '{{org_id}}/environments/{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{org_id}}/environments/{{name}}' + - '{{org_id}}/{{name}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'env_id' + base_url: '{{org_id}}/environments/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + self_link: '{{org_id}}/environments/{{name}}' + import_format: + - '{{%org_id}}/environments/{{name}}' + - '{{name}}' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_environment.go.tmpl' +examples: + - name: 'apigee_environment_basic' + vars: + environment_name: 'my-environment' + skip_test: true + - name: 'apigee_environment_basic_test' + primary_resource_id: 'apigee_environment' + primary_resource_name: 'fmt.Sprintf("organizations/tf-test%s", context["random_suffix"]), fmt.Sprintf("tf-test%s", context["random_suffix"])' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_environment_basic_deployment_apiproxy_type_test' + primary_resource_id: 'apigee_environment' + primary_resource_name: 'fmt.Sprintf("organizations/tf-test%s", context["random_suffix"]), fmt.Sprintf("tf-test%s", context["random_suffix"])' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_environment_patch_update_test' + primary_resource_id: 'apigee_environment' + primary_resource_name: 'fmt.Sprintf("organizations/tf-test%s", context["random_suffix"]), fmt.Sprintf("tf-test%s", context["random_suffix"])' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'orgId' + type: String + description: | + The Apigee Organization associated with the Apigee environment, + in the format `organizations/{{org_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource ID of the environment. + required: true + immutable: true + - name: 'displayName' + type: String + description: | + Display name of the environment. + required: false + immutable: true + - name: 'description' + type: String + description: | + Description of the environment. + required: false + immutable: true + - name: 'deploymentType' + type: Enum + description: | + Optional. Deployment type supported by the environment. The deployment type can be + set when creating the environment and cannot be changed. When you enable archive + deployment, you will be prevented from performing a subset of actions within the + environment, including: + Managing the deployment of API proxy or shared flow revisions; + Creating, updating, or deleting resource files; + Creating, updating, or deleting target servers. + immutable: true + default_from_api: true + enum_values: + - 'DEPLOYMENT_TYPE_UNSPECIFIED' + - 'PROXY' + - 'ARCHIVE' + - name: 'apiProxyType' + type: Enum + description: | + Optional. API Proxy type supported by the environment. The type can be set when creating + the Environment and cannot be changed. + immutable: true + default_from_api: true + enum_values: + - 'API_PROXY_TYPE_UNSPECIFIED' + - 'PROGRAMMABLE' + - 'CONFIGURABLE' + - name: 'nodeConfig' + type: NestedObject + description: | + NodeConfig for setting the min/max number of nodes associated with the environment. + default_from_api: true + properties: + - name: 'minNodeCount' + type: String + description: | + The minimum total number of gateway nodes that the is reserved for all instances that + has the specified environment. If not specified, the default is determined by the + recommended minimum number of nodes for that gateway. + - name: 'maxNodeCount' + type: String + description: | + The maximum total number of gateway nodes that the is reserved for all instances that + has the specified environment. If not specified, the default is determined by the + recommended maximum number of nodes for that gateway. + - name: 'currentAggregateNodeCount' + type: String + description: | + The current total number of gateway nodes that each environment currently has across + all instances. + output: true + - name: 'type' + type: Enum + description: | + Types that can be selected for an Environment. Each of the types are + limited by capability and capacity. Refer to Apigee's public documentation + to understand about each of these types in details. + An Apigee org can support heterogeneous Environments. + default_from_api: true + enum_values: + - 'ENVIRONMENT_TYPE_UNSPECIFIED' + - 'BASE' + - 'INTERMEDIATE' + - 'COMPREHENSIVE' + - name: 'forwardProxyUri' + type: String + description: | + Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of "http" or "https", and the port must be supplied. + required: false diff --git a/mmv1/products/apigee/go_EnvironmentKeyvaluemaps.yaml b/mmv1/products/apigee/go_EnvironmentKeyvaluemaps.yaml new file mode 100644 index 000000000000..e95341f49e5f --- /dev/null +++ b/mmv1/products/apigee/go_EnvironmentKeyvaluemaps.yaml @@ -0,0 +1,77 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EnvironmentKeyvaluemaps' +description: | + Collection of key/value string pairs. +references: + guides: + 'Using key value maps': 'https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keyvaluemaps/create' +docs: +base_url: '{{env_id}}/keyvaluemaps' +self_link: '{{env_id}}/keyvaluemaps/{{name}}/entries' +create_url: '{{env_id}}/keyvaluemaps' +delete_url: '{{env_id}}/keyvaluemaps/{{name}}' +immutable: true +import_format: + - '{{env_id}}/keyvaluemaps/{{name}}' + - '{{env_id}}/{{name}}' +timeouts: + insert_minutes: 1 + update_minutes: 20 + delete_minutes: 1 +autogen_async: true +custom_code: + decoder: 'templates/terraform/decoders/go/apigee_environment_keyvaluemaps.go.tmpl' + custom_create: 'templates/terraform/custom_create/go/apigee_environment_keyvaluemaps.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/apigee_environment_keyvaluemaps.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_environment_keyvaluemaps_basic' + primary_resource_id: 'apigee_environment_keyvaluemaps' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_test: true + - name: 'apigee_environment_keyvaluemaps_test' + primary_resource_id: 'apigee_environment_keyvaluemaps' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + - name: 'apigee_environment_keyvaluemaps_beta_test' + primary_resource_id: 'apigee_environment_keyvaluemaps' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true +parameters: + - name: 'envId' + type: String + description: | + The Apigee environment group associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Required. ID of the key value map. + required: true + immutable: true diff --git a/mmv1/products/apigee/go_EnvironmentKeyvaluemapsEntries.yaml b/mmv1/products/apigee/go_EnvironmentKeyvaluemapsEntries.yaml new file mode 100644 index 000000000000..a3b98d6b4563 --- /dev/null +++ b/mmv1/products/apigee/go_EnvironmentKeyvaluemapsEntries.yaml @@ -0,0 +1,81 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EnvironmentKeyvaluemapsEntries' +description: | + Creates key value entries in a key value map scoped to an environment. +references: + guides: + 'Using key value maps': 'https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.keyvaluemaps.entries/create' +docs: +base_url: '{{env_keyvaluemap_id}}/entries' +self_link: '{{env_keyvaluemap_id}}/entries/{{name}}' +create_url: '{{env_keyvaluemap_id}}/entries' +delete_url: '{{env_keyvaluemap_id}}/entries/{{name}}' +immutable: true +import_format: + - '{{env_keyvaluemap_id}}/entries/{{name}}' + - '{{env_keyvaluemap_id}}/{{name}}' +timeouts: + insert_minutes: 1 + update_minutes: 20 + delete_minutes: 1 +autogen_async: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_environment_keyvaluemaps_entries.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_environment_keyvaluemaps_entries_basic' + primary_resource_id: 'apigee_environment_keyvaluemaps_entries' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_test: true + - name: 'apigee_environment_keyvaluemaps_entries_test' + primary_resource_id: 'apigee_environment_keyvaluemaps_entries' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + - name: 'apigee_environment_keyvaluemaps_entries_beta_test' + primary_resource_id: 'apigee_environment_keyvaluemaps_entries' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true +parameters: + - name: 'env_keyvaluemap_id' + type: String + description: | + The Apigee environment keyvalumaps Id associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}/keyvaluemaps/{{keyvaluemap_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Required. Resource URI that can be used to identify the scope of the key value map entries. + required: true + immutable: true + - name: 'value' + type: String + description: | + Required. Data or payload that is being retrieved and associated with the unique key. + required: true + immutable: true diff --git a/mmv1/products/apigee/go_Instance.yaml b/mmv1/products/apigee/go_Instance.yaml new file mode 100644 index 000000000000..9f8927bebc19 --- /dev/null +++ b/mmv1/products/apigee/go_Instance.yaml @@ -0,0 +1,188 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Instance' +description: | + An `Instance` is the runtime dataplane in Apigee. +references: + guides: + 'Creating a runtime instance': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-instance' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances/create' +docs: +base_url: 'instances' +self_link: '{{org_id}}/instances/{{name}}' +create_url: '{{org_id}}/instances' +immutable: true +mutex: '{{org_id}}/apigeeInstances' +import_format: + - '{{org_id}}/instances/{{name}}' + - '{{org_id}}/{{name}}' +timeouts: + insert_minutes: 60 + update_minutes: 20 + delete_minutes: 60 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/apigee_instance.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/apigee_instance.go.tmpl' +error_retry_predicates: + + - 'transport_tpg.IsApigeeRetryableError' +examples: + - name: 'apigee_instance_basic' + vars: + instance_name: 'my-instance-name' + skip_test: true + - name: 'apigee_instance_basic_test' + primary_resource_id: 'apigee_instance' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_instance_cidr_range' + vars: + instance_name: 'my-instance-name' + skip_test: true + - name: 'apigee_instance_cidr_range_test' + primary_resource_id: 'apigee_instance' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_instance_ip_range' + vars: + instance_name: 'my-instance-name' + skip_test: true + - name: 'apigee_instance_ip_range_test' + primary_resource_id: 'apigee_instance' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_instance_full' + vars: + instance_name: 'my-instance-name' + skip_test: true + - name: 'apigee_instance_full_test' + primary_resource_id: 'apigee_instance' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_instance_service_attachment_basic_test' + primary_resource_id: 'apigee_instance' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'orgId' + type: String + description: | + The Apigee Organization associated with the Apigee instance, + in the format `organizations/{{org_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Resource ID of the instance. + required: true + - name: 'location' + type: String + description: | + Required. Compute Engine location where the instance resides. + required: true + - name: 'peeringCidrRange' + type: String + description: | + The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. + default_from_api: true + - name: 'ipRange' + type: String + description: | + IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22" + ignore_read: true + - name: 'description' + type: String + description: | + Description of the instance. + - name: 'displayName' + type: String + description: | + Display name of the instance. + - name: 'diskEncryptionKeyName' + type: String + description: | + Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: `projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)` + immutable: true + - name: 'host' + type: String + description: | + Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service. + output: true + - name: 'port' + type: String + description: | + Output only. Port number of the exposed Apigee endpoint. + output: true + - name: 'consumerAcceptList' + type: Array + description: | + Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. + required: false + default_from_api: true + diff_suppress_func: 'projectListDiffSuppress' + item_type: + type: String + - name: 'serviceAttachment' + type: String + description: | + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + output: true diff --git a/mmv1/products/apigee/go_InstanceAttachment.yaml b/mmv1/products/apigee/go_InstanceAttachment.yaml new file mode 100644 index 000000000000..bf5450c38978 --- /dev/null +++ b/mmv1/products/apigee/go_InstanceAttachment.yaml @@ -0,0 +1,86 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceAttachment' +description: | + An `Instance attachment` in Apigee. +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.attachments/create' +docs: +base_url: '{{instance_id}}/attachments' +self_link: '{{instance_id}}/attachments/{{name}}' +create_url: '{{instance_id}}/attachments' +delete_url: '{{instance_id}}/attachments/{{name}}' +immutable: true +mutex: 'apigeeInstanceAttachments' +import_format: + - '{{instance_id}}/attachments/{{name}}' + - '{{instance_id}}/{{name}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_instance_attachment.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_instance_attachment_basic' + vars: + project_id: 'my-project' + instance_name: 'my-instance-name' + environment_name: 'my-environment-name' + skip_test: true + - name: 'apigee_instance_attachment_basic_test' + primary_resource_id: 'apigee_instance_attachment' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'instanceId' + type: String + description: | + The Apigee instance associated with the Apigee environment, + in the format `organizations/{{org_name}}/instances/{{instance_name}}`. + url_param_only: true + required: true +properties: + - name: 'environment' + type: String + description: | + The resource ID of the environment. + required: true + - name: 'name' + type: String + description: | + The name of the newly created attachment (output parameter). + output: true diff --git a/mmv1/products/apigee/go_KeystoresAliasesSelfSignedCert.yaml b/mmv1/products/apigee/go_KeystoresAliasesSelfSignedCert.yaml new file mode 100644 index 000000000000..442341fb4a16 --- /dev/null +++ b/mmv1/products/apigee/go_KeystoresAliasesSelfSignedCert.yaml @@ -0,0 +1,218 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'KeystoresAliasesSelfSignedCert' +description: | + An Environment Keystore Alias for Self Signed Certificate Format in Apigee +references: + guides: + 'Creating an environment': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keystores.aliases/create' +docs: +base_url: 'organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}' +self_link: 'organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}' +create_url: 'organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases?alias={{alias}}&format=selfsignedcert' +delete_url: 'organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}' +immutable: true +import_format: + - 'organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_env_keystore_alias_self_signed_cert.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_env_keystore_alias_self_signed_cert' + primary_resource_id: 'apigee_environment_keystore_ss_alias' + vars: + project_id: 'my-project' + environment_name: 'env-name' + keystore_name: 'env-keystore' + keystores_alias: 'alias' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_vcr: true +parameters: + - name: 'orgId' + type: String + description: | + The Apigee Organization name associated with the Apigee environment + url_param_only: true + required: true + immutable: true + - name: 'environment' + type: String + description: | + The Apigee environment name + url_param_only: true + required: true + immutable: true + - name: 'keystore' + type: String + description: | + The Apigee keystore name associated in an Apigee environment + url_param_only: true + required: true + immutable: true + - name: 'alias' + type: String + description: | + Alias for the key/certificate pair. Values must match the regular expression [\w\s-.]{1,255}. + This must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either + this parameter or the JSON body. + required: true + immutable: true + - name: 'subjectAlternativeDnsNames' + type: NestedObject + description: | + List of alternative host names. Maximum length is 255 characters for each value. + immutable: true + properties: + - name: 'subjectAlternativeName' + type: String + description: Subject Alternative Name + - name: 'keySize' + type: String + description: | + Key size. Default and maximum value is 2048 bits. + ignore_read: true + - name: 'sigAlg' + type: String + description: | + Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA + required: true + immutable: true + ignore_read: true + - name: 'subject' + type: NestedObject + description: Subject details. + required: true + immutable: true + ignore_read: true + properties: + - name: 'countryCode' + type: String + description: + Two-letter country code. Example, IN for India, US for United States + of America. + ignore_read: true + - name: 'state' + type: String + description: State or district name. Maximum length is 128 characters. + ignore_read: true + - name: 'locality' + type: String + description: City or town name. Maximum length is 128 characters. + ignore_read: true + - name: 'org' + type: String + description: Organization name. Maximum length is 64 characters. + ignore_read: true + - name: 'orgUnit' + type: String + description: Organization team name. Maximum length is 64 characters. + ignore_read: true + - name: 'commonName' + type: String + description: | + Common name of the organization. Maximum length is 64 characters. + ignore_read: true + - name: 'email' + type: String + description: Email address. Max 255 characters. + ignore_read: true + - name: 'certValidityInDays' + type: Integer + description: | + Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365. + immutable: true + ignore_read: true +properties: + - name: 'certsInfo' + type: NestedObject + description: Chain of certificates under this alias. + output: true + properties: + - name: 'certInfo' + type: Array + description: List of all properties in the object. + output: true + item_type: + type: NestedObject + properties: + - name: 'version' + type: Integer + description: X.509 version. + output: true + - name: 'subject' + type: String + description: X.509 subject. + output: true + - name: 'issuer' + type: String + description: X.509 issuer. + output: true + - name: 'expiryDate' + type: String + description: + X.509 notAfter validity period in milliseconds since epoch. + output: true + - name: 'validFrom' + type: String + description: + X.509 notBefore validity period in milliseconds since epoch. + output: true + - name: 'isValid' + type: String + description: | + Flag that specifies whether the certificate is valid. + Flag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid. + output: true + - name: 'subjectAlternativeNames' + type: Array + description: X.509 subject alternative names (SANs) extension. + output: true + item_type: + type: String + - name: 'sigAlgName' + type: String + description: X.509 signatureAlgorithm. + output: true + - name: 'publicKey' + type: String + description: + Public key component of the X.509 subject public key info. + output: true + - name: 'basicConstraints' + type: String + description: X.509 basic constraints extension. + output: true + - name: 'serialNumber' + type: String + description: X.509 serial number. + output: true + - name: 'type' + type: Enum + description: | + Optional.Type of Alias + output: true + enum_values: + - 'ALIAS_TYPE_UNSPECIFIED' + - 'CERT' + - 'KEY_CERT' diff --git a/mmv1/products/apigee/go_NatAddress.yaml b/mmv1/products/apigee/go_NatAddress.yaml new file mode 100644 index 000000000000..e306ed2f6e5e --- /dev/null +++ b/mmv1/products/apigee/go_NatAddress.yaml @@ -0,0 +1,89 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NatAddress' +description: | + Apigee NAT (network address translation) address. A NAT address is a static external IP address used for Internet egress traffic. This is not avaible for Apigee hybrid. + Apigee NAT addresses are not automatically activated because they might require explicit allow entries on the target systems first. See https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses/activate +references: + guides: + 'Provisioning NAT IPs': 'https://cloud.google.com/apigee/docs/api-platform/security/nat-provisioning' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses' +docs: +base_url: '{{instance_id}}/natAddresses' +self_link: '{{instance_id}}/natAddresses/{{name}}' +create_url: '{{instance_id}}/natAddresses' +delete_url: '{{instance_id}}/natAddresses/{{name}}' +immutable: true +import_format: + - '{{instance_id}}/natAddresses/{{name}}' + - '{{instance_id}}/{{name}}' +timeouts: + insert_minutes: 30 + update_minutes: 20 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_nat_address.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_nat_address_basic' + vars: + nat_address_name: 'my-nat-address' + skip_test: true + - name: 'apigee_nat_address_basic_test' + primary_resource_id: 'apigee_nat_address' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'instanceId' + type: String + description: | + The Apigee instance associated with the Apigee environment, + in the format `organizations/{{org_name}}/instances/{{instance_name}}`. + url_param_only: true + required: true +properties: + - name: 'name' + type: String + description: | + Resource ID of the NAT address. + required: true + - name: 'ipAddress' + type: String + description: | + The allocated NAT IP address. + output: true + - name: 'state' + type: String + description: | + State of the NAT IP address. + output: true diff --git a/mmv1/products/apigee/go_Organization.yaml b/mmv1/products/apigee/go_Organization.yaml new file mode 100644 index 000000000000..69042edd4c8f --- /dev/null +++ b/mmv1/products/apigee/go_Organization.yaml @@ -0,0 +1,245 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Organization' +description: | + An `Organization` is the top-level container in Apigee. +references: + guides: + 'Creating an API organization': 'https://cloud.google.com/apigee/docs/api-platform/get-started/create-org' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations' +docs: +base_url: 'organizations' +self_link: 'organizations/{{name}}' +create_url: 'organizations?parent=projects/{{project_id}}' +delete_url: 'organizations/{{name}}?retention={{retention}}' +timeouts: + insert_minutes: 45 + update_minutes: 45 + delete_minutes: 45 +autogen_async: true +async: + actions: ['create', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 45 + update_minutes: 45 + delete_minutes: 45 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/apigee_organization.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/apigee_organization.go.tmpl' +examples: + - name: 'apigee_organization_cloud_basic' + skip_test: true + - name: 'apigee_organization_cloud_basic_test' + primary_resource_id: 'org' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + ignore_read_extra: + - 'properties' + skip_docs: true + skip_vcr: true + - name: 'apigee_organization_cloud_basic_disable_vpc_peering' + skip_test: true + - name: 'apigee_organization_cloud_basic_disable_vpc_peering_test' + primary_resource_id: 'org' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + ignore_read_extra: + - 'properties' + skip_docs: true + skip_vcr: true + - name: 'apigee_organization_cloud_full' + skip_test: true + - name: 'apigee_organization_cloud_full_test' + primary_resource_id: 'org' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + ignore_read_extra: + - 'properties' + skip_docs: true + skip_vcr: true + - name: 'apigee_organization_cloud_full_disable_vpc_peering' + skip_test: true + - name: 'apigee_organization_cloud_full_disable_vpc_peering_test' + primary_resource_id: 'org' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + ignore_read_extra: + - 'properties' + skip_docs: true + skip_vcr: true + - name: 'apigee_organization_retention_test' + primary_resource_id: 'org' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true + - name: 'apigee_organization_drz_test' + primary_resource_id: 'org' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'projectId' + type: String + description: | + The project ID associated with the Apigee organization. + url_param_only: true + required: true + immutable: true + - name: 'retention' + type: Enum + description: | + Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType + is not EVALUATION). It controls how long Organization data will be retained after the initial delete + operation completes. During this period, the Organization may be restored to its last known state. + After this period, the Organization will no longer be able to be restored. + url_param_only: true + required: false + default_value: "DELETION_RETENTION_UNSPECIFIED" + enum_values: + - 'DELETION_RETENTION_UNSPECIFIED' + - 'MINIMUM' +properties: + - name: 'name' + type: String + description: | + Output only. Name of the Apigee organization. + output: true + - name: 'displayName' + type: String + description: | + The display name of the Apigee organization. + - name: 'description' + type: String + description: | + Description of the Apigee organization. + - name: 'analyticsRegion' + type: String + description: | + Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + immutable: true + - name: 'apiConsumerDataLocation' + type: String + description: | + This field is needed only for customers using non-default data residency regions. + Apigee stores some control plane data only in single region. + This field determines which single region Apigee should use. + immutable: true + - name: 'apiConsumerDataEncryptionKeyName' + type: String + description: | + Cloud KMS key name used for encrypting API consumer data. + immutable: true + - name: 'controlPlaneEncryptionKeyName' + type: String + description: | + Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + Only used for the data residency region "US" or "EU". + immutable: true + - name: 'authorizedNetwork' + type: String + description: | + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. + See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). + Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default". + - name: 'disableVpcPeering' + type: Boolean + description: | + Flag that specifies whether the VPC Peering through Private Google Access should be + disabled between the consumer network and Apigee. Required if an `authorizedNetwork` + on the consumer project is not provided, in which case the flag should be set to `true`. + Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation + of any Apigee runtime instance and can be updated only when there are no runtime instances. + - name: 'runtimeType' + type: Enum + description: | + Runtime type of the Apigee organization based on the Apigee subscription purchased. + immutable: true + default_value: "CLOUD" + enum_values: + - 'CLOUD' + - 'HYBRID' + - name: 'subscriptionType' + type: String + description: | + Output only. Subscription type of the Apigee organization. + Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). + output: true + - name: 'billingType' + type: String + description: | + Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing). + immutable: true + default_from_api: true + - name: 'caCertificate' + type: String + description: | + Output only. Base64-encoded public certificate for the root CA of the Apigee organization. + Valid only when `RuntimeType` is CLOUD. A base64-encoded string. + output: true + - name: 'runtimeDatabaseEncryptionKeyName' + type: String + description: | + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. + Update is not allowed after the organization is created. + If not specified, a Google-Managed encryption key will be used. + Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`. + immutable: true + - name: 'properties' + type: NestedObject + description: Properties defined in the Apigee organization profile. + default_from_api: true + properties: + - name: 'property' + type: Array + description: List of all properties in the object. + custom_flatten: 'templates/terraform/custom_flatten/go/apigee_organization_property.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: Name of the property. + - name: 'value' + type: String + description: Value of the property. + - name: 'apigeeProjectId' + type: String + description: | + Output only. Project ID of the Apigee Tenant Project. + output: true diff --git a/mmv1/products/apigee/go_SyncAuthorization.yaml b/mmv1/products/apigee/go_SyncAuthorization.yaml new file mode 100644 index 000000000000..ed84fd5269aa --- /dev/null +++ b/mmv1/products/apigee/go_SyncAuthorization.yaml @@ -0,0 +1,76 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SyncAuthorization' +description: | + Authorize the Synchronizer to download environment data from the control plane. +references: + guides: + 'Enable Synchronizer access': 'https://cloud.google.com/apigee/docs/hybrid/v1.8/synchronizer-access#enable-synchronizer-access' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations#getsyncauthorization' +docs: +id_format: 'organizations/{{name}}/syncAuthorization' +base_url: '' +self_link: 'organizations/{{name}}:getSyncAuthorization' +create_url: 'organizations/{{name}}:setSyncAuthorization' +update_url: 'organizations/{{name}}:setSyncAuthorization' +update_verb: 'POST' +read_verb: 'POST' +skip_delete: true +import_format: + - 'organizations/{{name}}/syncAuthorization' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'apigee_sync_authorization_basic_test' + primary_resource_id: 'apigee_sync_authorization' + vars: + account_id: 'my-account' + project_id: 'my-project' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' +parameters: + - name: 'name' + type: String + description: | + Name of the Apigee organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'identities' + type: Array + description: | + Array of service accounts to grant access to control plane resources, each specified using the following format: `serviceAccount:service-account-name`. + + The `service-account-name` is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + required: true + send_empty_value: true + item_type: + type: String + - name: 'etag' + type: Fingerprint + description: | + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + output: true diff --git a/mmv1/products/apigee/go_TargetServer.yaml b/mmv1/products/apigee/go_TargetServer.yaml new file mode 100644 index 000000000000..1eba3ab6d617 --- /dev/null +++ b/mmv1/products/apigee/go_TargetServer.yaml @@ -0,0 +1,157 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetServer' +description: | + TargetServer configuration. TargetServers are used to decouple a proxy TargetEndpoint HTTPTargetConnections from concrete URLs for backend services. +references: + guides: + 'Load balancing across backend servers': 'https://cloud.google.com/apigee/docs/api-platform/deploy/load-balancing-across-backend-servers' + api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.targetservers/create' +docs: +base_url: '{{env_id}}/targetservers' +self_link: '{{env_id}}/targetservers/{{name}}' +create_url: '{{env_id}}/targetservers' +update_url: '{{env_id}}/targetservers/{{name}}' +delete_url: '{{env_id}}/targetservers/{{name}}' +import_format: + - '{{env_id}}/targetservers/{{name}}' + - '{{env_id}}/{{name}}' +timeouts: + insert_minutes: 1 + update_minutes: 1 + delete_minutes: 1 +autogen_async: true +custom_code: + custom_import: 'templates/terraform/custom_import/go/apigee_target_server.go.tmpl' +skip_sweeper: true +examples: + - name: 'apigee_target_server_test_basic' + primary_resource_id: 'apigee_target_server' + vars: + project_id: 'my-project' + environment_name: 'my-environment-name' + target_server: 'my-target-server' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_test: true + - name: 'apigee_target_server_test' + primary_resource_id: 'apigee_target_server' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true +parameters: + - name: 'envId' + type: String + description: | + The Apigee environment group associated with the Apigee environment, + in the format `organizations/{{org_name}}/environments/{{env_name}}`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource id of this reference. Values must match the regular expression [\w\s-.]+. + required: true + immutable: true + - name: 'description' + type: String + description: | + A human-readable description of this TargetServer. + - name: 'host' + type: String + description: | + The host name this target connects to. Value must be a valid hostname as described by RFC-1123. + required: true + - name: 'port' + type: Integer + description: | + The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive. + required: true + - name: 'isEnabled' + type: Boolean + description: | + Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true. + default_value: true + - name: 'sSLInfo' + type: NestedObject + description: Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration. + properties: + - name: 'enabled' + type: Boolean + description: | + Enables TLS. If false, neither one-way nor two-way TLS will be enabled. + required: true + - name: 'clientAuthEnabled' + type: Boolean + description: | + Enables two-way TLS. + - name: 'keyStore' + type: String + description: | + Required if clientAuthEnabled is true. The resource ID of the keystore. + - name: 'keyAlias' + type: String + description: | + Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert. + - name: 'trustStore' + type: String + description: | + The resource ID of the truststore. + - name: 'ignoreValidationErrors' + type: Boolean + description: | + If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails. + - name: 'protocols' + type: Array + description: | + The TLS versioins to be used. + item_type: + type: String + - name: 'ciphers' + type: Array + description: | + The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3. + item_type: + type: String + - name: 'commonName' + type: NestedObject + description: The TLS Common Name of the certificate. + properties: + - name: 'value' + type: String + description: | + The TLS Common Name string of the certificate. + - name: 'wildcardMatch' + type: Boolean + description: | + Indicates whether the cert should be matched against as a wildcard cert. + + - name: 'protocol' + type: Enum + description: | + Immutable. The protocol used by this TargetServer. + immutable: true + default_from_api: true + enum_values: + - 'HTTP' + - 'HTTP2' + - 'GRPC_TARGET' + - 'GRPC' + - 'EXTERNAL_CALLOUT' diff --git a/tpgtools/api/orgpolicy/samples/enforce_policy.yaml b/mmv1/products/apigee/go_product.yaml old mode 100755 new mode 100644 similarity index 61% rename from tpgtools/api/orgpolicy/samples/enforce_policy.yaml rename to mmv1/products/apigee/go_product.yaml index 2527f30a897a..944e02301a90 --- a/tpgtools/api/orgpolicy/samples/enforce_policy.yaml +++ b/mmv1/products/apigee/go_product.yaml @@ -1,27 +1,22 @@ -# Copyright 2021 Google LLC. All Rights Reserved. -# +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -dependencies: -- samples/basic.cloudresourcemanager.project.json -description: A test of an enforce orgpolicy policy for a project -name: enforce_policy -resource: samples/enforce.policy.json -type: policy -variables: -- name: id - type: resource_name -- name: org_id - type: org_id + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Apigee' +display_name: 'Apigee' versions: -- ga -- beta + - name: 'ga' + base_url: 'https://apigee.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/appengine/FlexibleAppVersion.yaml b/mmv1/products/appengine/FlexibleAppVersion.yaml index 5c0b94832124..ae6831824759 100644 --- a/mmv1/products/appengine/FlexibleAppVersion.yaml +++ b/mmv1/products/appengine/FlexibleAppVersion.yaml @@ -236,6 +236,18 @@ properties: name: 'runtimeChannel' description: | The channel of the runtime to use. Only available for some runtimes. + - !ruby/object:Api::Type::NestedObject + name: 'flexibleRuntimeSettings' + description: Runtime settings for App Engine flexible environment. + properties: + - !ruby/object:Api::Type::String + name: 'operatingSystem' + description: | + Operating System of the application runtime. + - !ruby/object:Api::Type::String + name: 'runtimeVersion' + description: | + The runtime version of an App Engine flexible application. - !ruby/object:Api::Type::KeyValuePairs name: 'betaSettings' description: | diff --git a/mmv1/products/appengine/go_ApplicationUrlDispatchRules.yaml b/mmv1/products/appengine/go_ApplicationUrlDispatchRules.yaml new file mode 100644 index 000000000000..9ce1764019ef --- /dev/null +++ b/mmv1/products/appengine/go_ApplicationUrlDispatchRules.yaml @@ -0,0 +1,89 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ApplicationUrlDispatchRules' +description: | + Rules to match an HTTP request and dispatch that request to a service. +references: + guides: + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps#UrlDispatchRule' +docs: +id_format: '{{project}}' +base_url: 'apps/{{project}}' +create_url: 'apps/{{project}}?updateMask=dispatch_rules' +create_verb: 'PATCH' +update_url: 'apps/{{project}}?updateMask=dispatch_rules' +update_verb: 'PATCH' +delete_url: 'apps/{{project}}?updateMask=dispatch_rules' +delete_verb: 'PATCH' +mutex: 'apps/{{project}}' +import_format: + - '{{project}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + test_check_destroy: 'templates/terraform/custom_check_destroy/go/appengine.go.tmpl' +skip_sweeper: true +error_retry_predicates: + + - 'transport_tpg.IsAppEngineRetryableError' +examples: + - name: 'app_engine_application_url_dispatch_rules_basic' + primary_resource_id: 'web_service' + vars: + bucket_name: 'appengine-test-bucket' +parameters: +properties: + - name: 'dispatchRules' + type: Array + description: | + Rules to match an HTTP request and dispatch that request to a service. + required: true + item_type: + type: NestedObject + properties: + - name: 'domain' + type: String + description: | + Domain name to match against. The wildcard "*" is supported if specified before a period: "*.". + Defaults to matching all domains: "*". + default_value: "*" + - name: 'path' + type: String + description: | + Pathname within the host. Must start with a "/". A single "*" can be included at the end of the path. + The sum of the lengths of the domain and path may not exceed 100 characters. + required: true + - name: 'service' + type: String + description: | + Pathname within the host. Must start with a "/". A single "*" can be included at the end of the path. + The sum of the lengths of the domain and path may not exceed 100 characters. + required: true diff --git a/mmv1/products/appengine/go_DomainMapping.yaml b/mmv1/products/appengine/go_DomainMapping.yaml new file mode 100644 index 000000000000..a1ea9451554d --- /dev/null +++ b/mmv1/products/appengine/go_DomainMapping.yaml @@ -0,0 +1,145 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DomainMapping' +description: | + A domain serving an App Engine application. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/appengine/docs/standard/python/mapping-custom-domains' + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.domainMappings' +docs: +id_format: 'apps/{{project}}/domainMappings/{{domain_name}}' +base_url: 'apps/{{project}}/domainMappings' +self_link: 'apps/{{project}}/domainMappings/{{domain_name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'apps/{{project}}' +import_format: + - 'apps/{{project}}/domainMappings/{{domain_name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + decoder: 'templates/terraform/decoders/go/app_engine_domain_mapping.go.tmpl' +examples: + - name: 'app_engine_domain_mapping_basic' + primary_resource_id: 'domain_mapping' + ignore_read_extra: + - 'ssl_settings.0.ssl_management_type' +parameters: + - name: 'overrideStrategy' + type: Enum + description: | + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. + url_param_only: true + ignore_read: true + default_value: "STRICT" + enum_values: + - 'STRICT' + - 'OVERRIDE' + - name: 'domainName' + type: String + description: | + Relative name of the domain serving the application. Example: example.com. + api_name: id + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com. + output: true + - name: 'sslSettings' + type: NestedObject + description: | + SSL configuration for this domain. If unconfigured, this domain will not serve with SSL. + default_from_api: true + update_mask_fields: + - 'ssl_settings.certificate_id' + - 'ssl_settings.ssl_management_type' + properties: + - name: 'certificateId' + type: String + description: | + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify `SslManagementType.MANUAL` on a `CREATE` or `UPDATE` request. You must be + authorized to administer the `AuthorizedCertificate` resource to manually map it to a DomainMapping resource. + Example: 12345. + default_from_api: true + - name: 'sslManagementType' + type: Enum + description: | + SSL management type for this domain. If `AUTOMATIC`, a managed certificate is automatically provisioned. + If `MANUAL`, `certificateId` must be manually specified in order to configure SSL for this domain. + required: true + enum_values: + - 'AUTOMATIC' + - 'MANUAL' + - name: 'pendingManagedCertificateId' + type: Enum + description: | + ID of the managed `AuthorizedCertificate` resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the `certificateId` field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + `certificateId` field with an update request. + output: true + enum_values: + - 'AUTOMATIC' + - 'MANUAL' + - name: 'resourceRecords' + type: Array + description: | + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + output: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Relative name of the object affected by this record. Only applicable for CNAME records. Example: 'www'. + - name: 'rrdata' + type: String + description: | + Data for this record. Values vary by record type, as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + - name: 'type' + type: Enum + description: | + Resource record type. Example: `AAAA`. + enum_values: + - 'A' + - 'AAAA' + - 'CNAME' diff --git a/mmv1/products/appengine/go_FirewallRule.yaml b/mmv1/products/appengine/go_FirewallRule.yaml new file mode 100644 index 000000000000..8b733d9a49d2 --- /dev/null +++ b/mmv1/products/appengine/go_FirewallRule.yaml @@ -0,0 +1,83 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FirewallRule' +description: | + A single firewall rule that is evaluated against incoming traffic + and provides an action to take on matched requests. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/appengine/docs/standard/python/creating-firewalls#creating_firewall_rules' + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.firewall.ingressRules' +docs: +base_url: 'apps/{{project}}/firewall/ingressRules' +self_link: 'apps/{{project}}/firewall/ingressRules/{{priority}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'apps/{{project}}' +import_format: + - 'apps/{{project}}/firewall/ingressRules/{{priority}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + type: 'PollAsync' + check_response_func_existence: 'transport_tpg.PollCheckForExistence' + check_response_func_absence: 'transport_tpg.PollCheckForAbsence' + suppress_error: false + target_occurrences: 1 + actions: ['create'] +collection_url_key: 'ingressRules' +custom_code: +skip_sweeper: true +examples: + - name: 'app_engine_firewall_rule_basic' + primary_resource_id: 'rule' + vars: + project_id: 'ae-project' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' +parameters: + - name: 'priority' + type: Integer + description: | + A positive integer that defines the order of rule evaluation. + Rules with the lowest priority are evaluated first. + + A default rule at priority Int32.MaxValue matches all IPv4 and + IPv6 traffic when no previous rule matches. Only the action of + this rule can be modified by the user. +properties: + - name: 'description' + type: String + description: | + An optional string description of this rule. + required: false + - name: 'sourceRange' + type: String + description: | + IP address or range, defined using CIDR notation, of requests that this rule applies to. + required: true + - name: 'action' + type: Enum + description: | + The action to take if this rule matches. + required: true + enum_values: + - 'UNSPECIFIED_ACTION' + - 'ALLOW' + - 'DENY' diff --git a/mmv1/products/appengine/go_FlexibleAppVersion.yaml b/mmv1/products/appengine/go_FlexibleAppVersion.yaml new file mode 100644 index 000000000000..da141620af6c --- /dev/null +++ b/mmv1/products/appengine/go_FlexibleAppVersion.yaml @@ -0,0 +1,844 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FlexibleAppVersion' +description: | + Flexible App Version resource to create a new version of flexible GAE Application. Based on Google Compute Engine, + the App Engine flexible environment automatically scales your app up and down while also balancing the load. + Learn about the differences between the standard environment and the flexible environment + at https://cloud.google.com/appengine/docs/the-appengine-environments. + + ~> **Note:** The App Engine flexible environment service account uses the member ID `service-[YOUR_PROJECT_NUMBER]@gae-api-prod.google.com.iam.gserviceaccount.com` + It should have the App Engine Flexible Environment Service Agent role, which will be applied when the `appengineflex.googleapis.com` service is enabled. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/appengine/docs/flexible' + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions' +docs: +id_format: 'apps/{{project}}/services/{{service}}/versions/{{version_id}}' +base_url: 'apps/{{project}}/services/{{service}}/versions' +self_link: 'apps/{{project}}/services/{{service}}/versions/{{version_id}}?view=FULL' +update_url: 'apps/{{project}}/services/{{service}}/versions' +update_verb: 'POST' +update_mask: false +delete_url: 'apps/{{project}}/services/{{service}}/versions/{{version_id}}' +mutex: 'apps/{{project}}' +import_format: + - 'apps/{{project}}/services/{{service}}/versions/{{version_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'appengine#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'versions' +custom_code: + encoder: 'templates/terraform/encoders/go/flex_app_version.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/appversion_delete.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +error_retry_predicates: + + - 'transport_tpg.IsAppEngineRetryableError' +examples: + - name: 'app_engine_flexible_app_version' + primary_resource_id: 'myapp_v1' + vars: + bucket_name: 'appengine-static-content' + project: 'appeng-flex' + account_id: 'my-account' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + ignore_read_extra: + - 'noop_on_destroy' + - 'deployment.0.zip' +virtual_fields: + - name: 'noop_on_destroy' + description: | + If set to `true`, the application version will not be deleted. + type: Boolean + default_value: false + - name: 'delete_service_on_destroy' + description: | + If set to `true`, the service will be deleted if it is the last version. + type: Boolean + default_value: false +parameters: + - name: 'service' + type: ResourceRef + description: | + AppEngine service resource. Can contain numbers, letters, and hyphens. + url_param_only: true + required: true + resource: 'Service' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Full path to the Version resource in the API. Example, "v1". + output: true + - name: 'version_id' + type: String + description: | + Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. + Reserved names,"default", "latest", and any name with the prefix "ah-". + api_name: id + immutable: true + - name: 'inboundServices' + type: Array + description: | + A list of the types of messages that this application is able to receive. + is_set: true + item_type: + type: Enum + description: | + One type of message that this application is able to receive. + enum_values: + - 'INBOUND_SERVICE_MAIL' + - 'INBOUND_SERVICE_MAIL_BOUNCE' + - 'INBOUND_SERVICE_XMPP_ERROR' + - 'INBOUND_SERVICE_XMPP_MESSAGE' + - 'INBOUND_SERVICE_XMPP_SUBSCRIBE' + - 'INBOUND_SERVICE_XMPP_PRESENCE' + - 'INBOUND_SERVICE_CHANNEL_PRESENCE' + - 'INBOUND_SERVICE_WARMUP' + - name: 'instanceClass' + type: String + description: | + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + - name: 'network' + type: NestedObject + description: Extra network settings + properties: + - name: 'forwardedPorts' + type: Array + description: | + List of ports, or port pairs, to forward from the virtual machine to the application container. + item_type: + type: String + - name: 'instanceIpMode' + type: Enum + description: | + Prevent instances from receiving an ephemeral external IP address. + min_version: 'beta' + enum_values: + - 'EXTERNAL' + - 'INTERNAL' + - name: 'instanceTag' + type: String + description: | + Tag to apply to the instance during creation. + - name: 'name' + type: String + description: | + Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path. + required: true + - name: 'subnetwork' + type: String + description: | + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. + + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. + api_name: subnetworkName + - name: 'sessionAffinity' + type: Boolean + description: | + Enable session affinity. + - name: 'resources' + type: NestedObject + description: Machine resources for a version. + properties: + - name: 'cpu' + type: Integer + description: | + Number of CPU cores needed. + at_least_one_of: + - 'resources.0.cpu' + - 'resources.0.disk_gb' + - 'resources.0.memory_gb' + - 'resources.0.volumes' + - name: 'diskGb' + type: Integer + description: | + Disk size (GB) needed. + at_least_one_of: + - 'resources.0.cpu' + - 'resources.0.disk_gb' + - 'resources.0.memory_gb' + - 'resources.0.volumes' + - name: 'memoryGb' + type: Double + description: | + Memory (GB) needed. + at_least_one_of: + - 'resources.0.cpu' + - 'resources.0.disk_gb' + - 'resources.0.memory_gb' + - 'resources.0.volumes' + - name: 'volumes' + type: Array + description: | + List of ports, or port pairs, to forward from the virtual machine to the application container. + at_least_one_of: + - 'resources.0.cpu' + - 'resources.0.disk_gb' + - 'resources.0.memory_gb' + - 'resources.0.volumes' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Unique name for the volume. + required: true + - name: 'volumeType' + type: String + description: | + Underlying volume type, e.g. 'tmpfs'. + required: true + - name: 'sizeGb' + type: Integer + description: | + Volume size in gigabytes. + required: true + - name: 'runtime' + type: String + description: | + Desired runtime. Example python27. + required: true + - name: 'runtimeChannel' + type: String + description: | + The channel of the runtime to use. Only available for some runtimes. + - name: 'flexibleRuntimeSettings' + type: NestedObject + description: Runtime settings for App Engine flexible environment. + properties: + - name: 'operatingSystem' + type: String + description: | + Operating System of the application runtime. + - name: 'runtimeVersion' + type: String + description: | + The runtime version of an App Engine flexible application. + - name: 'betaSettings' + type: KeyValuePairs + description: | + Metadata settings that are supplied to this version to enable beta runtime features. + ignore_read: true + - name: 'servingStatus' + type: Enum + description: | + Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. + default_value: "SERVING" + enum_values: + - 'SERVING' + - 'STOPPED' + - name: 'runtimeApiVersion' + type: String + description: | + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at `https://cloud.google.com/appengine/docs/standard//config/appref`\ + Substitute `` with `python`, `java`, `php`, `ruby`, `go` or `nodejs`. + default_from_api: true + - name: 'handlers' + type: Array + description: | + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'urlRegex' + type: String + description: | + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + - name: 'securityLevel' + type: Enum + description: | + Security (HTTPS) enforcement for this URL. + required: false + enum_values: + - 'SECURE_DEFAULT' + - 'SECURE_NEVER' + - 'SECURE_OPTIONAL' + - 'SECURE_ALWAYS' + - name: 'login' + type: Enum + description: | + Methods to restrict access to a URL based on login status. + required: false + enum_values: + - 'LOGIN_OPTIONAL' + - 'LOGIN_ADMIN' + - 'LOGIN_REQUIRED' + - name: 'authFailAction' + type: Enum + description: | + Actions to take when the user is not logged in. + required: false + enum_values: + - 'AUTH_FAIL_ACTION_REDIRECT' + - 'AUTH_FAIL_ACTION_UNAUTHORIZED' + - name: 'redirectHttpResponseCode' + type: Enum + description: | + 30x code to use when performing redirects for the secure field. + required: false + enum_values: + - 'REDIRECT_HTTP_RESPONSE_CODE_301' + - 'REDIRECT_HTTP_RESPONSE_CODE_302' + - 'REDIRECT_HTTP_RESPONSE_CODE_303' + - 'REDIRECT_HTTP_RESPONSE_CODE_307' + - name: 'script' + type: NestedObject + description: | + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + - name: 'scriptPath' + type: String + description: | + Path to the script from the application root directory. + required: true + - name: 'staticFiles' + type: NestedObject + description: | + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + - name: 'path' + type: String + description: | + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + - name: 'uploadPathRegex' + type: String + description: | + Regular expression that matches the file paths for all files that should be referenced by this handler. + - name: 'httpHeaders' + type: KeyValuePairs + description: | + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + - name: 'mimeType' + type: String + description: | + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + - name: 'expiration' + type: String + description: | + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s' + default_value: "0s" + - name: 'requireMatchingFile' + type: Boolean + description: | + Whether this handler should match the request if the file referenced by the handler does not exist. + - name: 'applicationReadable' + type: Boolean + description: | + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + - name: 'runtimeMainExecutablePath' + type: String + description: | + The path or name of the app's main executable. + - name: 'serviceAccount' + type: String + description: | + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + default_from_api: true + - name: 'apiConfig' + type: NestedObject + description: | + Serving configuration for Google Cloud Endpoints. + properties: + - name: 'authFailAction' + type: Enum + description: | + Action to take when users access resources that require authentication. + default_value: "AUTH_FAIL_ACTION_REDIRECT" + enum_values: + - 'AUTH_FAIL_ACTION_REDIRECT' + - 'AUTH_FAIL_ACTION_UNAUTHORIZED' + - name: 'login' + type: Enum + description: | + Level of login required to access this resource. + default_value: "LOGIN_OPTIONAL" + enum_values: + - 'LOGIN_OPTIONAL' + - 'LOGIN_ADMIN' + - 'LOGIN_REQUIRED' + - name: 'script' + type: String + description: | + Path to the script from the application root directory. + required: true + - name: 'securityLevel' + type: Enum + description: | + Security (HTTPS) enforcement for this URL. + enum_values: + - 'SECURE_DEFAULT' + - 'SECURE_NEVER' + - 'SECURE_OPTIONAL' + - 'SECURE_ALWAYS' + - name: 'url' + type: String + description: | + URL to serve the endpoint at. + - name: 'envVariables' + type: KeyValuePairs + description: |- + Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config. + ignore_read: true + - name: 'defaultExpiration' + type: String + description: | + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + - name: 'readinessCheck' + type: NestedObject + description: | + Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation. + required: true + properties: + - name: 'path' + type: String + description: | + The request path. + required: true + - name: 'host' + type: String + description: | + Host header to send when performing a HTTP Readiness check. Example: "myapp.appspot.com" + - name: 'failureThreshold' + type: Double + description: | + Number of consecutive failed checks required before removing traffic. Default: 2. + default_value: 2.0 + - name: 'successThreshold' + type: Double + description: | + Number of consecutive successful checks required before receiving traffic. Default: 2. + default_value: 2.0 + - name: 'checkInterval' + type: String + description: | + Interval between health checks. Default: "5s". + default_value: "5s" + - name: 'timeout' + type: String + description: | + Time before the check is considered failed. Default: "4s" + default_value: "4s" + - name: 'appStartTimeout' + type: String + description: | + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s" + default_value: "300s" + - name: 'livenessCheck' + type: NestedObject + description: | + Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances. + required: true + properties: + - name: 'path' + type: String + description: | + The request path. + required: true + - name: 'host' + type: String + description: | + Host header to send when performing a HTTP Readiness check. Example: "myapp.appspot.com" + - name: 'failureThreshold' + type: Double + description: | + Number of consecutive failed checks required before considering the VM unhealthy. Default: 4. + default_value: 4.0 + - name: 'successThreshold' + type: Double + description: | + Number of consecutive successful checks required before considering the VM healthy. Default: 2. + default_value: 2.0 + - name: 'checkInterval' + type: String + description: | + Interval between health checks. + default_value: "30s" + - name: 'timeout' + type: String + description: | + Time before the check is considered failed. Default: "4s" + default_value: "4s" + - name: 'initialDelay' + type: String + description: | + The initial delay before starting to execute the checks. Default: "300s" + default_value: "300s" + - name: 'nobuildFilesRegex' + type: String + description: | + Files that match this pattern will not be built into this version. Only applicable for Go runtimes. + - name: 'deployment' + type: NestedObject + description: | + Code and application artifacts that make up this version. + ignore_read: true + properties: + - name: 'zip' + type: NestedObject + description: 'Zip File' + at_least_one_of: + - 'deployment.0.zip' + - 'deployment.0.files' + - 'deployment.0.container' + properties: + - name: 'sourceUrl' + type: String + description: 'Source URL' + required: true + - name: 'filesCount' + type: Integer + description: 'files count' + - name: 'files' + type: Map + description: | + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + at_least_one_of: + - 'deployment.0.zip' + - 'deployment.0.files' + - 'deployment.0.container' + key_name: 'name' + key_description: | + name of file + value_type: + type: NestedObject + properties: + - name: 'sha1Sum' + type: String + description: | + SHA1 checksum of the file + - name: 'sourceUrl' + type: String + description: | + Source URL + required: true + - name: 'container' + type: NestedObject + description: 'The Docker image for the container that runs the version.' + default_from_api: true + at_least_one_of: + - 'deployment.0.zip' + - 'deployment.0.files' + - 'deployment.0.container' + properties: + - name: 'image' + type: String + description: | + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest" + required: true + - name: 'cloudBuildOptions' + type: NestedObject + description: + Options for the build operations performed as a part of the version + deployment. Only applicable when creating a version using source code + directly. + at_least_one_of: + - 'deployment.0.zip' + - 'deployment.0.files' + - 'deployment.0.container' + properties: + - name: 'appYamlPath' + type: String + description: | + Path to the yaml file used in deployment, used to determine runtime configuration details. + required: true + - name: 'cloudBuildTimeout' + type: String + description: | + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - name: 'endpointsApiService' + type: NestedObject + description: | + Code and application artifacts that make up this version. + properties: + - name: 'name' + type: String + description: | + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog" + required: true + - name: 'configId' + type: String + description: | + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + - name: 'rolloutStrategy' + type: Enum + description: | + Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. + default_value: "FIXED" + enum_values: + - 'FIXED' + - 'MANAGED' + - name: 'disableTraceSampling' + type: Boolean + description: + Enable or disable trace sampling. By default, this is set to false for + enabled. + default_value: false + - name: 'entrypoint' + type: NestedObject + description: | + The entrypoint for the application. + ignore_read: true + properties: + - name: 'shell' + type: String + description: | + The format should be a shell command that can be fed to bash -c. + required: true + - name: 'vpcAccessConnector' + type: NestedObject + description: | + Enables VPC connectivity for standard apps. + properties: + - name: 'name' + type: String + description: | + Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + required: true + - name: 'automaticScaling' + type: NestedObject + description: | + Automatic scaling is based on request rate, response latencies, and other application metrics. + exactly_one_of: + - 'automatic_scaling' + - 'manual_scaling' + properties: + - name: 'coolDownPeriod' + type: String + description: | + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s + default_value: "120s" + - name: 'cpuUtilization' + type: NestedObject + description: | + Target scaling by CPU usage. + required: true + properties: + - name: 'aggregationWindowLength' + type: String + description: | + Period of time over which CPU utilization is calculated. + - name: 'targetUtilization' + type: Double + description: | + Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1. + required: true + - name: 'maxConcurrentRequests' + type: Integer + description: | + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + default_from_api: true + - name: 'maxIdleInstances' + type: Integer + description: | + Maximum number of idle instances that should be maintained for this version. + - name: 'maxTotalInstances' + type: Integer + description: | + Maximum number of instances that should be started to handle requests for this version. Default: 20 + default_value: 20 + - name: 'maxPendingLatency' + type: String + description: | + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + - name: 'minIdleInstances' + type: Integer + description: | + Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. + - name: 'minTotalInstances' + type: Integer + description: | + Minimum number of running instances that should be maintained for this version. Default: 2 + default_value: 2 + - name: 'minPendingLatency' + type: String + description: | + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + - name: 'requestUtilization' + type: NestedObject + description: | + Target scaling by request utilization. + properties: + - name: 'targetRequestCountPerSecond' + type: String + description: | + Target requests per second. + at_least_one_of: + - 'automatic_scaling.0.request_utilization.0.target_request_count_per_second' + - 'automatic_scaling.0.request_utilization.0.target_concurrent_requests' + - name: 'targetConcurrentRequests' + type: Double + description: | + Target number of concurrent requests. + at_least_one_of: + - 'automatic_scaling.0.request_utilization.0.target_request_count_per_second' + - 'automatic_scaling.0.request_utilization.0.target_concurrent_requests' + - name: 'diskUtilization' + type: NestedObject + description: | + Target scaling by disk usage. + properties: + - name: 'targetWriteBytesPerSecond' + type: Integer + description: | + Target bytes written per second. + at_least_one_of: + - 'automatic_scaling.0.disk_utilization.0.target_write_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_write_ops_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_ops_per_second' + - name: 'targetWriteOpsPerSecond' + type: Integer + description: | + Target ops written per second. + at_least_one_of: + - 'automatic_scaling.0.disk_utilization.0.target_write_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_write_ops_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_ops_per_second' + - name: 'targetReadBytesPerSecond' + type: Integer + description: | + Target bytes read per second. + at_least_one_of: + - 'automatic_scaling.0.disk_utilization.0.target_write_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_write_ops_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_ops_per_second' + - name: 'targetReadOpsPerSecond' + type: Integer + description: | + Target ops read per seconds. + at_least_one_of: + - 'automatic_scaling.0.disk_utilization.0.target_write_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_write_ops_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_bytes_per_second' + - 'automatic_scaling.0.disk_utilization.0.target_read_ops_per_second' + - name: 'networkUtilization' + type: NestedObject + description: | + Target scaling by network usage. + properties: + - name: 'targetSentBytesPerSecond' + type: Integer + description: | + Target bytes sent per second. + at_least_one_of: + - 'automatic_scaling.0.network_utilization.0.target_sent_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_sent_packets_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_packets_per_second' + - name: 'targetSentPacketsPerSecond' + type: Integer + description: | + Target packets sent per second. + at_least_one_of: + - 'automatic_scaling.0.network_utilization.0.target_sent_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_sent_packets_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_packets_per_second' + - name: 'targetReceivedBytesPerSecond' + type: Integer + description: | + Target bytes received per second. + at_least_one_of: + - 'automatic_scaling.0.network_utilization.0.target_sent_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_sent_packets_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_packets_per_second' + - name: 'targetReceivedPacketsPerSecond' + type: Integer + description: | + Target packets received per second. + at_least_one_of: + - 'automatic_scaling.0.network_utilization.0.target_sent_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_sent_packets_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_bytes_per_second' + - 'automatic_scaling.0.network_utilization.0.target_received_packets_per_second' + - name: 'manualScaling' + type: NestedObject + description: | + A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. + exactly_one_of: + - 'automatic_scaling' + - 'manual_scaling' + properties: + - name: 'instances' + type: Integer + description: | + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use `lifecycle.ignore_changes = ["manual_scaling"[0].instances]` to prevent drift detection. + required: true diff --git a/mmv1/products/appengine/go_Service.yaml b/mmv1/products/appengine/go_Service.yaml new file mode 100644 index 000000000000..e8ec7bec64ac --- /dev/null +++ b/mmv1/products/appengine/go_Service.yaml @@ -0,0 +1,46 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Service' +description: | + A Service resource is a logical component of an application that can share state and communicate in a secure fashion with other services. + For example, an application that handles customer requests might include separate services to handle tasks such as backend data analysis or API requests from mobile devices. + Each service has a collection of versions that define a specific set of code used to implement the functionality of that service. +exclude: true +references: + guides: + 'Official Documentation': 'https://cloud.google.com/appengine/docs/admin-api/deploying-overview' + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services' +docs: +base_url: 'apps/{{project}}/services' +self_link: 'apps/{{project}}/services/{{id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +parameters: +properties: + - name: 'name' + type: String + description: | + Full path to the Service resource in the API. Example apps/myapp/services/default. + This field is used in responses only. Any value specified here in a request is ignored. + output: true + - name: 'id' + type: String + description: | + Relative name of the service within the application. Example default. + output: true diff --git a/mmv1/products/appengine/go_ServiceNetworkSettings.yaml b/mmv1/products/appengine/go_ServiceNetworkSettings.yaml new file mode 100644 index 000000000000..bcb415b7f01a --- /dev/null +++ b/mmv1/products/appengine/go_ServiceNetworkSettings.yaml @@ -0,0 +1,83 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceNetworkSettings' +description: | + A NetworkSettings resource is a container for ingress settings for a version or service. +references: + guides: + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services' +docs: +id_format: 'apps/{{project}}/services/{{service}}' +base_url: 'apps/{{project}}/services' +self_link: 'apps/{{project}}/services/{{service}}' +create_url: 'apps/{{project}}/services/{{service}}?updateMask=networkSettings' +create_verb: 'PATCH' +update_url: 'apps/{{project}}/services/{{service}}' +update_verb: 'PATCH' +update_mask: true +skip_delete: true +mutex: 'apps/{{project}}' +import_format: + - 'apps/{{project}}/services/{{service}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'appengine#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +examples: + - name: 'app_engine_service_network_settings' + primary_resource_id: 'internalapp' + vars: + bucket_name: 'appengine-static-content' +parameters: +properties: + - name: 'service' + type: String + description: | + The name of the service these settings apply to. + api_name: id + required: true + - name: 'networkSettings' + type: NestedObject + description: | + Ingress settings for this service. Will apply to all versions. + required: true + properties: + - name: 'ingressTrafficAllowed' + type: Enum + description: | + The ingress settings for version or service. + default_value: "INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED" + enum_values: + - 'INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED' + - 'INGRESS_TRAFFIC_ALLOWED_ALL' + - 'INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY' + - 'INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB' diff --git a/mmv1/products/appengine/go_ServiceSplitTraffic.yaml b/mmv1/products/appengine/go_ServiceSplitTraffic.yaml new file mode 100644 index 000000000000..64267de811d0 --- /dev/null +++ b/mmv1/products/appengine/go_ServiceSplitTraffic.yaml @@ -0,0 +1,99 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceSplitTraffic' +description: | + Traffic routing configuration for versions within a single service. Traffic splits define how traffic directed to the service is assigned to versions. +references: + guides: + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services' +docs: +id_format: 'apps/{{project}}/services/{{service}}' +base_url: 'apps/{{project}}/services' +self_link: 'apps/{{project}}/services/{{service}}' +create_url: 'apps/{{project}}/services/{{service}}?migrateTraffic={{migrate_traffic}}&updateMask=split' +create_verb: 'PATCH' +update_url: 'apps/{{project}}/services/{{service}}?migrateTraffic={{migrate_traffic}}' +update_verb: 'PATCH' +update_mask: true +skip_delete: true +mutex: 'apps/{{project}}' +import_format: + - 'apps/{{project}}/services/{{service}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'appengine#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +examples: + - name: 'app_engine_service_split_traffic' + primary_resource_id: 'liveapp' + vars: + service_id: 'default' + split.allocations.v1: '1' + bucket_name: 'appengine-static-content' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'migrate_traffic' + type: Boolean + description: | + If set to true traffic will be migrated to this version. + url_param_only: true +properties: + - name: 'service' + type: String + description: | + The name of the service these settings apply to. + api_name: id + required: true + - name: 'split' + type: NestedObject + description: | + Mapping that defines fractional HTTP traffic diversion to different versions within the service. + required: true + ignore_read: true + properties: + - name: 'shardBy' + type: Enum + description: | + Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. + enum_values: + - 'UNSPECIFIED' + - 'COOKIE' + - 'IP' + - 'RANDOM' + - name: 'allocations' + type: KeyValuePairs + description: | + Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits. + + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_string.go.tmpl' diff --git a/mmv1/products/appengine/go_StandardAppVersion.yaml b/mmv1/products/appengine/go_StandardAppVersion.yaml new file mode 100644 index 000000000000..132fece11508 --- /dev/null +++ b/mmv1/products/appengine/go_StandardAppVersion.yaml @@ -0,0 +1,448 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'StandardAppVersion' +description: | + Standard App Version resource to create a new version of standard GAE Application. + Learn about the differences between the standard environment and the flexible environment + at https://cloud.google.com/appengine/docs/the-appengine-environments. + Currently supporting Zip and File Containers. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/appengine/docs/standard' + api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions' +docs: +id_format: 'apps/{{project}}/services/{{service}}/versions/{{version_id}}' +base_url: 'apps/{{project}}/services/{{service}}/versions' +self_link: 'apps/{{project}}/services/{{service}}/versions/{{version_id}}?view=FULL' +create_url: 'apps/{{project}}/services/{{service}}/versions' +update_url: 'apps/{{project}}/services/{{service}}/versions' +update_verb: 'POST' +update_mask: false +delete_url: 'apps/{{project}}/services/{{service}}/versions/{{version_id}}' +mutex: 'apps/{{project}}' +import_format: + - 'apps/{{project}}/services/{{service}}/versions/{{version_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'appengine#operation' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'versions' +custom_code: + custom_delete: 'templates/terraform/custom_delete/go/appversion_delete.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/appengine.go.tmpl' +error_retry_predicates: + + - 'transport_tpg.IsAppEngineRetryableError' +examples: + - name: 'app_engine_standard_app_version' + primary_resource_id: 'myapp_v1' + vars: + project_id: 'ae-project' + bucket_name: 'appengine-static-content' + service_name: 'ae-service' + account_id: 'my-account' + test_env_vars: + org_id: 'ORG_ID' + ignore_read_extra: + - 'delete_service_on_destroy' +virtual_fields: + - name: 'noop_on_destroy' + description: | + If set to `true`, the application version will not be deleted. + type: Boolean + default_value: false + - name: 'delete_service_on_destroy' + description: | + If set to `true`, the service will be deleted if it is the last version. + type: Boolean + default_value: false +parameters: + - name: 'service' + type: ResourceRef + description: | + AppEngine service resource + url_param_only: true + required: true + resource: 'Service' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Full path to the Version resource in the API. Example, "v1". + output: true + - name: 'version_id' + type: String + description: | + Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,"default", "latest", and any name with the prefix "ah-". + api_name: id + immutable: true + - name: 'runtime' + type: String + description: | + Desired runtime. Example python27. + required: true + - name: 'serviceAccount' + type: String + description: | + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag. + default_from_api: true + - name: 'threadsafe' + type: Boolean + description: | + Whether multiple requests can be dispatched to this version at once. + ignore_read: true + - name: 'appEngineApis' + type: Boolean + description: | + Allows App Engine second generation runtimes to access the legacy bundled services. + - name: 'runtimeApiVersion' + type: String + description: | + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at `https://cloud.google.com/appengine/docs/standard//config/appref`\ + Substitute `` with `python`, `java`, `php`, `ruby`, `go` or `nodejs`. + - name: 'handlers' + type: Array + description: | + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'urlRegex' + type: String + description: | + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + - name: 'securityLevel' + type: Enum + description: | + Security (HTTPS) enforcement for this URL. + required: false + enum_values: + - 'SECURE_DEFAULT' + - 'SECURE_NEVER' + - 'SECURE_OPTIONAL' + - 'SECURE_ALWAYS' + - name: 'login' + type: Enum + description: | + Methods to restrict access to a URL based on login status. + required: false + enum_values: + - 'LOGIN_OPTIONAL' + - 'LOGIN_ADMIN' + - 'LOGIN_REQUIRED' + - name: 'authFailAction' + type: Enum + description: | + Actions to take when the user is not logged in. + required: false + enum_values: + - 'AUTH_FAIL_ACTION_REDIRECT' + - 'AUTH_FAIL_ACTION_UNAUTHORIZED' + - name: 'redirectHttpResponseCode' + type: Enum + description: | + 30x code to use when performing redirects for the secure field. + required: false + enum_values: + - 'REDIRECT_HTTP_RESPONSE_CODE_301' + - 'REDIRECT_HTTP_RESPONSE_CODE_302' + - 'REDIRECT_HTTP_RESPONSE_CODE_303' + - 'REDIRECT_HTTP_RESPONSE_CODE_307' + - name: 'script' + type: NestedObject + description: | + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + - name: 'scriptPath' + type: String + description: | + Path to the script from the application root directory. + required: true + - name: 'staticFiles' + type: NestedObject + description: | + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + - name: 'path' + type: String + description: | + Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern. + - name: 'uploadPathRegex' + type: String + description: | + Regular expression that matches the file paths for all files that should be referenced by this handler. + - name: 'httpHeaders' + type: KeyValuePairs + description: | + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + - name: 'mimeType' + type: String + description: | + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + - name: 'expiration' + type: String + description: | + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + - name: 'requireMatchingFile' + type: Boolean + description: | + Whether this handler should match the request if the file referenced by the handler does not exist. + - name: 'applicationReadable' + type: Boolean + description: | + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + - name: 'libraries' + type: Array + description: | + Configuration for third-party Python runtime libraries that are required by the application. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the library. Example "django". + - name: 'version' + type: String + description: | + Version of the library to select, or "latest". + - name: 'envVariables' + type: KeyValuePairs + description: | + Environment variables available to the application. + ignore_read: true + - name: 'deployment' + type: NestedObject + description: | + Code and application artifacts that make up this version. + required: true + ignore_read: true + properties: + - name: 'zip' + type: NestedObject + description: 'Zip File' + required: false + at_least_one_of: + - 'deployment.0.zip' + - 'deployment.0.files' + properties: + - name: 'sourceUrl' + type: String + description: 'Source URL' + required: true + - name: 'filesCount' + type: Integer + description: 'files count' + required: false + - name: 'files' + type: Map + description: | + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + required: false + at_least_one_of: + - 'deployment.0.zip' + - 'deployment.0.files' + key_name: 'name' + key_description: | + name of file + value_type: + type: NestedObject + properties: + - name: 'sha1Sum' + type: String + description: | + SHA1 checksum of the file + - name: 'sourceUrl' + type: String + description: | + Source URL + required: true + - name: 'entrypoint' + type: NestedObject + description: | + The entrypoint for the application. + required: true + ignore_read: true + properties: + - name: 'shell' + type: String + description: | + The format should be a shell command that can be fed to bash -c. + required: true + - name: 'vpcAccessConnector' + type: NestedObject + description: | + Enables VPC connectivity for standard apps. + properties: + - name: 'name' + type: String + description: | + Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + required: true + - name: 'egressSetting' + type: String + description: | + The egress setting for the connector, controlling what traffic is diverted through it. + - name: 'inboundServices' + type: Array + description: | + A list of the types of messages that this application is able to receive. + is_set: true + item_type: + type: Enum + description: | + One type of message that this application is able to receive. + enum_values: + - 'INBOUND_SERVICE_MAIL' + - 'INBOUND_SERVICE_MAIL_BOUNCE' + - 'INBOUND_SERVICE_XMPP_ERROR' + - 'INBOUND_SERVICE_XMPP_MESSAGE' + - 'INBOUND_SERVICE_XMPP_SUBSCRIBE' + - 'INBOUND_SERVICE_XMPP_PRESENCE' + - 'INBOUND_SERVICE_CHANNEL_PRESENCE' + - 'INBOUND_SERVICE_WARMUP' + - name: 'instanceClass' + type: String + description: | + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + default_from_api: true + - name: 'automaticScaling' + type: NestedObject + description: | + Automatic scaling is based on request rate, response latencies, and other application metrics. + conflicts: + - basic_scaling + - manual_scaling + custom_flatten: 'templates/terraform/custom_flatten/go/appengine_standardappversion_automatic_scaling_handlenil.go.tmpl' + properties: + - name: 'maxConcurrentRequests' + type: Integer + description: | + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + - name: 'maxIdleInstances' + type: Integer + description: | + Maximum number of idle instances that should be maintained for this version. + - name: 'maxPendingLatency' + type: String + description: | + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - name: 'minIdleInstances' + type: Integer + description: | + Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. + - name: 'minPendingLatency' + type: String + description: | + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - name: 'standardSchedulerSettings' + type: NestedObject + description: | + Scheduler settings for standard environment. + properties: + - name: 'targetCpuUtilization' + type: Double + description: | + Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. + - name: 'targetThroughputUtilization' + type: Double + description: | + Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. + - name: 'minInstances' + type: Integer + description: | + Minimum number of instances to run for this version. Set to zero to disable minInstances configuration. + - name: 'maxInstances' + type: Integer + description: | + Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration. + - name: 'basicScaling' + type: NestedObject + description: | + Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity. + conflicts: + - automatic_scaling + - manual_scaling + properties: + - name: 'idleTimeout' + type: String + description: | + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + default_value: "900s" + - name: 'maxInstances' + type: Integer + description: | + Maximum number of instances to create for this version. Must be in the range [1.0, 200.0]. + required: true + - name: 'manualScaling' + type: NestedObject + description: | + A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. + conflicts: + - automatic_scaling + - basic_scaling + properties: + - name: 'instances' + type: Integer + description: | + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use `lifecycle.ignore_changes = ["manual_scaling"[0].instances]` to prevent drift detection. + +# StandardAppVersion and FlexibleAppVersion use the same API endpoint (apps.services.versions) +# They are split apart as some of the fields will are necessary for one and not the other, and +# other fields may have different defaults. However, some fields are the same. If fixing a bug +# in one, please check the other for the same fix. + required: true diff --git a/mmv1/products/appengine/go_product.yaml b/mmv1/products/appengine/go_product.yaml new file mode 100644 index 000000000000..c8c6d3e2b51d --- /dev/null +++ b/mmv1/products/appengine/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AppEngine' +display_name: 'App Engine' +versions: + - name: 'ga' + base_url: 'https://appengine.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://appengine.googleapis.com/v1beta/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/apphub/Application.yaml b/mmv1/products/apphub/Application.yaml index fbac56d6ba63..1a6d163c6e16 100644 --- a/mmv1/products/apphub/Application.yaml +++ b/mmv1/products/apphub/Application.yaml @@ -21,7 +21,27 @@ import_format: name: Application description: 'Application is a functional grouping of Services and Workloads that helps achieve a desired end-to-end business functionality. Services and Workloads are owned by the Application.' +update_verb: :PATCH +update_mask: true autogen_async: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: name + base_url: "{{op_id}}" + wait_ms: 1000 + timeouts: + result: !ruby/object:Api::OpAsync::Result + path: response + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: done + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: error + message: message examples: - !ruby/object:Provider::Terraform::Examples name: "application_basic" @@ -36,100 +56,116 @@ examples: vars: application_id: "example-application" display_name: "Application Full" - description: "Application for testing" + description: 'Application for testing' business_name: "Alice" business_email: "alice@google.com" developer_name: "Bob" developer_email: "bob@google.com" operator_name: "Charlie" operator_email: "charlie@google.com" +parameters: + - !ruby/object:Api::Type::String + name: location + description: 'Part of `parent`. See documentation of `projectsId`.' + url_param_only: true + required: true + immutable: true + - !ruby/object:Api::Type::String + name: applicationId + description: 'Required. The Application identifier.' + url_param_only: true + required: true + immutable: true properties: - !ruby/object:Api::Type::String name: name output: true - description: "Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\" " + description: "Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"" - !ruby/object:Api::Type::String name: displayName - description: 'Optional. User-defined name for the Application. ' + description: 'Optional. User-defined name for the Application.' - !ruby/object:Api::Type::String name: description - description: 'Optional. User-defined description of an Application. ' + description: 'Optional. User-defined description of an Application.' - !ruby/object:Api::Type::NestedObject + name: attributes + description: 'Consumer provided attributes.' properties: - !ruby/object:Api::Type::NestedObject + name: criticality + description: 'Criticality of the Application, Service, or Workload' properties: - !ruby/object:Api::Type::Enum name: type - description: 'Criticality type. ' + description: 'Criticality type.' required: true values: - :MISSION_CRITICAL - :HIGH - :MEDIUM - :LOW - name: criticality - description: 'Criticality of the Application, Service, or Workload ' - !ruby/object:Api::Type::NestedObject + name: environment + description: 'Environment of the Application, Service, or Workload' properties: - !ruby/object:Api::Type::Enum name: type - description: 'Environment type. ' + description: 'Environment type.' required: true values: - :PRODUCTION - :STAGING - :TEST - :DEVELOPMENT - name: environment - description: 'Environment of the Application, Service, or Workload ' - !ruby/object:Api::Type::Array name: developerOwners + description: 'Optional. Developer team that owns development and coding.' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Optional. Contact''s name. ' + description: 'Optional. Contact''s name.' - !ruby/object:Api::Type::String name: email required: true - description: 'Required. Email address of the contacts. ' - description: 'Optional. Developer team that owns development and coding. ' + description: 'Required. Email address of the contacts.' - !ruby/object:Api::Type::Array name: operatorOwners + description: 'Optional. Operator team that ensures runtime and operations.' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Optional. Contact''s name. ' + description: 'Optional. Contact''s name.' - !ruby/object:Api::Type::String name: email required: true - description: 'Required. Email address of the contacts. ' - description: 'Optional. Operator team that ensures runtime and operations. ' + description: 'Required. Email address of the contacts.' - !ruby/object:Api::Type::Array name: businessOwners + description: 'Optional. Business team that ensures user needs are met and value + is delivered' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Optional. Contact''s name. ' + description: 'Optional. Contact''s name.' - !ruby/object:Api::Type::String name: email required: true - description: 'Required. Email address of the contacts. ' - description: 'Optional. Business team that ensures user needs are met and value - is delivered ' - name: attributes - description: 'Consumer provided attributes. ' + description: 'Required. Email address of the contacts.' - !ruby/object:Api::Type::String name: createTime - description: 'Output only. Create time. ' + description: 'Output only. Create time.' output: true - !ruby/object:Api::Type::String name: updateTime - description: 'Output only. Update time. ' + description: 'Output only. Update time.' output: true - !ruby/object:Api::Type::NestedObject + name: scope + description: 'Scope of an application.' + required: true properties: - !ruby/object:Api::Type::Enum name: type @@ -137,13 +173,10 @@ properties: required: true values: - :REGIONAL - name: scope - description: 'Scope of an application. ' - required: true - !ruby/object:Api::Type::String name: uid description: 'Output only. A universally unique identifier (in UUID4 format) for - the `Application`. ' + the `Application`.' output: true - !ruby/object:Api::Type::Enum name: state @@ -154,36 +187,3 @@ properties: - :CREATING - :ACTIVE - :DELETING -parameters: - - !ruby/object:Api::Type::String - name: location - description: 'Part of `parent`. See documentation of `projectsId`. ' - url_param_only: true - required: true - immutable: true - - !ruby/object:Api::Type::String - name: applicationId - description: 'Required. The Application identifier. ' - url_param_only: true - required: true - immutable: true -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: name - base_url: "{{op_id}}" - wait_ms: 1000 - timeouts: - result: !ruby/object:Api::OpAsync::Result - path: response - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: done - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: error - message: message -update_verb: :PATCH -update_mask: true diff --git a/mmv1/products/apphub/Service.yaml b/mmv1/products/apphub/Service.yaml index 5e4c9257d9e1..8249a4dbae52 100644 --- a/mmv1/products/apphub/Service.yaml +++ b/mmv1/products/apphub/Service.yaml @@ -21,7 +21,27 @@ import_format: name: Service description: 'Service is a network/api interface that exposes some functionality to clients for consumption over the network. Service typically has one or more Workloads behind it. It registers identified service to the Application.' +update_verb: :PATCH +update_mask: true autogen_async: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: name + base_url: "{{op_id}}" + wait_ms: 1000 + timeouts: + result: !ruby/object:Api::OpAsync::Result + path: response + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: done + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: error + message: message examples: - !ruby/object:Provider::Terraform::Examples name: "apphub_service_basic" @@ -46,7 +66,7 @@ examples: application_id: "example-application-1" service_project_attachment_id: "project-1" display_name: "Example Service Full" - description: "Register service for testing" + description: 'Register service for testing' business_name: "Alice" business_email: "alice@google.com" developer_name: "Bob" @@ -61,30 +81,10 @@ examples: test_env_vars: org_id: :ORG_ID billing_account: :BILLING_ACCT -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: name - base_url: "{{op_id}}" - wait_ms: 1000 - timeouts: - result: !ruby/object:Api::OpAsync::Result - path: response - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: done - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: error - message: message -update_verb: :PATCH -update_mask: true parameters: - !ruby/object:Api::Type::String name: location - description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID} ' + description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}' url_param_only: true required: true immutable: true @@ -96,7 +96,7 @@ parameters: immutable: true - !ruby/object:Api::Type::String name: serviceId - description: 'The Service identifier. ' + description: 'The Service identifier.' url_param_only: true required: true immutable: true @@ -104,55 +104,55 @@ properties: - !ruby/object:Api::Type::String name: name output: true - description: "Identifier. The resource name of a Service. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}\" " + description: "Identifier. The resource name of a Service. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}\"" - !ruby/object:Api::Type::String name: displayName - description: 'User-defined name for the Service. ' + description: 'User-defined name for the Service.' - !ruby/object:Api::Type::String name: description - description: 'User-defined description of a Service. ' + description: 'User-defined description of a Service.' - !ruby/object:Api::Type::NestedObject + output: true + name: serviceReference + description: 'Reference to an underlying networking resource that can comprise a + Service.' properties: - !ruby/object:Api::Type::String name: uri description: "Output only. The underlying resource URI (For example, URI of Forwarding - Rule, URL Map,\nand Backend Service). " + Rule, URL Map,\nand Backend Service)." output: true - output: true - name: serviceReference - description: 'Reference to an underlying networking resource that can comprise a - Service. ' - !ruby/object:Api::Type::NestedObject + output: true + name: serviceProperties + description: 'Properties of an underlying cloud resource that can comprise a Service.' properties: - !ruby/object:Api::Type::String name: gcpProject description: "Output only. The service project identifier that the underlying - cloud resource resides in. " + cloud resource resides in." output: true - !ruby/object:Api::Type::String name: location description: "Output only. The location that the underlying resource resides in, - for example, us-west1. " + for example, us-west1." output: true - !ruby/object:Api::Type::String name: zone description: "Output only. The location that the underlying resource resides in - if it is zonal, for example, us-west1-a). " + if it is zonal, for example, us-west1-a)." output: true - output: true - name: serviceProperties - description: 'Properties of an underlying cloud resource that can comprise a Service. ' - !ruby/object:Api::Type::NestedObject name: attributes - description: 'Consumer provided attributes. ' + description: 'Consumer provided attributes.' properties: - !ruby/object:Api::Type::NestedObject name: criticality - description: 'Criticality of the Application, Service, or Workload ' + description: 'Criticality of the Application, Service, or Workload' properties: - !ruby/object:Api::Type::Enum name: type - description: 'Criticality type. ' + description: 'Criticality type.' required: true values: - :MISSION_CRITICAL @@ -161,11 +161,11 @@ properties: - :LOW - !ruby/object:Api::Type::NestedObject name: environment - description: 'Environment of the Application, Service, or Workload ' + description: 'Environment of the Application, Service, or Workload' properties: - !ruby/object:Api::Type::Enum name: type - description: 'Environment type. ' + description: 'Environment type.' required: true values: - :PRODUCTION @@ -174,60 +174,60 @@ properties: - :DEVELOPMENT - !ruby/object:Api::Type::Array name: developerOwners - description: 'Developer team that owns development and coding. ' + description: 'Developer team that owns development and coding.' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Contact''s name. ' + description: 'Contact''s name.' - !ruby/object:Api::Type::String name: email - description: 'Required. Email address of the contacts. ' + description: 'Required. Email address of the contacts.' required: true - !ruby/object:Api::Type::Array name: operatorOwners - description: 'Operator team that ensures runtime and operations. ' + description: 'Operator team that ensures runtime and operations.' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Contact''s name. ' + description: 'Contact''s name.' - !ruby/object:Api::Type::String name: email - description: 'Required. Email address of the contacts. ' + description: 'Required. Email address of the contacts.' required: true - !ruby/object:Api::Type::Array name: businessOwners description: 'Business team that ensures user needs are met and value - is delivered ' + is delivered' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Contact''s name. ' + description: 'Contact''s name.' - !ruby/object:Api::Type::String name: email - description: 'Required. Email address of the contacts. ' + description: 'Required. Email address of the contacts.' required: true - !ruby/object:Api::Type::String name: discoveredService diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' description: 'Immutable. The resource name of the original discovered - service. ' + service.' required: true immutable: true - !ruby/object:Api::Type::String name: createTime - description: 'Output only. Create time. ' + description: 'Output only. Create time.' output: true - !ruby/object:Api::Type::String name: updateTime - description: 'Output only. Update time. ' + description: 'Output only. Update time.' output: true - !ruby/object:Api::Type::String name: uid description: "Output only. A universally unique identifier (UUID) for the `Service` - in the UUID4\nformat. " + in the UUID4\nformat." output: true - !ruby/object:Api::Type::String name: state diff --git a/mmv1/products/apphub/ServiceProjectAttachment.yaml b/mmv1/products/apphub/ServiceProjectAttachment.yaml index 47d16c7745c1..458552f82596 100644 --- a/mmv1/products/apphub/ServiceProjectAttachment.yaml +++ b/mmv1/products/apphub/ServiceProjectAttachment.yaml @@ -24,6 +24,24 @@ description: | Represents a Service project attachment to the Host Project. immutable: true autogen_async: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: name + base_url: "{{op_id}}" + wait_ms: 1000 + timeouts: + result: !ruby/object:Api::OpAsync::Result + path: response + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: done + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: error + message: message custom_code: !ruby/object:Provider::Terraform::CustomCode constants: 'templates/terraform/constants/apphub_service_project.go.erb' examples: @@ -47,12 +65,21 @@ examples: test_env_vars: org_id: :ORG_ID host_project: :PROJECT_NAME +parameters: + - !ruby/object:Api::Type::String + name: serviceProjectAttachmentId + description: "Required. The service project attachment identifier must contain the + project_id of the service project specified in the service_project_attachment.service_project + field. Hint: \"projects/{project_id}\"" + url_param_only: true + required: true + immutable: true properties: - !ruby/object:Api::Type::String name: name output: true description: | - "Identifier. The resource name of a ServiceProjectAttachment. Format:\"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}.\" " + "Identifier. The resource name of a ServiceProjectAttachment. Format:\"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}.\"" - !ruby/object:Api::Type::String name: serviceProject diff_suppress_func: 'ServiceProjectDiffSuppress' @@ -61,15 +88,15 @@ properties: description: | "Immutable. Service project name in the format: \"projects/abc\" or \"projects/123\". As input, project name with either project id or number - are accepted. As output, this field will contain project number. " + are accepted. As output, this field will contain project number." immutable: true - !ruby/object:Api::Type::String name: createTime - description: 'Output only. Create time. ' + description: 'Output only. Create time.' output: true - !ruby/object:Api::Type::String name: uid - description: "Output only. A globally unique identifier (in UUID4 format) for the `ServiceProjectAttachment`. " + description: "Output only. A globally unique identifier (in UUID4 format) for the `ServiceProjectAttachment`." output: true - !ruby/object:Api::Type::Enum name: 'state' @@ -81,30 +108,3 @@ properties: - :CREATING - :ACTIVE - :DELETING -parameters: - - !ruby/object:Api::Type::String - name: serviceProjectAttachmentId - description: "Required. The service project attachment identifier must contain the - project_id of the service project specified in the service_project_attachment.service_project - field. Hint: \"projects/{project_id}\" " - url_param_only: true - required: true - immutable: true -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: name - base_url: "{{op_id}}" - wait_ms: 1000 - timeouts: - result: !ruby/object:Api::OpAsync::Result - path: response - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: done - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: error - message: message diff --git a/mmv1/products/apphub/Workload.yaml b/mmv1/products/apphub/Workload.yaml index 39b3df679306..28ee7b2cb6af 100644 --- a/mmv1/products/apphub/Workload.yaml +++ b/mmv1/products/apphub/Workload.yaml @@ -45,7 +45,7 @@ examples: application_id: "example-application-1" service_project_attachment_id: "project-1" display_name: "Example Service Full" - description: "Register service for testing" + description: 'Register service for testing' business_name: "Alice" business_email: "alice@google.com" developer_name: "Bob" @@ -82,7 +82,7 @@ update_mask: true parameters: - !ruby/object:Api::Type::String name: location - description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID} ' + description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}' url_param_only: true required: true immutable: true @@ -94,7 +94,7 @@ parameters: immutable: true - !ruby/object:Api::Type::String name: workloadId - description: 'The Workload identifier. ' + description: 'The Workload identifier.' url_param_only: true required: true immutable: true @@ -102,59 +102,59 @@ properties: - !ruby/object:Api::Type::String name: name output: true - description: "Identifier. The resource name of the Workload. Format:\"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}\" " + description: "Identifier. The resource name of the Workload. Format:\"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}\"" - !ruby/object:Api::Type::String name: displayName - description: 'User-defined name for the Workload. ' + description: 'User-defined name for the Workload.' - !ruby/object:Api::Type::String name: description - description: 'User-defined description of a Workload. ' + description: 'User-defined description of a Workload.' - !ruby/object:Api::Type::NestedObject + output: true + name: workloadReference + description: 'Reference of an underlying compute resource represented by the Workload.' properties: - !ruby/object:Api::Type::String name: uri - description: 'Output only. The underlying compute resource uri. ' + description: 'Output only. The underlying compute resource uri.' output: true - output: true - name: workloadReference - description: 'Reference of an underlying compute resource represented by the Workload. ' - !ruby/object:Api::Type::NestedObject + output: true + name: workloadProperties + description: 'Properties of an underlying compute resource represented by the Workload.' properties: - !ruby/object:Api::Type::String name: gcpProject description: "Output only. The service project identifier that the underlying - cloud resource resides in. Empty for non cloud resources. " + cloud resource resides in. Empty for non cloud resources." output: true - !ruby/object:Api::Type::String name: location description: "Output only. The location that the underlying compute resource resides - in (e.g us-west1). " + in (e.g us-west1)." output: true - !ruby/object:Api::Type::String name: zone description: "Output only. The location that the underlying compute resource resides - in if it is zonal (e.g us-west1-a). " + in if it is zonal (e.g us-west1-a)." output: true - output: true - name: workloadProperties - description: 'Properties of an underlying compute resource represented by the Workload. ' - !ruby/object:Api::Type::String name: discoveredWorkload diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' - description: 'Immutable. The resource name of the original discovered workload. ' + description: 'Immutable. The resource name of the original discovered workload.' required: true immutable: true - !ruby/object:Api::Type::NestedObject name: attributes - description: 'Consumer provided attributes. ' + description: 'Consumer provided attributes.' properties: - !ruby/object:Api::Type::NestedObject name: criticality - description: 'Criticality of the Application, Service, or Workload ' + description: 'Criticality of the Application, Service, or Workload' properties: - !ruby/object:Api::Type::Enum name: type - description: 'Criticality type. ' + description: 'Criticality type.' required: true values: - :MISSION_CRITICAL @@ -163,11 +163,11 @@ properties: - :LOW - !ruby/object:Api::Type::NestedObject name: environment - description: 'Environment of the Application, Service, or Workload ' + description: 'Environment of the Application, Service, or Workload' properties: - !ruby/object:Api::Type::Enum name: type - description: 'Environment type. ' + description: 'Environment type.' required: true values: - :PRODUCTION @@ -176,51 +176,51 @@ properties: - :DEVELOPMENT - !ruby/object:Api::Type::Array name: developerOwners - description: 'Developer team that owns development and coding. ' + description: 'Developer team that owns development and coding.' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Contact''s name. ' + description: 'Contact''s name.' - !ruby/object:Api::Type::String name: email - description: 'Email address of the contacts. ' + description: 'Email address of the contacts.' required: true - !ruby/object:Api::Type::Array name: operatorOwners - description: 'Operator team that ensures runtime and operations. ' + description: 'Operator team that ensures runtime and operations.' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Contact''s name. ' + description: 'Contact''s name.' - !ruby/object:Api::Type::String name: email - description: 'Email address of the contacts. ' + description: 'Email address of the contacts.' required: true - !ruby/object:Api::Type::Array name: businessOwners - description: 'Business team that ensures user needs are met and value is delivered ' + description: 'Business team that ensures user needs are met and value is delivered' item_type: !ruby/object:Api::Type::NestedObject properties: - !ruby/object:Api::Type::String name: displayName - description: 'Contact''s name. ' + description: 'Contact''s name.' - !ruby/object:Api::Type::String name: email - description: 'Email address of the contacts. ' + description: 'Email address of the contacts.' required: true - !ruby/object:Api::Type::String name: createTime - description: 'Output only. Create time. ' + description: 'Output only. Create time.' output: true - !ruby/object:Api::Type::String name: updateTime - description: 'Output only. Update time. ' + description: 'Output only. Update time.' output: true - !ruby/object:Api::Type::String name: uid - description: "Output only. A universally unique identifier (UUID) for the `Workload` in the UUID4 format. " + description: "Output only. A universally unique identifier (UUID) for the `Workload` in the UUID4 format." output: true - !ruby/object:Api::Type::String name: state diff --git a/mmv1/products/apphub/go_Application.yaml b/mmv1/products/apphub/go_Application.yaml new file mode 100644 index 000000000000..a8536f9ad262 --- /dev/null +++ b/mmv1/products/apphub/go_Application.yaml @@ -0,0 +1,192 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Application' +description: 'Application is a functional grouping of Services and Workloads that helps achieve a desired end-to-end business functionality. + Services and Workloads are owned by the Application.' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/applications' +self_link: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/applications?applicationId={{application_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'application_basic' + config_path: 'templates/terraform/examples/go/apphub_application_basic.tf.tmpl' + primary_resource_id: 'example' + vars: + application_id: 'example-application' + - name: 'application_full' + config_path: 'templates/terraform/examples/go/apphub_application_full.tf.tmpl' + primary_resource_id: 'example2' + vars: + application_id: 'example-application' + display_name: 'Application Full' + description: 'Application for testing' + business_name: 'Alice' + business_email: 'alice@google.com' + developer_name: 'Bob' + developer_email: 'bob@google.com' + operator_name: 'Charlie' + operator_email: 'charlie@google.com' +parameters: + - name: 'location' + type: String + description: 'Part of `parent`. See documentation of `projectsId`.' + url_param_only: true + required: true + immutable: true + - name: 'applicationId' + type: String + description: 'Required. The Application identifier.' + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: "Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"" + output: true + - name: 'displayName' + type: String + description: 'Optional. User-defined name for the Application.' + - name: 'description' + type: String + description: 'Optional. User-defined description of an Application.' + - name: 'attributes' + type: NestedObject + description: 'Consumer provided attributes.' + properties: + - name: 'criticality' + type: NestedObject + description: 'Criticality of the Application, Service, or Workload' + properties: + - name: 'type' + type: Enum + description: 'Criticality type.' + required: true + enum_values: + - 'MISSION_CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'environment' + type: NestedObject + description: 'Environment of the Application, Service, or Workload' + properties: + - name: 'type' + type: Enum + description: 'Environment type.' + required: true + enum_values: + - 'PRODUCTION' + - 'STAGING' + - 'TEST' + - 'DEVELOPMENT' + - name: 'developerOwners' + type: Array + description: 'Optional. Developer team that owns development and coding.' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Optional. Contact''s name.' + - name: 'email' + type: String + description: 'Required. Email address of the contacts.' + required: true + - name: 'operatorOwners' + type: Array + description: 'Optional. Operator team that ensures runtime and operations.' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Optional. Contact''s name.' + - name: 'email' + type: String + description: 'Required. Email address of the contacts.' + required: true + - name: 'businessOwners' + type: Array + description: 'Optional. Business team that ensures user needs are met and value + is delivered' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Optional. Contact''s name.' + - name: 'email' + type: String + description: 'Required. Email address of the contacts.' + required: true + - name: 'createTime' + type: String + description: 'Output only. Create time.' + output: true + - name: 'updateTime' + type: String + description: 'Output only. Update time.' + output: true + - name: 'scope' + type: NestedObject + description: 'Scope of an application.' + required: true + properties: + - name: 'type' + type: Enum + description: "Required. Scope Type. \n Possible values:\nREGIONAL" + required: true + enum_values: + - 'REGIONAL' + - name: 'uid' + type: String + description: 'Output only. A universally unique identifier (in UUID4 format) for + the `Application`.' + output: true + - name: 'state' + type: Enum + description: "Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING" + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'CREATING' + - 'ACTIVE' + - 'DELETING' diff --git a/mmv1/products/apphub/go_Service.yaml b/mmv1/products/apphub/go_Service.yaml new file mode 100644 index 000000000000..4c87d342df09 --- /dev/null +++ b/mmv1/products/apphub/go_Service.yaml @@ -0,0 +1,238 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Service' +description: 'Service is a network/api interface that exposes some functionality to clients for consumption over the network. + Service typically has one or more Workloads behind it. It registers identified service to the Application.' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services' +self_link: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services?serviceId={{service_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'apphub_service_basic' + primary_resource_id: 'example' + vars: + application_id: 'example-application-1' + service_project_attachment_id: 'project-1' + ilb_network: 'l7-ilb-network' + ilb_subnet: 'l7-ilb-subnet' + forwarding_rule: 'l7-ilb-forwarding-rule' + backend_service: 'l7-ilb-backend-subnet' + health_check: 'l7-ilb-hc' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + external_providers: ["random", "time"] + - name: 'apphub_service_full' + primary_resource_id: 'example' + vars: + application_id: 'example-application-1' + service_project_attachment_id: 'project-1' + display_name: 'Example Service Full' + description: 'Register service for testing' + business_name: 'Alice' + business_email: 'alice@google.com' + developer_name: 'Bob' + developer_email: 'bob@google.com' + operator_name: 'Charlie' + operator_email: 'charlie@google.com' + ilb_network: 'l7-ilb-network' + ilb_subnet: 'l7-ilb-subnet' + forwarding_rule: 'l7-ilb-forwarding-rule' + backend_service: 'l7-ilb-backend-subnet' + health_check: 'l7-ilb-hc' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + external_providers: ["random", "time"] +parameters: + - name: 'location' + type: String + description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}' + url_param_only: true + required: true + immutable: true + - name: 'applicationId' + type: String + description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}' + url_param_only: true + required: true + immutable: true + - name: 'serviceId' + type: String + description: 'The Service identifier.' + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: "Identifier. The resource name of a Service. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}\"" + output: true + - name: 'displayName' + type: String + description: 'User-defined name for the Service.' + - name: 'description' + type: String + description: 'User-defined description of a Service.' + - name: 'serviceReference' + type: NestedObject + description: 'Reference to an underlying networking resource that can comprise a + Service.' + output: true + properties: + - name: 'uri' + type: String + description: "Output only. The underlying resource URI (For example, URI of Forwarding + Rule, URL Map,\nand Backend Service)." + output: true + - name: 'serviceProperties' + type: NestedObject + description: 'Properties of an underlying cloud resource that can comprise a Service.' + output: true + properties: + - name: 'gcpProject' + type: String + description: "Output only. The service project identifier that the underlying + cloud resource resides in." + output: true + - name: 'location' + type: String + description: "Output only. The location that the underlying resource resides in, + for example, us-west1." + output: true + - name: 'zone' + type: String + description: "Output only. The location that the underlying resource resides in + if it is zonal, for example, us-west1-a)." + output: true + - name: 'attributes' + type: NestedObject + description: 'Consumer provided attributes.' + properties: + - name: 'criticality' + type: NestedObject + description: 'Criticality of the Application, Service, or Workload' + properties: + - name: 'type' + type: Enum + description: 'Criticality type.' + required: true + enum_values: + - 'MISSION_CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'environment' + type: NestedObject + description: 'Environment of the Application, Service, or Workload' + properties: + - name: 'type' + type: Enum + description: 'Environment type.' + required: true + enum_values: + - 'PRODUCTION' + - 'STAGING' + - 'TEST' + - 'DEVELOPMENT' + - name: 'developerOwners' + type: Array + description: 'Developer team that owns development and coding.' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Contact''s name.' + - name: 'email' + type: String + description: 'Required. Email address of the contacts.' + required: true + - name: 'operatorOwners' + type: Array + description: 'Operator team that ensures runtime and operations.' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Contact''s name.' + - name: 'email' + type: String + description: 'Required. Email address of the contacts.' + required: true + - name: 'businessOwners' + type: Array + description: 'Business team that ensures user needs are met and value + is delivered' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Contact''s name.' + - name: 'email' + type: String + description: 'Required. Email address of the contacts.' + required: true + - name: 'discoveredService' + type: String + description: 'Immutable. The resource name of the original discovered + service.' + required: true + immutable: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'createTime' + type: String + description: 'Output only. Create time.' + output: true + - name: 'updateTime' + type: String + description: 'Output only. Update time.' + output: true + - name: 'uid' + type: String + description: "Output only. A universally unique identifier (UUID) for the `Service` + in the UUID4\nformat." + output: true + - name: 'state' + type: String + description: "Output only. Service state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED" + output: true diff --git a/mmv1/products/apphub/go_ServiceProjectAttachment.yaml b/mmv1/products/apphub/go_ServiceProjectAttachment.yaml new file mode 100644 index 000000000000..7fd1138037e5 --- /dev/null +++ b/mmv1/products/apphub/go_ServiceProjectAttachment.yaml @@ -0,0 +1,108 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceProjectAttachment' +description: | + Represents a Service project attachment to the Host Project. +docs: +id_format: 'projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}' +base_url: 'projects/{{project}}/locations/global/serviceProjectAttachments' +self_link: 'projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}' +create_url: 'projects/{{project}}/locations/global/serviceProjectAttachments?serviceProjectAttachmentId={{service_project_attachment_id}}' +immutable: true +import_format: + - 'projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/apphub_service_project.go.tmpl' +examples: + - name: 'service_project_attachment_basic' + config_path: 'templates/terraform/examples/go/apphub_service_project_attachment_basic.tf.tmpl' + primary_resource_id: 'example' + vars: + service_project_attachment_id: 'project-1' + test_env_vars: + org_id: 'ORG_ID' + host_project: 'PROJECT_NAME' + external_providers: ["random", "time"] + - name: 'service_project_attachment_full' + config_path: 'templates/terraform/examples/go/apphub_service_project_attachment_full.tf.tmpl' + primary_resource_id: 'example2' + vars: + service_project_attachment_id: 'project-1' + test_env_vars: + org_id: 'ORG_ID' + host_project: 'PROJECT_NAME' + external_providers: ["random", "time"] +parameters: + - name: 'serviceProjectAttachmentId' + type: String + description: "Required. The service project attachment identifier must contain the + project_id of the service project specified in the service_project_attachment.service_project + field. Hint: \"projects/{project_id}\"" + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + "Identifier. The resource name of a ServiceProjectAttachment. Format:\"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}.\"" + output: true + - name: 'serviceProject' + type: String + description: | + "Immutable. Service project name in the format: \"projects/abc\" + or \"projects/123\". As input, project name with either project id or number + are accepted. As output, this field will contain project number." + immutable: true + diff_suppress_func: 'ServiceProjectDiffSuppress' + custom_flatten: 'templates/terraform/custom_flatten/go/apphub_service_project.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/apphub_service_project.go.tmpl' + - name: 'createTime' + type: String + description: 'Output only. Create time.' + output: true + - name: 'uid' + type: String + description: "Output only. A globally unique identifier (in UUID4 format) for the `ServiceProjectAttachment`." + output: true + - name: 'state' + type: Enum + description: | + ServiceProjectAttachment state. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'CREATING' + - 'ACTIVE' + - 'DELETING' diff --git a/mmv1/products/apphub/go_Workload.yaml b/mmv1/products/apphub/go_Workload.yaml new file mode 100644 index 000000000000..c7038b28cfa2 --- /dev/null +++ b/mmv1/products/apphub/go_Workload.yaml @@ -0,0 +1,231 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Workload' +description: 'Workload represents a binary deployment (such as Managed Instance Groups (MIGs), GKE deployments, etc.) that performs the smallest logical subset of business functionality. + It registers identified workload to the Application.' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/workloads/{{workload_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/workloads' +self_link: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/workloads/{{workload_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/workloads?workloadId={{workload_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/applications/{{application_id}}/workloads/{{workload_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'apphub_workload_basic' + primary_resource_id: 'example' + vars: + application_id: 'example-application-1' + service_project_attachment_id: 'project-1' + ilb_network: 'l7-ilb-network' + ilb_subnet: 'l7-ilb-subnet' + instance_template: 'l7-ilb-mig-template' + mig: 'l7-ilb-mig1' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + external_providers: ["random", "time"] + - name: 'apphub_workload_full' + primary_resource_id: 'example' + vars: + application_id: 'example-application-1' + service_project_attachment_id: 'project-1' + display_name: 'Example Service Full' + description: 'Register service for testing' + business_name: 'Alice' + business_email: 'alice@google.com' + developer_name: 'Bob' + developer_email: 'bob@google.com' + operator_name: 'Charlie' + operator_email: 'charlie@google.com' + ilb_network: 'l7-ilb-network' + ilb_subnet: 'l7-ilb-subnet' + instance_template: 'l7-ilb-mig-template' + mig: 'l7-ilb-mig1' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + external_providers: ["random", "time"] +parameters: + - name: 'location' + type: String + description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}' + url_param_only: true + required: true + immutable: true + - name: 'applicationId' + type: String + description: 'Part of `parent`. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}' + url_param_only: true + required: true + immutable: true + - name: 'workloadId' + type: String + description: 'The Workload identifier.' + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: "Identifier. The resource name of the Workload. Format:\"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}\"" + output: true + - name: 'displayName' + type: String + description: 'User-defined name for the Workload.' + - name: 'description' + type: String + description: 'User-defined description of a Workload.' + - name: 'workloadReference' + type: NestedObject + description: 'Reference of an underlying compute resource represented by the Workload.' + output: true + properties: + - name: 'uri' + type: String + description: 'Output only. The underlying compute resource uri.' + output: true + - name: 'workloadProperties' + type: NestedObject + description: 'Properties of an underlying compute resource represented by the Workload.' + output: true + properties: + - name: 'gcpProject' + type: String + description: "Output only. The service project identifier that the underlying + cloud resource resides in. Empty for non cloud resources." + output: true + - name: 'location' + type: String + description: "Output only. The location that the underlying compute resource resides + in (e.g us-west1)." + output: true + - name: 'zone' + type: String + description: "Output only. The location that the underlying compute resource resides + in if it is zonal (e.g us-west1-a)." + output: true + - name: 'discoveredWorkload' + type: String + description: 'Immutable. The resource name of the original discovered workload.' + required: true + immutable: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'attributes' + type: NestedObject + description: 'Consumer provided attributes.' + properties: + - name: 'criticality' + type: NestedObject + description: 'Criticality of the Application, Service, or Workload' + properties: + - name: 'type' + type: Enum + description: 'Criticality type.' + required: true + enum_values: + - 'MISSION_CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'environment' + type: NestedObject + description: 'Environment of the Application, Service, or Workload' + properties: + - name: 'type' + type: Enum + description: 'Environment type.' + required: true + enum_values: + - 'PRODUCTION' + - 'STAGING' + - 'TEST' + - 'DEVELOPMENT' + - name: 'developerOwners' + type: Array + description: 'Developer team that owns development and coding.' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Contact''s name.' + - name: 'email' + type: String + description: 'Email address of the contacts.' + required: true + - name: 'operatorOwners' + type: Array + description: 'Operator team that ensures runtime and operations.' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Contact''s name.' + - name: 'email' + type: String + description: 'Email address of the contacts.' + required: true + - name: 'businessOwners' + type: Array + description: 'Business team that ensures user needs are met and value is delivered' + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: 'Contact''s name.' + - name: 'email' + type: String + description: 'Email address of the contacts.' + required: true + - name: 'createTime' + type: String + description: 'Output only. Create time.' + output: true + - name: 'updateTime' + type: String + description: 'Output only. Update time.' + output: true + - name: 'uid' + type: String + description: "Output only. A universally unique identifier (UUID) for the `Workload` in the UUID4 format." + output: true + - name: 'state' + type: String + description: "Output only. Workload state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED" + output: true diff --git a/mmv1/products/apphub/go_product.yaml b/mmv1/products/apphub/go_product.yaml new file mode 100644 index 000000000000..ce83ca90e290 --- /dev/null +++ b/mmv1/products/apphub/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Apphub' +display_name: 'App Hub' +versions: + - name: 'ga' + base_url: 'https://apphub.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/artifactregistry/Repository.yaml b/mmv1/products/artifactregistry/Repository.yaml index 5823b5f4a1c2..1ffd201923a8 100644 --- a/mmv1/products/artifactregistry/Repository.yaml +++ b/mmv1/products/artifactregistry/Repository.yaml @@ -92,7 +92,7 @@ examples: name: 'artifact_registry_repository_remote_yum' primary_resource_id: 'my-repo' vars: - repository_id: 'centos-8' + repository_id: 'rocky-9' description: 'example remote yum repository' - !ruby/object:Provider::Terraform::Examples name: 'artifact_registry_repository_cleanup' @@ -622,7 +622,7 @@ properties: name: 'repositoryPath' required: true description: |- - Specific repository from the base, e.g. `"centos/8-stream/BaseOS/x86_64/os"` + Specific repository from the base, e.g. `"pub/rocky/9/BaseOS/x86_64/os"` immutable: true - !ruby/object:Api::Type::NestedObject name: 'upstreamCredentials' diff --git a/mmv1/products/artifactregistry/go_Repository.yaml b/mmv1/products/artifactregistry/go_Repository.yaml new file mode 100644 index 000000000000..92eb331afea0 --- /dev/null +++ b/mmv1/products/artifactregistry/go_Repository.yaml @@ -0,0 +1,653 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Repository' +description: A repository for storing artifacts +references: + guides: + 'Official Documentation': 'https://cloud.google.com/artifact-registry/docs/overview' + api: 'https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/repositories' +self_link: 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/repositories?repository_id={{repository_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}' + - '{{repository_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + allowed_iam_role: 'roles/artifactregistry.reader' + parent_resource_attribute: 'repository' + base_url: 'projects/{{project}}/locations/{{location}}/repositories/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + self_link: 'projects/{{project}}/locations/{{location}}/repositories/{{name}}' + import_format: + - 'projects/{{project}}/locations/{{location}}/repositories/{{repository}}' + - '{{repository}}' +custom_code: + constants: 'templates/terraform/constants/go/artifact_registry_repository.go.tmpl' + encoder: 'templates/terraform/encoders/go/location_from_region.go.tmpl' + pre_create: 'templates/terraform/pre_create/go/artifact_registry_remote_repository.go.tmpl' +examples: + - name: 'artifact_registry_repository_basic' + primary_resource_id: 'my-repo' + primary_resource_name: 'fmt.Sprintf("tf-test-my-repository%s", context["random_suffix"])' + vars: + repository_id: 'my-repository' + description: 'example docker repository' + - name: 'artifact_registry_repository_docker' + primary_resource_id: 'my-repo' + vars: + repository_id: 'my-repository' + description: 'example docker repository' + - name: 'artifact_registry_repository_cmek' + primary_resource_id: 'my-repo' + vars: + repository_id: 'my-repository' + kms_key_name: 'kms-key' + test_vars_overrides: + 'kms_key_name': 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + - name: 'artifact_registry_repository_virtual' + primary_resource_id: 'my-repo' + vars: + repository_id: 'my-repository' + description: 'example virtual docker repository' + upstream_repository_id: 'my-repository-upstream' + upstream_description: 'example docker repository (upstream source)' + upstream_policy_id: 'my-repository-upstream' + - name: 'artifact_registry_repository_remote' + primary_resource_id: 'my-repo' + vars: + repository_id: 'my-repository' + description: 'example remote docker repository' + - name: 'artifact_registry_repository_remote_apt' + primary_resource_id: 'my-repo' + vars: + repository_id: 'debian-buster' + description: 'example remote apt repository' + - name: 'artifact_registry_repository_remote_yum' + primary_resource_id: 'my-repo' + vars: + repository_id: 'rocky-9' + description: 'example remote yum repository' + - name: 'artifact_registry_repository_cleanup' + primary_resource_id: 'my-repo' + vars: + repository_id: 'my-repository' + description: 'example docker repository with cleanup policies' + - name: 'artifact_registry_repository_remote_dockerhub_auth' + primary_resource_id: 'my-repo' + vars: + repository_id: 'example-dockerhub-remote' + description: 'example remote dockerhub repository with credentials' + secret_id: 'example-secret' + secret_resource_id: 'example-remote-secret' + username: 'remote-username' + secret_data: 'remote-password' + ignore_read_extra: + - 'remote_repository_config.0.disable_upstream_validation' + - name: 'artifact_registry_repository_remote_docker_custom_with_auth' + primary_resource_id: 'my-repo' + vars: + repository_id: 'example-docker-custom-remote' + description: 'example remote custom docker repository with credentials' + secret_id: 'example-secret' + secret_resource_id: 'example-remote-secret' + username: 'remote-username' + secret_data: 'remote-password' + ignore_read_extra: + - 'remote_repository_config.0.disable_upstream_validation' + - name: 'artifact_registry_repository_remote_maven_custom_with_auth' + primary_resource_id: 'my-repo' + vars: + repository_id: 'example-maven-custom-remote' + description: 'example remote custom maven repository with credentials' + secret_id: 'example-secret' + secret_resource_id: 'example-remote-secret' + username: 'remote-username' + secret_data: 'remote-password' + ignore_read_extra: + - 'remote_repository_config.0.disable_upstream_validation' + - name: 'artifact_registry_repository_remote_npm_custom_with_auth' + primary_resource_id: 'my-repo' + vars: + repository_id: 'example-npm-custom-remote' + description: 'example remote custom npm repository with credentials' + secret_id: 'example-secret' + secret_resource_id: 'example-remote-secret' + username: 'remote-username' + secret_data: 'remote-password' + ignore_read_extra: + - 'remote_repository_config.0.disable_upstream_validation' + - name: 'artifact_registry_repository_remote_python_custom_with_auth' + primary_resource_id: 'my-repo' + vars: + repository_id: 'example-python-custom-remote' + description: 'example remote custom python repository with credentials' + secret_id: 'example-secret' + secret_resource_id: 'example-remote-secret' + username: 'remote-username' + secret_data: 'remote-password' + ignore_read_extra: + - 'remote_repository_config.0.disable_upstream_validation' +parameters: +properties: + - name: 'name' + type: String + description: |- + The name of the repository, for example: + "repo1" + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'repository_id' + type: String + description: |- + The last part of the repository name, for example: + "repo1" + url_param_only: true + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'location' + type: String + description: | + The name of the location this repository is located in. + url_param_only: true + required: false + immutable: true + default_from_api: true + - name: 'format' + type: String + description: |- + The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + required: true + immutable: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + - name: 'description' + type: String + description: |- + The user-provided description of the repository. + - name: 'labels' + type: KeyValueLabels + description: | + Labels with user-defined metadata. + This field may contain up to 64 entries. Label keys and values may be no + longer than 63 characters. Label keys must begin with a lowercase letter + and may only contain lowercase letters, numeric characters, underscores, + and dashes. + immutable: false + - name: 'kmsKeyName' + type: String + description: |- + The Cloud KMS resource name of the customer managed encryption key that’s + used to encrypt the contents of the Repository. Has the form: + `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. + This value may not be changed after the Repository has been created. + immutable: true + - name: 'createTime' + type: Time + description: The time when the repository was created. + output: true + - name: 'updateTime' + type: Time + description: The time when the repository was last updated. + output: true + - name: 'dockerConfig' + type: NestedObject + description: |- + Docker repository config contains repository level configuration for the repositories of docker type. + allow_empty_object: true + properties: + - name: 'immutableTags' + type: Boolean + description: |- + The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created. + - name: 'mavenConfig' + type: NestedObject + description: |- + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + allow_empty_object: true + properties: + - name: 'allowSnapshotOverwrites' + type: Boolean + description: |- + The repository with this flag will allow publishing the same + snapshot versions. + immutable: true + - name: 'versionPolicy' + type: Enum + description: |- + Version policy defines the versions that the registry will accept. + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "VERSION_POLICY_UNSPECIFIED" + enum_values: + - 'VERSION_POLICY_UNSPECIFIED' + - 'RELEASE' + - 'SNAPSHOT' + - name: 'mode' + type: Enum + description: |- + The mode configures the repository to serve artifacts from different sources. + immutable: true + default_value: "STANDARD_REPOSITORY" + enum_values: + - 'STANDARD_REPOSITORY' + - 'VIRTUAL_REPOSITORY' + - 'REMOTE_REPOSITORY' + - name: 'virtualRepositoryConfig' + type: NestedObject + description: |- + Configuration specific for a Virtual Repository. + conflicts: + - remote_repository_config + properties: + - name: 'upstreamPolicies' + type: Array + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + diff_suppress_func: 'upstreamPoliciesDiffSuppress' + item_type: + type: NestedObject + properties: + - name: 'id' + type: String + description: |- + The user-provided ID of the upstream policy. + - name: 'repository' + type: String + description: | + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repository/repo1". + - name: 'priority' + type: Integer + description: |- + Entries with a greater priority value take precedence in the pull order. + - name: 'cleanupPolicies' + type: Map + description: |- + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + key_name: 'id' + key_description: |- + The policy ID. Must be unique within a repository. + value_type: + type: NestedObject + properties: + - name: 'action' + type: Enum + description: |- + Policy action. + enum_values: + - 'DELETE' + - 'KEEP' + - name: 'condition' + type: NestedObject + description: |- + Policy condition for matching versions. + # TODO (jrsb): exactly_one_of: condition, mostRecentVersions + properties: + - name: 'tagState' + type: Enum + description: |- + Match versions by tag status. + default_value: "ANY" + enum_values: + - 'TAGGED' + - 'UNTAGGED' + - 'ANY' + - name: 'tagPrefixes' + type: Array + description: |- + Match versions by tag prefix. Applied on any prefix match. + item_type: + type: String + - name: 'versionNamePrefixes' + type: Array + description: |- + Match versions by version name prefix. Applied on any prefix match. + item_type: + type: String + - name: 'packageNamePrefixes' + type: Array + description: |- + Match versions by package prefix. Applied on any prefix match. + item_type: + type: String + - name: 'olderThan' + type: String + description: |- + Match versions older than a duration. + diff_suppress_func: 'tpgresource.DurationDiffSuppress' + - name: 'newerThan' + type: String + description: |- + Match versions newer than a duration. + diff_suppress_func: 'tpgresource.DurationDiffSuppress' + - name: 'mostRecentVersions' + type: NestedObject + description: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + # TODO (jrsb): exactly_one_of: condition, mostRecentVersions + properties: + - name: 'packageNamePrefixes' + type: Array + description: |- + Match versions by package prefix. Applied on any prefix match. + item_type: + type: String + - name: 'keepCount' + type: Integer + description: |- + Minimum number of versions to keep. + - name: 'remoteRepositoryConfig' + type: NestedObject + description: |- + Configuration specific for a Remote Repository. + immutable: true + conflicts: + - virtual_repository_config + properties: + - name: 'description' + type: String + description: |- + The description of the remote source. + immutable: true + - name: 'aptRepository' + type: NestedObject + description: |- + Specific settings for an Apt remote repository. + immutable: true + exactly_one_of: + - 'remoteRepositoryConfig.0.apt_repository' + - 'remoteRepositoryConfig.0.docker_repository' + - 'remoteRepositoryConfig.0.maven_repository' + - 'remoteRepositoryConfig.0.npm_repository' + - 'remoteRepositoryConfig.0.python_repository' + - 'remoteRepositoryConfig.0.yum_repository' + properties: + - name: 'publicRepository' + type: NestedObject + description: |- + One of the publicly available Apt repositories supported by Artifact Registry. + immutable: true + properties: + - name: 'repositoryBase' + type: Enum + description: |- + A common public repository base for Apt, e.g. `"debian/dists/buster"` + required: true + immutable: true + enum_values: + - 'DEBIAN' + - 'UBUNTU' + - name: 'repositoryPath' + type: String + description: |- + Specific repository from the base. + required: true + immutable: true + - name: 'dockerRepository' + type: NestedObject + description: |- + Specific settings for a Docker remote repository. + immutable: true + exactly_one_of: + - 'remoteRepositoryConfig.0.apt_repository' + - 'remoteRepositoryConfig.0.docker_repository' + - 'remoteRepositoryConfig.0.maven_repository' + - 'remoteRepositoryConfig.0.npm_repository' + - 'remoteRepositoryConfig.0.python_repository' + - 'remoteRepositoryConfig.0.yum_repository' + properties: + - name: 'publicRepository' + type: Enum + description: |- + Address of the remote repository. + immutable: true + conflicts: + - remoteRepositoryConfig.0.docker_repository.0.custom_repository + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "DOCKER_HUB" + enum_values: + - 'DOCKER_HUB' + - name: 'customRepository' + type: NestedObject + description: |- + Settings for a remote repository with a custom uri. + immutable: true + conflicts: + - remoteRepositoryConfig.0.docker_repository.0.public_repository + properties: + - name: 'uri' + type: String + description: |- + Specific uri to the registry, e.g. `"https://registry-1.docker.io"` + immutable: true + - name: 'mavenRepository' + type: NestedObject + description: |- + Specific settings for a Maven remote repository. + immutable: true + exactly_one_of: + - 'remoteRepositoryConfig.0.apt_repository' + - 'remoteRepositoryConfig.0.docker_repository' + - 'remoteRepositoryConfig.0.maven_repository' + - 'remoteRepositoryConfig.0.npm_repository' + - 'remoteRepositoryConfig.0.python_repository' + - 'remoteRepositoryConfig.0.yum_repository' + properties: + - name: 'publicRepository' + type: Enum + description: |- + Address of the remote repository. + immutable: true + conflicts: + - remoteRepositoryConfig.0.maven_repository.0.custom_repository + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "MAVEN_CENTRAL" + enum_values: + - 'MAVEN_CENTRAL' + - name: 'customRepository' + type: NestedObject + description: |- + Settings for a remote repository with a custom uri. + immutable: true + conflicts: + - remoteRepositoryConfig.0.maven_repository.0.public_repository + properties: + - name: 'uri' + type: String + description: |- + Specific uri to the registry, e.g. `"https://repo.maven.apache.org/maven2"` + immutable: true + - name: 'npmRepository' + type: NestedObject + description: |- + Specific settings for an Npm remote repository. + immutable: true + exactly_one_of: + - 'remoteRepositoryConfig.0.apt_repository' + - 'remoteRepositoryConfig.0.docker_repository' + - 'remoteRepositoryConfig.0.maven_repository' + - 'remoteRepositoryConfig.0.npm_repository' + - 'remoteRepositoryConfig.0.python_repository' + - 'remoteRepositoryConfig.0.yum_repository' + properties: + - name: 'publicRepository' + type: Enum + description: |- + Address of the remote repository. + immutable: true + conflicts: + - remoteRepositoryConfig.0.npm_repository.0.custom_repository + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "NPMJS" + enum_values: + - 'NPMJS' + - name: 'customRepository' + type: NestedObject + description: |- + Settings for a remote repository with a custom uri. + immutable: true + conflicts: + - remoteRepositoryConfig.0.npm_repository.0.public_repository + properties: + - name: 'uri' + type: String + description: |- + Specific uri to the registry, e.g. `"https://registry.npmjs.org"` + immutable: true + - name: 'pythonRepository' + type: NestedObject + description: |- + Specific settings for a Python remote repository. + immutable: true + exactly_one_of: + - 'remoteRepositoryConfig.0.apt_repository' + - 'remoteRepositoryConfig.0.docker_repository' + - 'remoteRepositoryConfig.0.maven_repository' + - 'remoteRepositoryConfig.0.npm_repository' + - 'remoteRepositoryConfig.0.python_repository' + - 'remoteRepositoryConfig.0.yum_repository' + properties: + - name: 'publicRepository' + type: Enum + description: |- + Address of the remote repository. + immutable: true + conflicts: + - remoteRepositoryConfig.0.python_repository.0.custom_repository + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "PYPI" + enum_values: + - 'PYPI' + - name: 'customRepository' + type: NestedObject + description: |- + Settings for a remote repository with a custom uri. + immutable: true + conflicts: + - remoteRepositoryConfig.0.python_repository.0.public_repository + properties: + - name: 'uri' + type: String + description: |- + Specific uri to the registry, e.g. `"https://pypi.io"` + immutable: true + - name: 'yumRepository' + type: NestedObject + description: |- + Specific settings for an Yum remote repository. + immutable: true + exactly_one_of: + - 'remoteRepositoryConfig.0.apt_repository' + - 'remoteRepositoryConfig.0.docker_repository' + - 'remoteRepositoryConfig.0.maven_repository' + - 'remoteRepositoryConfig.0.npm_repository' + - 'remoteRepositoryConfig.0.python_repository' + - 'remoteRepositoryConfig.0.yum_repository' + properties: + - name: 'publicRepository' + type: NestedObject + description: |- + One of the publicly available Yum repositories supported by Artifact Registry. + immutable: true + properties: + - name: 'repositoryBase' + type: Enum + description: |- + A common public repository base for Yum. + required: true + immutable: true + enum_values: + - 'CENTOS' + - 'CENTOS_DEBUG' + - 'CENTOS_VAULT' + - 'CENTOS_STREAM' + - 'ROCKY' + - 'EPEL' + - name: 'repositoryPath' + type: String + description: |- + Specific repository from the base, e.g. `"pub/rocky/9/BaseOS/x86_64/os"` + required: true + immutable: true + - name: 'upstreamCredentials' + type: NestedObject + description: |- + The credentials used to access the remote repository. + immutable: true + properties: + - name: 'usernamePasswordCredentials' + type: NestedObject + description: |- + Use username and password to access the remote repository. + immutable: true + properties: + - name: 'username' + type: String + description: |- + The username to access the remote repository. + immutable: true + - name: 'passwordSecretVersion' + type: String + description: |- + The Secret Manager key version that holds the password to access the + remote repository. Must be in the format of + `projects/{project}/secrets/{secret}/versions/{version}`. + immutable: true + - name: 'disableUpstreamValidation' + type: Boolean + description: |- + If true, the remote repository upstream and upstream credentials will + not be validated. + custom_flatten: 'templates/terraform/custom_flatten/go/artifactregistry_rr_disable_upstream_validation.go.tmpl' + - name: 'cleanupPolicyDryRun' + type: Boolean + description: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. diff --git a/mmv1/products/artifactregistry/go_VPCSCConfig.yaml b/mmv1/products/artifactregistry/go_VPCSCConfig.yaml new file mode 100644 index 000000000000..d8194b024be1 --- /dev/null +++ b/mmv1/products/artifactregistry/go_VPCSCConfig.yaml @@ -0,0 +1,77 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'VPCSCConfig' +description: |- + The Artifact Registry VPC SC config that applies to a Project. +min_version: 'beta' +references: + guides: + api: 'https://cloud.google.com/artifact-registry/docs/reference/rest/v1/VPCSCConfig' +docs: + note: |- + VPC SC configs are automatically created for a given location. Creating a + resource of this type will acquire and update the resource that already + exists at the location. Deleting this resource will remove the config from + your Terraform state but leave the resource as is. +base_url: 'projects/{{project}}/locations/{{location}}/vpcscConfig' +self_link: 'projects/{{project}}/locations/{{location}}/vpcscConfig' +create_url: 'projects/{{project}}/locations/{{location}}/vpcscConfig' +create_verb: 'PATCH' +update_verb: 'PATCH' +skip_delete: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: [''] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false +custom_code: + encoder: 'templates/terraform/encoders/go/location_from_region.go.tmpl' +examples: + - name: 'artifact_registry_vpcsc_config' + primary_resource_id: 'my-config' + skip_test: true +parameters: + - name: 'location' + type: String + description: | + The name of the location this config is located in. + min_version: 'beta' + url_param_only: true + required: false + immutable: true + default_from_api: true + - name: 'name' + type: String + description: |- + The name of the project's VPC SC Config. + Always of the form: projects/{project}/location/{location}/vpcscConfig + min_version: 'beta' + output: true +properties: + - name: 'vpcscPolicy' + type: Enum + description: |- + The VPC SC policy for project and location. + min_version: 'beta' + enum_values: + - 'DENY' + - 'ALLOW' diff --git a/mmv1/products/artifactregistry/go_product.yaml b/mmv1/products/artifactregistry/go_product.yaml new file mode 100644 index 000000000000..7e2842eb9ec3 --- /dev/null +++ b/mmv1/products/artifactregistry/go_product.yaml @@ -0,0 +1,36 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ArtifactRegistry' +display_name: 'Artifact Registry' +versions: + - name: 'beta' + base_url: 'https://artifactregistry.googleapis.com/v1/' + - name: 'ga' + base_url: 'https://artifactregistry.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' +async: + type: "OpAsync" + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' diff --git a/mmv1/products/backupdr/go_ManagementServer.yaml b/mmv1/products/backupdr/go_ManagementServer.yaml new file mode 100644 index 000000000000..71b4420f9ed1 --- /dev/null +++ b/mmv1/products/backupdr/go_ManagementServer.yaml @@ -0,0 +1,131 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ManagementServer' +description: A Backup and DR Management Server (Also referred as Management Console) +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/backup-disaster-recovery/docs' + api: 'https://cloud.google.com/backup-disaster-recovery/docs/deployment/deployment-plan' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/managementServers' +self_link: 'projects/{{project}}/locations/{{location}}/managementServers/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/managementServers/?management_server_id={{name}}' +delete_url: 'projects/{{project}}/locations/{{location}}/managementServers/{{name}}' +immutable: true +timeouts: + insert_minutes: 40 + update_minutes: 20 + delete_minutes: 40 +autogen_async: true +async: + actions: ['create', 'delete'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'backup_dr_management_server' + primary_resource_id: 'ms-console' + min_version: 'beta' + vars: + network_name: 'vpc-network' + managementserver_name: 'ms-console' + test_env_vars: + project: 'PROJECT_NAME' + skip_test: true +parameters: + - name: 'location' + type: String + description: | + The location for the management server (management console) + min_version: 'beta' + url_param_only: true + required: true + - name: 'name' + type: String + description: |- + The name of management server (management console) + min_version: 'beta' + url_param_only: true + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' +properties: + - name: 'type' + type: Enum + description: | + The type of management server (management console). + min_version: 'beta' + default_value: "BACKUP_RESTORE" + enum_values: + - 'BACKUP_RESTORE' + - name: 'networks' + type: Array + description: | + Network details to create management server (management console). + min_version: 'beta' + required: true + item_type: + type: NestedObject + properties: + - name: 'network' + type: String + description: | + Network with format `projects/{{project_id}}/global/networks/{{network_id}}` + min_version: 'beta' + required: true + - name: 'peeringMode' + type: Enum + description: | + Type of Network peeringMode + min_version: 'beta' + default_value: "PRIVATE_SERVICE_ACCESS" + enum_values: + - 'PRIVATE_SERVICE_ACCESS' + - name: 'oauth2ClientId' + type: String + description: | + The oauth2ClientId of management console. + min_version: 'beta' + output: true + - name: 'managementUri' + type: NestedObject + description: |- + The management console URI + min_version: 'beta' + output: true + properties: + - name: 'webUi' + type: String + description: |- + The management console webUi. + min_version: 'beta' + output: true + - name: 'api' + type: String + description: |- + The management console api endpoint. + min_version: 'beta' + output: true diff --git a/mmv1/products/backupdr/go_product.yaml b/mmv1/products/backupdr/go_product.yaml new file mode 100644 index 000000000000..5a35bae35181 --- /dev/null +++ b/mmv1/products/backupdr/go_product.yaml @@ -0,0 +1,34 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BackupDR' +display_name: 'Backup and DR' +versions: + - name: 'beta' + base_url: 'https://backupdr.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' +async: + type: "OpAsync" + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' diff --git a/mmv1/products/beyondcorp/AppConnection.yaml b/mmv1/products/beyondcorp/AppConnection.yaml index 1ebf2c7368fb..55bdb8dc1d9b 100644 --- a/mmv1/products/beyondcorp/AppConnection.yaml +++ b/mmv1/products/beyondcorp/AppConnection.yaml @@ -95,8 +95,8 @@ properties: - !ruby/object:Api::Type::String name: 'type' description: | - The type of network connectivity used by the AppConnection. Refer to - https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + The type of network connectivity used by the AppConnection. Refer + to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type for a list of possible values. immutable: true - !ruby/object:Api::Type::NestedObject diff --git a/mmv1/products/beyondcorp/go_AppConnection.yaml b/mmv1/products/beyondcorp/go_AppConnection.yaml new file mode 100644 index 000000000000..1c244f6ece44 --- /dev/null +++ b/mmv1/products/beyondcorp/go_AppConnection.yaml @@ -0,0 +1,151 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AppConnection' +description: + "A BeyondCorp AppConnection resource represents a BeyondCorp protected + AppConnection to a remote application.\nIt creates all the necessary GCP + components needed for creating a BeyondCorp protected AppConnection. + \nMultiple connectors can be authorised for a single AppConnection.\n" +references: + guides: + 'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector' + api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appconnections' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/appConnections' +self_link: 'projects/{{project}}/locations/{{region}}/appConnections/{{name}}' +create_url: 'projects/{{project}}/locations/{{region}}/appConnections?app_connection_id={{name}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'beyondcorp_app_connection_basic' + primary_resource_id: 'app_connection' + primary_resource_name: 'fmt.Sprintf("tf_test_my_app_connection%s", context["random_suffix"])' + vars: + account_id: 'my-account' + app_connector_name: 'my-app-connector' + app_connection_name: 'my-app-connection' + - name: 'beyondcorp_app_connection_full' + primary_resource_id: 'app_connection' + primary_resource_name: 'fmt.Sprintf("tf_test_my_app_connection%s", context["random_suffix"])' + vars: + account_id: 'my-account' + app_gateway_name: 'my-app-gateway' + app_connector_name: 'my-app-connector' + app_connection_name: 'my-app-connection' + display_name: 'some display name' +parameters: +properties: + - name: 'name' + type: String + description: | + ID of the AppConnection. + url_param_only: true + required: true + immutable: true + - name: 'region' + type: String + description: | + The region of the AppConnection. + url_param_only: true + immutable: true + - name: 'displayName' + type: String + description: | + An arbitrary user-provided name for the AppConnection. + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels to represent user provided metadata. + immutable: false + - name: 'type' + type: String + description: | + The type of network connectivity used by the AppConnection. Refer + to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. + immutable: true + - name: 'applicationEndpoint' + type: NestedObject + description: | + Address of the remote application endpoint for the BeyondCorp AppConnection. + required: true + properties: + - name: 'host' + type: String + description: | + Hostname or IP address of the remote application endpoint. + required: true + - name: 'port' + type: Integer + description: | + Port of the remote application endpoint. + required: true + - name: 'connectors' + type: Array + description: | + List of AppConnectors that are authorised to be associated with this AppConnection + item_type: + type: String + - name: 'gateway' + type: NestedObject + description: | + Gateway used by the AppConnection. + default_from_api: true + properties: + - name: 'appGateway' + type: String + description: | + AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}. + required: true + - name: 'type' + type: String + description: | + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + - name: 'uri' + type: String + description: | + Server-defined URI for this resource. + output: true + - name: 'ingressPort' + type: Integer + description: | + Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443. + output: true diff --git a/mmv1/products/beyondcorp/go_AppConnector.yaml b/mmv1/products/beyondcorp/go_AppConnector.yaml new file mode 100644 index 000000000000..32fa325f82a0 --- /dev/null +++ b/mmv1/products/beyondcorp/go_AppConnector.yaml @@ -0,0 +1,118 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AppConnector' +description: + "A BeyondCorp AppConnector resource represents an application facing component + deployed proximal to \nand with direct access to the application instances. It + is used to establish connectivity between the \nremote enterprise environment + and GCP. It initiates connections to the applications and can proxy the \ndata + from users over the connection.\n" +references: + guides: + 'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector' + api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appconnectors' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/appConnectors' +self_link: 'projects/{{project}}/locations/{{region}}/appConnectors/{{name}}' +create_url: 'projects/{{project}}/locations/{{region}}/appConnectors?app_connector_id={{name}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'beyondcorp_app_connector_basic' + primary_resource_id: 'app_connector' + primary_resource_name: 'fmt.Sprintf("tf_test_my_app_connector%s", context["random_suffix"])' + vars: + app_connector_name: 'my-app-connector' + account_id: 'my-account' + - name: 'beyondcorp_app_connector_full' + primary_resource_id: 'app_connector' + primary_resource_name: 'fmt.Sprintf("tf_test_my_app_connector%s", context["random_suffix"])' + vars: + app_connector_name: 'my-app-connector' + account_id: 'my-account' + display_name: 'some display name' +parameters: +properties: + - name: 'name' + type: String + description: | + ID of the AppConnector. + url_param_only: true + required: true + immutable: true + - name: 'region' + type: String + description: | + The region of the AppConnector. + url_param_only: true + immutable: true + - name: 'displayName' + type: String + description: | + An arbitrary user-provided name for the AppConnector. + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels to represent user provided metadata. + immutable: false + - name: 'principalInfo' + type: NestedObject + description: | + Principal information about the Identity of the AppConnector. + required: true + properties: + - name: 'serviceAccount' + type: NestedObject + description: | + ServiceAccount represents a GCP service account. + required: true + properties: + - name: 'email' + type: String + description: | + Email address of the service account. + required: true + - name: 'state' + type: Enum + description: | + Represents the different states of a AppConnector. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'CREATING' + - 'CREATED' + - 'UPDATING' + - 'DELETING' + - 'DOWN' diff --git a/mmv1/products/beyondcorp/go_AppGateway.yaml b/mmv1/products/beyondcorp/go_AppGateway.yaml new file mode 100644 index 000000000000..87c0b3a542e0 --- /dev/null +++ b/mmv1/products/beyondcorp/go_AppGateway.yaml @@ -0,0 +1,138 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AppGateway' +description: "A BeyondCorp AppGateway resource represents a BeyondCorp protected + AppGateway to a remote application. It creates \nall the necessary GCP + components needed for creating a BeyondCorp protected AppGateway. Multiple + connectors can be \n\ + authorised for a single AppGateway.\n" +references: + guides: + 'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector' + api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appgateways' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/appGateways' +self_link: 'projects/{{project}}/locations/{{region}}/appGateways/{{name}}' +create_url: 'projects/{{project}}/locations/{{region}}/appGateways?app_gateway_id={{name}}' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +schema_version: 1 +state_upgraders: true +examples: + - name: 'beyondcorp_app_gateway_basic' + primary_resource_id: 'app_gateway' + primary_resource_name: 'fmt.Sprintf("tf_test_my_app_gateway%s", context["random_suffix"])' + vars: + app_gateway_name: 'my-app-gateway' + - name: 'beyondcorp_app_gateway_full' + primary_resource_id: 'app_gateway' + primary_resource_name: 'fmt.Sprintf("tf_test_my_app_gateway%s", context["random_suffix"])' + vars: + app_gateway_name: 'my-app-gateway' + display_name: 'some display name' +parameters: +properties: + - name: 'name' + type: String + description: | + ID of the AppGateway. + url_param_only: true + required: true + immutable: true + - name: 'region' + type: String + description: | + The region of the AppGateway. + url_param_only: true + immutable: true + - name: 'type' + type: Enum + description: | + The type of network connectivity used by the AppGateway. + default_value: "TYPE_UNSPECIFIED" + enum_values: + - 'TYPE_UNSPECIFIED' + - 'TCP_PROXY' + - name: 'hostType' + type: Enum + description: | + The type of hosting used by the AppGateway. + default_value: "HOST_TYPE_UNSPECIFIED" + enum_values: + - 'HOST_TYPE_UNSPECIFIED' + - 'GCP_REGIONAL_MIG' + - name: 'displayName' + type: String + description: | + An arbitrary user-provided name for the AppGateway. + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels to represent user provided metadata. + immutable: false + - name: 'state' + type: Enum + description: | + Represents the different states of a AppGateway. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'CREATING' + - 'CREATED' + - 'UPDATING' + - 'DELETING' + - 'DOWN' + - name: 'uri' + type: String + description: | + Server-defined URI for this resource. + output: true + - name: 'allocatedConnections' + type: NestedObject + description: | + A list of connections allocated for the Gateway. + output: true + properties: + - name: 'pscUri' + type: String + description: | + The PSC uri of an allocated connection. + - name: 'ingressPort' + type: Integer + description: | + The ingress port of an allocated connection. diff --git a/mmv1/products/beyondcorp/go_product.yaml b/mmv1/products/beyondcorp/go_product.yaml new file mode 100644 index 000000000000..ff7a934c2034 --- /dev/null +++ b/mmv1/products/beyondcorp/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Beyondcorp' +display_name: 'BeyondCorp' +versions: + - name: 'ga' + base_url: 'https://beyondcorp.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/biglake/go_Catalog.yaml b/mmv1/products/biglake/go_Catalog.yaml new file mode 100644 index 000000000000..de624f1fa61d --- /dev/null +++ b/mmv1/products/biglake/go_Catalog.yaml @@ -0,0 +1,83 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Catalog' +description: | + Catalogs are top-level containers for Databases and Tables. +references: + guides: + 'Manage open source metadata with BigLake Metastore': 'https://cloud.google.com/bigquery/docs/manage-open-source-metadata#create_catalogs' + api: 'https://cloud.google.com/bigquery/docs/reference/biglake/rest/v1/projects.locations.catalogs' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/catalogs' +self_link: 'projects/{{project}}/locations/{{location}}/catalogs/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/catalogs?catalogId={{name}}' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'bigquery_biglake_catalog' + primary_resource_id: 'default' + vars: + name: 'my_catalog' +parameters: + - name: 'location' + type: String + description: | + The geographic location where the Catalog should reside. + url_param_only: true + required: true + immutable: true + - name: 'name' + type: String + description: | + The name of the Catalog. Format: + projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} + url_param_only: true + required: true + immutable: true +properties: + - name: 'createTime' + type: String + description: | + Output only. The creation time of the catalog. A timestamp in RFC3339 UTC + "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + output: true + - name: 'updateTime' + type: String + description: | + Output only. The last modification time of the catalog. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. + output: true + - name: 'deleteTime' + type: String + description: | + Output only. The deletion time of the catalog. Only set after the catalog + is deleted. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + output: true + - name: 'expireTime' + type: String + description: | + Output only. The time when this catalog is considered expired. Only set + after the catalog is deleted. Only set after the catalog is deleted. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. + output: true diff --git a/mmv1/products/biglake/go_Database.yaml b/mmv1/products/biglake/go_Database.yaml new file mode 100644 index 000000000000..a7d294804377 --- /dev/null +++ b/mmv1/products/biglake/go_Database.yaml @@ -0,0 +1,112 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Database' +description: | + Databases are containers of tables. +references: + guides: + 'Manage open source metadata with BigLake Metastore': 'https://cloud.google.com/bigquery/docs/manage-open-source-metadata#create_databases' + api: 'https://cloud.google.com/bigquery/docs/reference/biglake/rest/v1/projects.locations.catalogs.databases' +docs: +id_format: '{{catalog}}/databases/{{name}}' +base_url: '{{catalog}}/databases' +self_link: '{{catalog}}/databases/{{name}}' +create_url: '{{catalog}}/databases?databaseId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{%catalog}}/databases/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'biglake_database' + primary_resource_id: 'database' + vars: + name: 'my_database' + catalog_id: 'my_catalog' + bucket_id: 'my_bucket' +parameters: + - name: 'catalog' + type: String + description: | + The parent catalog. + url_param_only: true + required: true + immutable: true + - name: 'name' + type: String + description: | + The name of the database. + url_param_only: true + required: true + immutable: true +properties: + - name: 'createTime' + type: String + description: | + Output only. The creation time of the database. A timestamp in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: String + description: | + Output only. The last modification time of the database. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'deleteTime' + type: String + description: | + Output only. The deletion time of the database. Only set after the + database is deleted. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'expireTime' + type: String + description: | + Output only. The time when this database is considered expired. Only set + after the database is deleted. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'type' + type: String + description: | + The database type. + required: true + - name: 'hiveOptions' + type: NestedObject + description: | + Options of a Hive database. + required: true + properties: + - name: 'locationUri' + type: String + description: | + Cloud Storage folder URI where the database data is stored, starting with "gs://". + - name: 'parameters' + type: KeyValuePairs + description: | + Stores user supplied Hive database parameters. An object containing a + list of"key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. diff --git a/mmv1/products/biglake/go_Table.yaml b/mmv1/products/biglake/go_Table.yaml new file mode 100644 index 000000000000..e7d6f241501d --- /dev/null +++ b/mmv1/products/biglake/go_Table.yaml @@ -0,0 +1,138 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Table' +description: | + Represents a table. +references: + guides: + 'Manage open source metadata with BigLake Metastore': 'https://cloud.google.com/bigquery/docs/manage-open-source-metadata#create_tables' + api: 'https://cloud.google.com/bigquery/docs/reference/biglake/rest/v1/projects.locations.catalogs.databases.tables' +docs: +id_format: '{{database}}/tables/{{name}}' +base_url: '{{database}}/tables' +self_link: '{{database}}/tables/{{name}}' +create_url: '{{database}}/tables?tableId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{%database}}/tables/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'biglake_table' + primary_resource_id: 'table' + vars: + name: 'my_table' + catalog: 'my_catalog' + database: 'my_database' + bucket: 'my_bucket' +parameters: + - name: 'name' + type: String + description: | + Output only. The name of the Table. Format: + projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} + url_param_only: true + required: true + immutable: true + - name: 'database' + type: String + description: | + The id of the parent database. + url_param_only: true + immutable: true +properties: + - name: 'createTime' + type: String + description: | + Output only. The creation time of the table. A timestamp in RFC3339 UTC + "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: String + description: | + Output only. The last modification time of the table. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'deleteTime' + type: String + description: | + Output only. The deletion time of the table. Only set after the + table is deleted. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'expireTime' + type: String + description: | + Output only. The time when this table is considered expired. Only set + after the table is deleted. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'etag' + type: String + description: | + The checksum of a table object computed by the server based on the value + of other fields. It may be sent on update requests to ensure the client + has an up-to-date value before proceeding. It is only checked for update + table operations. + output: true + - name: 'type' + type: Enum + description: | + The database type. + enum_values: + - 'HIVE' + - name: 'hiveOptions' + type: NestedObject + description: | + Options of a Hive table. + properties: + - name: 'parameters' + type: KeyValuePairs + description: | + Stores user supplied Hive table parameters. An object containing a + list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - name: 'tableType' + type: String + description: | + Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. + - name: 'storageDescriptor' + type: NestedObject + description: | + Stores physical storage information on the data. + properties: + - name: 'locationUri' + type: String + description: | + Cloud Storage folder URI where the table data is stored, starting with "gs://". + - name: 'inputFormat' + type: String + description: | + The fully qualified Java class name of the input format. + - name: 'outputFormat' + type: String + description: | + The fully qualified Java class name of the output format. diff --git a/mmv1/products/biglake/go_product.yaml b/mmv1/products/biglake/go_product.yaml new file mode 100644 index 000000000000..d60030540160 --- /dev/null +++ b/mmv1/products/biglake/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Biglake' +display_name: 'Biglake' +versions: + - name: 'ga' + base_url: 'https://biglake.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/bigquery' diff --git a/mmv1/products/bigquery/Dataset.yaml b/mmv1/products/bigquery/Dataset.yaml index 25e64c26e4ec..ac93725eb90b 100644 --- a/mmv1/products/bigquery/Dataset.yaml +++ b/mmv1/products/bigquery/Dataset.yaml @@ -90,6 +90,18 @@ examples: skip_test: true vars: dataset_id: 'example_dataset' + - !ruby/object:Provider::Terraform::Examples + name: 'bigquery_dataset_resource_tags' + primary_resource_id: 'dataset' + primary_resource_name: + 'fmt.Sprintf("tf_test_dataset%s", context["random_suffix"])' + skip_docs: true + vars: + dataset_id: 'dataset' + tag_key1: 'tag_key1' + tag_value1: 'tag_value1' + tag_key2: 'tag_key2' + tag_value2: 'tag_value2' virtual_fields: - !ruby/object:Api::Type::Boolean name: 'delete_contents_on_destroy' @@ -140,17 +152,9 @@ properties: name: 'specialGroup' description: | A special group to grant access to. Possible values include: - - * `projectOwners`: Owners of the enclosing project. - - * `projectReaders`: Readers of the enclosing project. - - * `projectWriters`: Writers of the enclosing project. - - * `allAuthenticatedUsers`: All authenticated BigQuery users. - !ruby/object:Api::Type::String name: 'iamMember' @@ -264,8 +268,6 @@ properties: description: | The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). - - Once this property is set, all newly-created tables in the dataset will have an `expirationTime` property set to the creation time plus the value in this property, and changing the value will only affect @@ -282,8 +284,6 @@ properties: description: | The default partition expiration for all partitioned tables in the dataset, in milliseconds. - - Once this property is set, all newly-created partitioned tables in the dataset will have an `expirationMs` property in the `timePartitioning` settings set to this value, and changing the value will only @@ -342,14 +342,10 @@ properties: description: | The geographic location where the dataset should reside. See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - There are two types of locations, regional or multi-regional. A regional location is a specific geographic place, such as Tokyo, and a multi-regional location is a large geographic area, such as the United States, that contains at least two geographic places. - - The default value is multi-regional location `US`. Changing this forces a new resource to be created. default_value: US @@ -400,3 +396,11 @@ properties: LOGICAL is the default if this flag isn't specified. default_from_api: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'resourceTags' + description: | + The tags attached to this table. Tag keys are globally unique. Tag key is expected to be + in the namespaced format, for example "123456789012/environment" where 123456789012 is the + ID of the parent organization or project resource for this tag key. Tag value is expected + to be the short name, for example "Production". See [Tag definitions](/iam/docs/tags-access-control#definitions) + for more details. diff --git a/mmv1/products/bigquery/DatasetAccess.yaml b/mmv1/products/bigquery/DatasetAccess.yaml index 6838cee0b263..6afd2d7acce8 100644 --- a/mmv1/products/bigquery/DatasetAccess.yaml +++ b/mmv1/products/bigquery/DatasetAccess.yaml @@ -158,17 +158,9 @@ properties: name: 'specialGroup' description: | A special group to grant access to. Possible values include: - - * `projectOwners`: Owners of the enclosing project. - - * `projectReaders`: Readers of the enclosing project. - - * `projectWriters`: Writers of the enclosing project. - - * `allAuthenticatedUsers`: All authenticated BigQuery users. exactly_one_of: - user_by_email diff --git a/mmv1/products/bigquery/Table.yaml b/mmv1/products/bigquery/Table.yaml index 9830238c0a5e..a378fb62e850 100644 --- a/mmv1/products/bigquery/Table.yaml +++ b/mmv1/products/bigquery/Table.yaml @@ -43,6 +43,12 @@ examples: vars: dataset_id: 'dataset_id' table_id: 'table_id' +virtual_fields: + - !ruby/object:Api::Type::Boolean + name: 'allow_resource_tags_on_deletion' + description: | + If set to true, it allows table deletion when there are still resource tags attached. + default_value: false parameters: # TODO(alexstephen): Remove once we have support for placing # nested object fields in URL @@ -534,16 +540,8 @@ properties: default_value: 300000 - !ruby/object:Api::Type::KeyValuePairs name: 'resourceTags' - min_version: beta description: | The tags attached to this table. Tag keys are globally unique. Tag key is expected to be in the namespaced format, for example "123456789012/environment" where 123456789012 is the ID of the parent organization or project resource for this tag key. Tag value is expected to be the short name, for example "Production". -virtual_fields: - - !ruby/object:Api::Type::Boolean - name: 'allow_resource_tags_on_deletion' - min_version: beta - description: | - If set to true, it allows table deletion when there are still resource tags attached. - default_value: false diff --git a/mmv1/products/bigquery/go_Dataset.yaml b/mmv1/products/bigquery/go_Dataset.yaml new file mode 100644 index 000000000000..f5924647e67d --- /dev/null +++ b/mmv1/products/bigquery/go_Dataset.yaml @@ -0,0 +1,405 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Dataset' +kind: 'bigquery#dataset' +description: | + Datasets allow you to organize and control access to your tables. +references: + guides: + 'Datasets Intro': 'https://cloud.google.com/bigquery/docs/datasets-intro' + api: 'https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets' +docs: + warning: | + You must specify the role field using the legacy format `OWNER` instead of `roles/bigquery.dataOwner`. + The API does accept both formats but it will always return the legacy format which results in Terraform + showing permanent diff on each plan and apply operation. +base_url: 'projects/{{project}}/datasets' +self_link: 'projects/{{project}}/datasets/{{dataset_id}}' +has_self_link: true +delete_url: 'projects/{{project}}/datasets/{{dataset_id}}?deleteContents={{delete_contents_on_destroy}}' +import_format: + - 'projects/{{project}}/datasets/{{dataset_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/bigquery_dataset.go.tmpl' +skip_sweeper: true +examples: + - name: 'bigquery_dataset_basic' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + account_name: 'bqowner' + - name: 'bigquery_dataset_with_max_time_travel_hours' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + account_name: 'bqowner' + skip_docs: true + - name: 'bigquery_dataset_cmek' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + key_name: 'example-key' + keyring_name: 'example-keyring' + skip_test: true + - name: 'bigquery_dataset_authorized_dataset' + primary_resource_id: 'dataset' + vars: + private: 'private' + public: 'public' + account_name: 'bqowner' + - name: 'bigquery_dataset_authorized_routine' + primary_resource_id: 'private' + vars: + private_dataset: 'private_dataset' + public_dataset: 'public_dataset' + public_routine: 'public_routine' + test_env_vars: + service_account: 'SERVICE_ACCT' + - name: 'bigquery_dataset_case_insensitive_names' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + account_name: 'bqowner' + skip_docs: true + - name: 'bigquery_dataset_default_collation_set' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + account_name: 'bqowner' + skip_docs: true + - name: 'bigquery_dataset_external_reference_aws_test' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + skip_docs: true + - name: 'bigquery_dataset_external_reference_aws' + primary_resource_id: 'dataset' + vars: + dataset_id: 'example_dataset' + skip_test: true + - name: 'bigquery_dataset_resource_tags' + primary_resource_id: 'dataset' + primary_resource_name: 'fmt.Sprintf("tf_test_dataset%s", context["random_suffix"])' + vars: + dataset_id: 'dataset' + tag_key1: 'tag_key1' + tag_value1: 'tag_value1' + tag_key2: 'tag_key2' + tag_value2: 'tag_value2' + skip_docs: true +virtual_fields: + - name: 'delete_contents_on_destroy' + description: | + If set to `true`, delete all the tables in the + dataset when destroying the resource; otherwise, + destroying the resource will fail if tables are present. + type: Boolean + default_value: false +parameters: +properties: + - name: 'maxTimeTravelHours' + type: String + description: + 'Defines the time travel window in hours. The value can be from 48 to 168 + hours (2 to 7 days).' + default_from_api: true + - name: 'access' + type: Array + description: + 'An array of objects that define dataset access for one or more entities.' + is_set: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'domain' + type: String + description: | + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access + - name: 'groupByEmail' + type: String + description: An email address of a Google Group to grant access to. + - name: 'role' + type: String + description: | + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + - name: 'specialGroup' + type: String + description: | + A special group to grant access to. Possible values include: + * `projectOwners`: Owners of the enclosing project. + * `projectReaders`: Readers of the enclosing project. + * `projectWriters`: Writers of the enclosing project. + * `allAuthenticatedUsers`: All authenticated BigQuery users. + - name: 'iamMember' + type: String + description: | + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: `allUsers` + - name: 'userByEmail' + type: String + description: | + An email address of a user to grant access to. For example: + fred@example.com + - name: 'view' + type: NestedObject + description: | + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table. + required: true + - name: 'projectId' + type: String + description: The ID of the project containing this table. + required: true + - name: 'tableId' + type: String + description: | + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + required: true + - name: 'dataset' + type: NestedObject + description: | + Grants all resources of particular types in a particular dataset read access to the current dataset. + properties: + - name: 'dataset' + type: NestedObject + description: | + The dataset this entry applies to + required: true + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table. + required: true + - name: 'projectId' + type: String + description: The ID of the project containing this table. + required: true + - name: 'targetTypes' + type: Array + description: | + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS + required: true + item_type: + type: String + - name: 'routine' + type: NestedObject + description: | + A routine from a different dataset to grant access to. Queries + executed against that routine will have read access to tables in + this dataset. The role field is not required when this field is + set. If that routine is updated by any user, access to the routine + needs to be granted again via an update operation. + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table. + required: true + - name: 'projectId' + type: String + description: The ID of the project containing this table. + required: true + - name: 'routineId' + type: String + description: | + The ID of the routine. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 256 characters. + required: true + - name: 'creationTime' + type: Integer + description: | + The time when this dataset was created, in milliseconds since the + epoch. + output: true + - name: 'datasetReference' + type: NestedObject + description: 'A reference that identifies the dataset.' + required: true + immutable: true + flatten_object: true + properties: + - name: 'datasetId' + type: String + description: | + A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + required: true + immutable: true + validation: + function: 'validateDatasetId' + - name: 'defaultTableExpirationMs' + type: Integer + description: | + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + Once this property is set, all newly-created tables in the dataset + will have an `expirationTime` property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the `expirationTime` for a given + table is reached, that table will be deleted automatically. + If a table's `expirationTime` is modified or removed before the + table expires, or if you provide an explicit `expirationTime` when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + validation: + function: 'validateDefaultTableExpirationMs' + - name: 'defaultPartitionExpirationMs' + type: Integer + description: | + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + Once this property is set, all newly-created partitioned tables in + the dataset will have an `expirationMs` property in the `timePartitioning` + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of `defaultTableExpirationMs` + for partitioned tables: only one of `defaultTableExpirationMs` and + `defaultPartitionExpirationMs` will be used for any new partitioned + table. If you provide an explicit `timePartitioning.expirationMs` when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + - name: 'description' + type: String + description: A user-friendly description of the dataset + - name: 'etag' + type: String + description: | + A hash of the resource. + output: true + - name: 'externalDatasetReference' + type: NestedObject + description: | + Information about the external metadata storage where the dataset is defined. + immutable: true + properties: + - name: 'externalSource' + type: String + description: | + External source that backs this dataset. + required: true + immutable: true + - name: 'connection' + type: String + description: | + The connection id that is used to access the externalSource. + Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + required: true + immutable: true + - name: 'friendlyName' + type: String + description: A descriptive name for the dataset + send_empty_value: true + - name: 'labels' + type: KeyValueLabels + description: | + The labels associated with this dataset. You can use these to + organize and group your datasets. + immutable: false + - name: 'lastModifiedTime' + type: Integer + description: | + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + output: true + - name: 'location' + type: String + description: | + The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + The default value is multi-regional location `US`. + Changing this forces a new resource to be created. + immutable: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_dataset_location.go.tmpl' + default_value: "US" + - name: 'defaultEncryptionConfiguration' + type: NestedObject + description: | + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. + properties: + - name: 'kmsKeyName' + type: String + description: | + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. + required: true + - name: 'isCaseInsensitive' + type: Boolean + description: | + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + default_from_api: true + - name: 'defaultCollation' + type: String + description: | + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + default_from_api: true + - name: 'storageBillingModel' + type: String + description: | + Specifies the storage billing model for the dataset. + Set this flag value to LOGICAL to use logical bytes for storage billing, + or to PHYSICAL to use physical bytes instead. + + LOGICAL is the default if this flag isn't specified. + default_from_api: true + - name: 'resourceTags' + type: KeyValuePairs + description: | + The tags attached to this table. Tag keys are globally unique. Tag key is expected to be + in the namespaced format, for example "123456789012/environment" where 123456789012 is the + ID of the parent organization or project resource for this tag key. Tag value is expected + to be the short name, for example "Production". See [Tag definitions](/iam/docs/tags-access-control#definitions) + for more details. diff --git a/mmv1/products/bigquery/go_DatasetAccess.yaml b/mmv1/products/bigquery/go_DatasetAccess.yaml new file mode 100644 index 000000000000..b126307ef693 --- /dev/null +++ b/mmv1/products/bigquery/go_DatasetAccess.yaml @@ -0,0 +1,295 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DatasetAccess' +description: | + Gives dataset access for a single entity. This resource is intended to be used in cases where + it is not possible to compile a full list of access blocks to include in a + `google_bigquery_dataset` resource, to enable them to be added separately. + + ~> **Note:** If this resource is used alongside a `google_bigquery_dataset` resource, the + dataset resource must either have no defined `access` blocks or a `lifecycle` block with + `ignore_changes = [access]` so they don't fight over which accesses should be on the dataset. + Additionally, both resource cannot be modified in the same apply. +references: + guides: + 'Controlling access to datasets': 'https://cloud.google.com/bigquery/docs/dataset-access-controls' + api: 'https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets' +docs: + warning: | + You must specify the role field using the legacy format `OWNER` instead of `roles/bigquery.dataOwner`. + The API does accept both formats but it will always return the legacy format which results in Terraform + showing permanent diff on each plan and apply operation. +base_url: 'projects/{{project}}/datasets/{{dataset_id}}' +self_link: 'projects/{{project}}/datasets/{{dataset_id}}' +create_verb: 'PATCH' +delete_verb: 'PATCH' +immutable: true +mutex: '{{dataset_id}}' +exclude_import: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +identity: + - role + - userByEmail + - groupByEmail + - domain + - specialGroup + - iamMember + - view + - dataset + - routine +nested_query: + keys: + - access + is_list_of_ids: false + modify_by_patch: true +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/bigquery_dataset_access.go.tmpl' + constants: 'templates/terraform/constants/go/bigquery_dataset_access.go.tmpl' + post_create: 'templates/terraform/post_create/go/bigquery_dataset_access.go.tmpl' +exclude_tgc: true +skip_sweeper: true +error_retry_predicates: + + - 'transport_tpg.IsBigqueryIAMQuotaError' +examples: + - name: 'bigquery_dataset_access_basic_user' + primary_resource_id: 'access' + vars: + dataset_id: 'example_dataset' + account_name: 'bqowner' + skip_test: true + - name: 'bigquery_dataset_access_view' + primary_resource_id: 'access' + vars: + dataset_id: 'example_dataset' + dataset_id2: 'example_dataset2' + table_id: 'example_table' + skip_test: true + - name: 'bigquery_dataset_access_authorized_dataset' + primary_resource_id: 'access' + vars: + private: 'private' + public: 'public' + skip_test: true + - name: 'bigquery_dataset_access_authorized_routine' + primary_resource_id: 'authorized_routine' + vars: + private_dataset: 'private_dataset' + public_dataset: 'public_dataset' + public_routine: 'public_routine' + skip_test: true +parameters: +properties: + - name: 'datasetId' + type: String + description: | + A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + required: true + ignore_read: true + - name: 'role' + type: String + description: | + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + diff_suppress_func: 'resourceBigQueryDatasetAccessRoleDiffSuppress' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_access_role.go.tmpl' + - name: 'userByEmail' + type: String + description: | + An email address of a user to grant access to. For example: + fred@example.com + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + diff_suppress_func: 'resourceBigQueryDatasetAccessIamMemberDiffSuppress' + - name: 'groupByEmail' + type: String + description: An email address of a Google Group to grant access to. + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + diff_suppress_func: 'resourceBigQueryDatasetAccessIamMemberDiffSuppress' + - name: 'domain' + type: String + description: | + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + diff_suppress_func: 'resourceBigQueryDatasetAccessIamMemberDiffSuppress' + - name: 'specialGroup' + type: String + description: | + A special group to grant access to. Possible values include: + * `projectOwners`: Owners of the enclosing project. + * `projectReaders`: Readers of the enclosing project. + * `projectWriters`: Writers of the enclosing project. + * `allAuthenticatedUsers`: All authenticated BigQuery users. + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + diff_suppress_func: 'resourceBigQueryDatasetAccessIamMemberDiffSuppress' + - name: 'iamMember' + type: String + description: | + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: `allUsers` + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + diff_suppress_func: 'resourceBigQueryDatasetAccessIamMemberDiffSuppress' + - name: 'view' + type: NestedObject + description: | + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table. + required: true + - name: 'projectId' + type: String + description: The ID of the project containing this table. + required: true + - name: 'tableId' + type: String + description: | + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + required: true + - name: 'dataset' + type: NestedObject + description: | + Grants all resources of particular types in a particular dataset read access to the current dataset. + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + properties: + - name: 'dataset' + type: NestedObject + description: | + The dataset this entry applies to + required: true + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table. + required: true + - name: 'projectId' + type: String + description: The ID of the project containing this table. + required: true + - name: 'targetTypes' + type: Array + description: | + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS + required: true + item_type: + type: String + - name: 'routine' + type: NestedObject + description: | + A routine from a different dataset to grant access to. Queries + executed against that routine will have read access to tables in + this dataset. The role field is not required when this field is + set. If that routine is updated by any user, access to the routine + needs to be granted again via an update operation. + exactly_one_of: + - 'user_by_email' + - 'group_by_email' + - 'domain' + - 'special_group' + - 'iam_member' + - 'view' + - 'dataset' + - 'routine' + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table. + required: true + - name: 'projectId' + type: String + description: The ID of the project containing this table. + required: true + - name: 'routineId' + type: String + description: | + The ID of the routine. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 256 characters. + required: true diff --git a/mmv1/products/bigquery/go_Job.yaml b/mmv1/products/bigquery/go_Job.yaml new file mode 100644 index 000000000000..f6057ff8c73e --- /dev/null +++ b/mmv1/products/bigquery/go_Job.yaml @@ -0,0 +1,877 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Job' +kind: 'bigquery#job' +description: | + Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data. + Once a BigQuery job is created, it cannot be changed or deleted. +references: + guides: + 'BigQuery Jobs Intro': 'https://cloud.google.com/bigquery/docs/jobs-overview' + api: 'https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs' +docs: +id_format: 'projects/{{project}}/jobs/{{job_id}}' +base_url: 'projects/{{project}}/jobs' +self_link: 'projects/{{project}}/jobs/{{job_id}}?location={{location}}' +skip_delete: true +immutable: true +import_format: + - 'projects/{{project}}/jobs/{{job_id}}/location/{{location}}' + - 'projects/{{project}}/jobs/{{job_id}}' + - '{{project}}/{{job_id}}' + - '{{job_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + type: 'PollAsync' + check_response_func_existence: 'transport_tpg.PollCheckForExistence' + check_response_func_absence: 'transport_tpg.PollCheckForAbsence' + suppress_error: false + target_occurrences: 1 + actions: ['create'] +custom_code: + constants: 'templates/terraform/constants/go/bigquery_job.go.tmpl' + encoder: 'templates/terraform/encoders/go/bigquery_job.go.tmpl' +schema_version: 1 +state_upgraders: true +examples: + - name: 'bigquery_job_query' + primary_resource_id: 'job' + vars: + job_id: 'job_query' + account_name: 'bqowner' + ignore_read_extra: + - 'etag' + - 'status.0.state' + - name: 'bigquery_job_query_table_reference' + primary_resource_id: 'job' + vars: + job_id: 'job_query' + account_name: 'bqowner' + ignore_read_extra: + - 'etag' + - 'query.0.default_dataset.0.dataset_id' + - 'query.0.destination_table.0.table_id' + - 'status.0.state' + - name: 'bigquery_job_load' + primary_resource_id: 'job' + vars: + job_id: 'job_load' + ignore_read_extra: + - 'etag' + - 'status.0.state' + - name: 'bigquery_job_load_geojson' + primary_resource_id: 'job' + vars: + job_id: 'job_load' + bucket_name: 'bq-geojson' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'etag' + - 'status.0.state' + - name: 'bigquery_job_load_parquet' + primary_resource_id: 'job' + vars: + job_id: 'job_load' + ignore_read_extra: + - 'etag' + - 'status.0.state' + - name: 'bigquery_job_load_table_reference' + primary_resource_id: 'job' + vars: + job_id: 'job_load' + ignore_read_extra: + - 'etag' + - 'load.0.destination_table.0.table_id' + - 'status.0.state' + skip_docs: true + - name: 'bigquery_job_copy' + primary_resource_id: 'job' + vars: + job_id: 'job_copy' + account_name: 'bqowner' + key_name: 'example-key' + keyring_name: 'example-keyring' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'etag' + - 'status.0.state' + - name: 'bigquery_job_copy_table_reference' + primary_resource_id: 'job' + vars: + job_id: 'job_copy' + account_name: 'bqowner' + key_name: 'example-key' + keyring_name: 'example-keyring' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'etag' + - 'copy.0.destination_table.0.table_id' + - 'copy.0.source_tables.0.table_id' + - 'copy.0.source_tables.1.table_id' + - 'status.0.state' + skip_docs: true + - name: 'bigquery_job_extract' + primary_resource_id: 'job' + vars: + job_id: 'job_extract' + account_name: 'bqowner' + ignore_read_extra: + - 'etag' + - 'status.0.state' + - name: 'bigquery_job_extract_table_reference' + primary_resource_id: 'job' + vars: + job_id: 'job_extract' + account_name: 'bqowner' + ignore_read_extra: + - 'etag' + - 'extract.0.source_table.0.table_id' + - 'status.0.state' + skip_docs: true +parameters: +properties: + - name: 'user_email' + type: String + description: | + Email address of the user who ran the job. + output: true + - name: 'configuration' + type: NestedObject + description: 'Describes the job configuration.' + required: true + flatten_object: true + properties: + - name: 'jobType' + type: String + description: | + The type of the job. + output: true + - name: 'jobTimeoutMs' + type: String + description: | + Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job. + - name: 'labels' + type: KeyValueLabels + description: | + The labels associated with this job. You can use these to organize and group your jobs. + - name: 'query' + type: NestedObject + description: 'Configures a query job.' + exactly_one_of: + - 'configuration.0.query' + - 'configuration.0.load' + - 'configuration.0.copy' + - 'configuration.0.extract' + properties: + - name: 'query' + type: String + description: | + SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + (`DELETE`, `UPDATE`, `MERGE`, `INSERT`) must specify `create_disposition = ""` and `write_disposition = ""`. + required: true + - name: 'destinationTable' + type: NestedObject + description: | + Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_table_ref_query_destinationtable.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_table_ref.go.tmpl' + properties: + - name: 'projectId' + type: String + description: 'The ID of the project containing this table.' + required: false + default_from_api: true + - name: 'datasetId' + type: String + description: 'The ID of the dataset containing this table.' + required: false + default_from_api: true + - name: 'tableId' + type: String + description: | + The table. Can be specified `{{table_id}}` if `project_id` and `dataset_id` are also set, + or of the form `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}` if not. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'userDefinedFunctionResources' + type: Array + description: | + Describes user-defined function resources used in the query. + item_type: + type: NestedObject + properties: + - name: 'resourceUri' + type: String + description: + 'A code resource to load from a Google Cloud Storage URI + (gs://bucket/path).' + - name: 'inlineCode' + type: String + description: | + An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + - name: 'createDisposition' + type: Enum + description: | + Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion + default_value: "CREATE_IF_NEEDED" + enum_values: + - 'CREATE_IF_NEEDED' + - 'CREATE_NEVER' + - name: 'writeDisposition' + type: Enum + description: | + Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. + default_value: "WRITE_EMPTY" + enum_values: + - 'WRITE_TRUNCATE' + - 'WRITE_APPEND' + - 'WRITE_EMPTY' + - name: 'defaultDataset' + type: NestedObject + description: | + Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names. + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_dataset_ref.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_dataset_ref.go.tmpl' + properties: + - name: 'datasetId' + type: String + description: | + The dataset. Can be specified `{{dataset_id}}` if `project_id` is also set, + or of the form `projects/{{project}}/datasets/{{dataset_id}}` if not. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'projectId' + type: String + description: 'The ID of the project containing this table.' + required: false + default_from_api: true + - name: 'priority' + type: Enum + description: | + Specifies a priority for the query. + default_value: "INTERACTIVE" + enum_values: + - 'INTERACTIVE' + - 'BATCH' + - name: 'allowLargeResults' + type: Boolean + description: | + If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + - name: 'useQueryCache' + type: Boolean + description: | + Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + default_value: true + - name: 'flattenResults' + type: Boolean + description: | + If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + - name: 'maximumBillingTier' + type: Integer + description: | + Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + - name: 'maximumBytesBilled' + type: String + description: | + Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + - name: 'useLegacySql' + type: Boolean + description: | + Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + send_empty_value: true + - name: 'parameterMode' + type: String + description: | + Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query. + - name: 'schemaUpdateOptions' + type: Array + description: | + Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + item_type: + type: String + - name: 'destinationEncryptionConfiguration' + type: NestedObject + description: | + Custom encryption configuration (e.g., Cloud KMS keys) + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_kms_version.go.tmpl' + properties: + - name: 'kmsKeyName' + type: String + description: | + Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. + The BigQuery Service Account associated with your project requires access to this encryption key. + required: true + - name: 'kmsKeyVersion' + type: String + description: | + Describes the Cloud KMS encryption key version used to protect destination BigQuery table. + output: true + - name: 'scriptOptions' + type: NestedObject + description: | + Options controlling the execution of scripts. + properties: + - name: 'statementTimeoutMs' + type: String + description: 'Timeout period for each statement in a script.' + at_least_one_of: + - 'configuration.0.query.0.script_options.0.statement_timeout_ms' + - 'configuration.0.query.0.script_options.0.statement_byte_budget' + - 'configuration.0.query.0.script_options.0.key_result_statement' + - name: 'statementByteBudget' + type: String + description: + 'Limit on the number of bytes billed per statement. Exceeding + this budget results in an error.' + at_least_one_of: + - 'configuration.0.query.0.script_options.0.statement_timeout_ms' + - 'configuration.0.query.0.script_options.0.statement_byte_budget' + - 'configuration.0.query.0.script_options.0.key_result_statement' + - name: 'keyResultStatement' + type: Enum + description: | + Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. + at_least_one_of: + - 'configuration.0.query.0.script_options.0.statement_timeout_ms' + - 'configuration.0.query.0.script_options.0.statement_byte_budget' + - 'configuration.0.query.0.script_options.0.key_result_statement' + enum_values: + - 'LAST' + - 'FIRST_SELECT' + - name: 'load' + type: NestedObject + description: 'Configures a load job.' + exactly_one_of: + - 'configuration.0.query' + - 'configuration.0.load' + - 'configuration.0.copy' + - 'configuration.0.extract' + properties: + - name: 'sourceUris' + type: Array + description: | + The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. + required: true + item_type: + type: String + - name: 'destinationTable' + type: NestedObject + description: | + The destination table to load the data into. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_table_ref_load_destinationtable.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_table_ref.go.tmpl' + properties: + - name: 'projectId' + type: String + description: 'The ID of the project containing this table.' + required: false + default_from_api: true + - name: 'datasetId' + type: String + description: 'The ID of the dataset containing this table.' + required: false + default_from_api: true + - name: 'tableId' + type: String + description: | + The table. Can be specified `{{table_id}}` if `project_id` and `dataset_id` are also set, + or of the form `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}` if not. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'createDisposition' + type: Enum + description: | + Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion + default_value: "CREATE_IF_NEEDED" + enum_values: + - 'CREATE_IF_NEEDED' + - 'CREATE_NEVER' + - name: 'writeDisposition' + type: Enum + description: | + Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. + default_value: "WRITE_EMPTY" + enum_values: + - 'WRITE_TRUNCATE' + - 'WRITE_APPEND' + - 'WRITE_EMPTY' + - name: 'nullMarker' + type: String + description: | + Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + default_value: "" + - name: 'fieldDelimiter' + type: String + description: | + The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + default_from_api: true + - name: 'skipLeadingRows' + type: Integer + description: | + The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + validation: + function: 'validation.IntAtLeast(0)' + default_value: 0 + - name: 'encoding' + type: String + description: | + The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + default_value: "UTF-8" + - name: 'quote' + type: String + description: | + The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + default_from_api: true + - name: 'maxBadRecords' + type: Integer + description: | + The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + default_value: 0 + - name: 'allowQuotedNewlines' + type: Boolean + description: | + Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + default_value: false + - name: 'sourceFormat' + type: String + description: | + The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + default_value: "CSV" + - name: 'jsonExtension' + type: String + description: | + If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + - name: 'allowJaggedRows' + type: Boolean + description: | + Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + default_value: false + - name: 'ignoreUnknownValues' + type: Boolean + description: | + Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names + default_value: false + - name: 'projectionFields' + type: Array + description: | + If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + item_type: + type: String + - name: 'autodetect' + type: Boolean + description: | + Indicates if we should automatically infer the options and schema for CSV and JSON sources. + - name: 'schemaUpdateOptions' + type: Array + description: | + Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + item_type: + type: String + - name: 'timePartitioning' + type: NestedObject + description: | + Time-based partitioning specification for the destination table. + properties: + - name: 'type' + type: String + description: | + The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + required: true + - name: 'expirationMs' + type: String + description: | + Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value. + - name: 'field' + type: String + description: | + If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + - name: 'destinationEncryptionConfiguration' + type: NestedObject + description: | + Custom encryption configuration (e.g., Cloud KMS keys) + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_kms_version.go.tmpl' + properties: + - name: 'kmsKeyName' + type: String + description: | + Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. + The BigQuery Service Account associated with your project requires access to this encryption key. + required: true + - name: 'kmsKeyVersion' + type: String + description: | + Describes the Cloud KMS encryption key version used to protect destination BigQuery table. + output: true + - name: 'parquetOptions' + type: NestedObject + description: | + Parquet Options for load and make external tables. + properties: + - name: 'enumAsString' + type: Boolean + description: | + If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default. + - name: 'enableListInference' + type: Boolean + description: | + If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type. + at_least_one_of: + - 'configuration.0.load.0.parquet_options.0.enum_as_string' + - 'configuration.0.load.0.parquet_options.0.enable_list_inference' + - name: 'copy' + type: NestedObject + description: 'Copies a table.' + exactly_one_of: + - 'configuration.0.query' + - 'configuration.0.load' + - 'configuration.0.copy' + - 'configuration.0.extract' + properties: + - name: 'sourceTables' + type: Array + description: | + Source tables to copy. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_table_ref_copy_sourcetables.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_table_ref_array.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'projectId' + type: String + description: 'The ID of the project containing this table.' + required: false + default_from_api: true + - name: 'datasetId' + type: String + description: 'The ID of the dataset containing this table.' + required: false + default_from_api: true + - name: 'tableId' + type: String + description: | + The table. Can be specified `{{table_id}}` if `project_id` and `dataset_id` are also set, + or of the form `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}` if not. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'destinationTable' + type: NestedObject + description: 'The destination table.' + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_table_ref_copy_destinationtable.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_table_ref.go.tmpl' + properties: + - name: 'projectId' + type: String + description: 'The ID of the project containing this table.' + required: false + default_from_api: true + - name: 'datasetId' + type: String + description: 'The ID of the dataset containing this table.' + required: false + default_from_api: true + - name: 'tableId' + type: String + description: | + The table. Can be specified `{{table_id}}` if `project_id` and `dataset_id` are also set, + or of the form `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}` if not. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'createDisposition' + type: Enum + description: | + Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion + default_value: "CREATE_IF_NEEDED" + enum_values: + - 'CREATE_IF_NEEDED' + - 'CREATE_NEVER' + - name: 'writeDisposition' + type: Enum + description: | + Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. + default_value: "WRITE_EMPTY" + enum_values: + - 'WRITE_TRUNCATE' + - 'WRITE_APPEND' + - 'WRITE_EMPTY' + - name: 'destinationEncryptionConfiguration' + type: NestedObject + description: | + Custom encryption configuration (e.g., Cloud KMS keys) + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_kms_version.go.tmpl' + properties: + - name: 'kmsKeyName' + type: String + description: | + Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. + The BigQuery Service Account associated with your project requires access to this encryption key. + required: true + - name: 'kmsKeyVersion' + type: String + description: | + Describes the Cloud KMS encryption key version used to protect destination BigQuery table. + output: true + - name: 'extract' + type: NestedObject + description: 'Configures an extract job.' + exactly_one_of: + - 'configuration.0.query' + - 'configuration.0.load' + - 'configuration.0.copy' + - 'configuration.0.extract' + properties: + - name: 'destinationUris' + type: Array + description: | + A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written. + required: true + item_type: + type: String + - name: 'printHeader' + type: Boolean + description: | + Whether to print out a header row in the results. Default is true. + default_value: true + - name: 'fieldDelimiter' + type: String + description: | + When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ',' + default_from_api: true + - name: 'destinationFormat' + type: String + description: | + The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + default_from_api: true + - name: 'compression' + type: String + description: | + The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + default_value: "NONE" + - name: 'useAvroLogicalTypes' + type: Boolean + description: | + Whether to use logical types when extracting to AVRO format. + - name: 'sourceTable' + type: NestedObject + description: | + A reference to the table being exported. + exactly_one_of: + - 'configuration.0.extract.0.source_table' + - 'configuration.0.extract.0.source_model' + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_table_ref_extract_sourcetable.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigquery_table_ref.go.tmpl' + properties: + - name: 'projectId' + type: String + description: 'The ID of the project containing this table.' + required: false + default_from_api: true + - name: 'datasetId' + type: String + description: 'The ID of the dataset containing this table.' + required: false + default_from_api: true + - name: 'tableId' + type: String + description: | + The table. Can be specified `{{table_id}}` if `project_id` and `dataset_id` are also set, + or of the form `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}` if not. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'sourceModel' + type: NestedObject + description: | + A reference to the model being exported. + exactly_one_of: + - 'configuration.0.extract.0.source_table' + - 'configuration.0.extract.0.source_model' + properties: + - name: 'projectId' + type: String + description: 'The ID of the project containing this model.' + required: true + - name: 'datasetId' + type: String + description: 'The ID of the dataset containing this model.' + required: true + - name: 'modelId' + type: String + description: 'The ID of the model.' + required: true + - name: 'jobReference' + type: NestedObject + description: | + Reference describing the unique-per-user name of the job. + flatten_object: true + properties: + - name: 'jobId' + type: String + description: | + The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters. + required: true + - name: 'location' + type: String + description: | + The geographic location of the job. The default value is US. + default_value: "US" + - name: 'status' + type: NestedObject + description: | + The status of this job. Examine this value when polling an asynchronous job to see if the job is complete. + output: true + properties: + - name: 'errorResult' + type: NestedObject + description: | + Final error result of the job. If present, indicates that the job has completed and was unsuccessful. + output: true + properties: + - name: 'reason' + type: String + description: A short error code that summarizes the error. + - name: 'location' + type: String + description: Specifies where the error occurred, if present. + - name: 'message' + type: String + description: A human-readable description of the error. + - name: 'errors' + type: Array + description: | + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + output: true + item_type: + type: NestedObject + properties: + - name: 'reason' + type: String + description: A short error code that summarizes the error. + - name: 'location' + type: String + description: Specifies where the error occurred, if present. + - name: 'message' + type: String + description: A human-readable description of the error. + - name: 'state' + type: String + description: | + Running state of the job. Valid states include 'PENDING', 'RUNNING', and 'DONE'. + output: true diff --git a/mmv1/products/bigquery/go_Routine.yaml b/mmv1/products/bigquery/go_Routine.yaml new file mode 100644 index 000000000000..2d012385c6c3 --- /dev/null +++ b/mmv1/products/bigquery/go_Routine.yaml @@ -0,0 +1,325 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Routine' +kind: 'bigquery#routine' +description: | + A user-defined function or a stored procedure that belongs to a Dataset +references: + guides: + 'Routines Intro': 'https://cloud.google.com/bigquery/docs/reference/rest/v2/routines' + api: 'https://cloud.google.com/bigquery/docs/reference/rest/v2/routines' +docs: +base_url: 'projects/{{project}}/datasets/{{dataset_id}}/routines' +self_link: 'projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}' +import_format: + - 'projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'bigquery_routine_basic' + primary_resource_id: 'sproc' + primary_resource_name: 'fmt.Sprintf("tf_test_dataset_id%s", context["random_suffix"]), fmt.Sprintf("tf_test_table_id%s", context["random_suffix"])' + vars: + dataset_id: 'dataset_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_json' + primary_resource_id: 'sproc' + primary_resource_name: 'fmt.Sprintf("tf_test_dataset_id%s", context["random_suffix"]), fmt.Sprintf("tf_test_table_id%s", context["random_suffix"])' + vars: + dataset_id: 'dataset_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_tvf' + primary_resource_id: 'sproc' + primary_resource_name: 'fmt.Sprintf("tf_test_dataset_id%s", context["random_suffix"]), fmt.Sprintf("tf_test_table_id%s", context["random_suffix"])' + vars: + dataset_id: 'dataset_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_pyspark' + primary_resource_id: 'pyspark' + vars: + dataset_id: 'dataset_id' + connection_id: 'connection_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_pyspark_mainfile' + primary_resource_id: 'pyspark_mainfile' + vars: + dataset_id: 'dataset_id' + connection_id: 'connection_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_spark_jar' + primary_resource_id: 'spark_jar' + vars: + dataset_id: 'dataset_id' + connection_id: 'connection_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_data_governance_type' + primary_resource_id: 'custom_masking_routine' + vars: + dataset_id: 'dataset_id' + routine_id: 'routine_id' + - name: 'bigquery_routine_remote_function' + primary_resource_id: 'remote_function' + vars: + dataset_id: 'dataset_id' + connection_id: 'connection_id' + routine_id: 'routine_id' + skip_test: true +parameters: +properties: + - name: 'routineReference' + type: NestedObject + description: Reference describing the ID of this routine + required: true + custom_expand: 'templates/terraform/custom_expand/go/bigquery_routine_ref.go.tmpl' + flatten_object: true + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this routine + required: true + immutable: true + - name: 'routineId' + type: String + description: + The ID of the the routine. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length is 256 + characters. + required: true + immutable: true + - name: 'routineType' + type: Enum + description: The type of routine. + required: true + immutable: true + enum_values: + - 'SCALAR_FUNCTION' + - 'PROCEDURE' + - 'TABLE_VALUED_FUNCTION' + - name: 'creationTime' + type: Integer + description: | + The time when this routine was created, in milliseconds since the + epoch. + output: true + - name: 'lastModifiedTime' + type: Integer + description: | + The time when this routine was modified, in milliseconds since the + epoch. + output: true + - name: 'language' + type: Enum + description: | + The language of the routine. + enum_values: + - 'SQL' + - 'JAVASCRIPT' + - 'PYTHON' + - 'JAVA' + - 'SCALA' + - name: 'arguments' + type: Array + description: Input/output argument of a function or a stored procedure. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name of this argument. Can be absent for function return argument. + - name: 'argumentKind' + type: Enum + description: Defaults to FIXED_TYPE. + default_value: "FIXED_TYPE" + enum_values: + - 'FIXED_TYPE' + - 'ANY_TYPE' + - name: 'mode' + type: Enum + description: | + Specifies whether the argument is input or output. Can be set for procedures only. + enum_values: + - 'IN' + - 'OUT' + - 'INOUT' + - name: 'dataType' + type: String + description: | + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'returnType' + type: String + description: | + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'returnTableType' + type: String + description: | + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'importedLibraries' + type: Array + description: | + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + item_type: + type: String + - name: 'definitionBody' + type: String + description: | + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + required: true + - name: 'description' + type: String + description: The description of the routine if defined. + - name: 'determinismLevel' + type: Enum + description: The determinism level of the JavaScript UDF if defined. + enum_values: + - 'DETERMINISM_LEVEL_UNSPECIFIED' + - 'DETERMINISTIC' + - 'NOT_DETERMINISTIC' + - name: 'dataGovernanceType' + type: Enum + description: If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + enum_values: + - 'DATA_MASKING' + - name: 'sparkOptions' + type: NestedObject + description: | + Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + properties: + - name: 'connection' + type: String + description: | + Fully qualified name of the user-provided Spark connection object. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + - name: 'runtimeVersion' + type: String + description: Runtime version. If not specified, the default runtime version is used. + - name: 'containerImage' + type: String + description: Custom container image for the runtime environment. + - name: 'properties' + type: KeyValuePairs + description: | + Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + For more information, see Apache Spark and the procedure option list. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + default_from_api: true + - name: 'mainFileUri' + type: String + description: | + The main file/jar URI of the Spark application. + Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + - name: 'pyFileUris' + type: Array + description: | + Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. + default_from_api: true + item_type: + type: String + - name: 'jarUris' + type: Array + description: | + JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. + default_from_api: true + item_type: + type: String + - name: 'fileUris' + type: Array + description: | + Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. + default_from_api: true + item_type: + type: String + - name: 'archiveUris' + type: Array + description: | + Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. + default_from_api: true + item_type: + type: String + - name: 'mainClass' + type: String + description: | + The fully qualified name of a class in jarUris, for example, com.example.wordcount. + Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + - name: 'remoteFunctionOptions' + type: NestedObject + description: Remote function specific options. + properties: + - name: 'endpoint' + type: String + description: | + Endpoint of the user-provided remote service, e.g. + `https://us-east1-my_gcf_project.cloudfunctions.net/remote_add` + - name: 'connection' + type: String + description: | + Fully qualified name of the user-provided connection object which holds + the authentication information to send requests to the remote service. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + - name: 'userDefinedContext' + type: KeyValuePairs + description: | + User-defined context as a set of key/value pairs, which will be sent as function + invocation context together with batched arguments in the requests to the remote + service. The total number of bytes of keys and values must be less than 8KB. + + An object containing a list of "key": value pairs. Example: + `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`. + default_from_api: true + - name: 'maxBatchingRows' + type: String + description: | + Max number of rows in each batch sent to the remote service. If absent or if 0, + BigQuery dynamically decides the number of rows in a batch. diff --git a/mmv1/products/bigquery/go_Table.yaml b/mmv1/products/bigquery/go_Table.yaml new file mode 100644 index 000000000000..2876c3258eeb --- /dev/null +++ b/mmv1/products/bigquery/go_Table.yaml @@ -0,0 +1,556 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Table' +kind: 'bigquery#table' +description: | + A Table that belongs to a Dataset +exclude_resource: true +docs: +id_format: '{{table_id}}' +base_url: 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' +self_link: 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' +import_format: + - 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' + - '{{table_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_type: 'google_bigquery_table' + fetch_iam_policy_verb: 'POST' + allowed_iam_role: 'roles/bigquery.dataOwner' + parent_resource_attribute: 'table_id' + iam_conditions_request_type: 'REQUEST_BODY' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + iam_policy_version: '1' +custom_code: +examples: + - name: 'bigquery_bigquery_table' + primary_resource_id: 'test' + primary_resource_name: 'fmt.Sprintf("tf_test_dataset_id%s", context["random_suffix"]), fmt.Sprintf("tf_test_table_id%s", context["random_suffix"])' + vars: + dataset_id: 'dataset_id' + table_id: 'table_id' +virtual_fields: + - name: 'allow_resource_tags_on_deletion' + description: | + If set to true, it allows table deletion when there are still resource tags attached. + type: Boolean + default_value: false +parameters: + - name: 'dataset' + type: String + description: Name of the dataset +properties: + - name: 'tableReference' + type: NestedObject + description: Reference describing the ID of this table + properties: + - name: 'datasetId' + type: String + description: The ID of the dataset containing this table + - name: 'projectId' + type: String + description: The ID of the project containing this table + - name: 'tableId' + type: String + description: The ID of the the table + - name: 'clustering' + type: Array + description: | + One or more fields on which data should be clustered. Only + top-level, non-repeated, simple-type fields are supported. When + you cluster a table using multiple columns, the order of columns + you specify is important. The order of the specified columns + determines the sort order of the data. + item_type: + type: String + - name: 'creationTime' + type: Integer + description: | + The time when this dataset was created, in milliseconds since the + epoch. + output: true + - name: 'description' + type: String + description: A user-friendly description of the dataset + - name: 'friendlyName' + type: String + description: A descriptive name for this table + - name: 'id' + type: String + description: 'An opaque ID uniquely identifying the table.' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + The labels associated with this dataset. You can use these to + organize and group your datasets + immutable: false + - name: 'lastModifiedTime' + type: Integer + description: | + The time when this table was last modified, in milliseconds since the + epoch. + output: true + - name: 'location' + type: String + description: | + The geographic location where the table resides. This value is + inherited from the dataset. + output: true + - name: 'name' + type: String + description: 'Name of the table' + - name: 'numBytes' + type: Integer + description: | + The size of this table in bytes, excluding any data in the streaming + buffer. + output: true + - name: 'numLongTermBytes' + type: Integer + description: | + The number of bytes in the table that are considered "long-term + storage". + output: true + - name: 'numRows' + type: Integer + description: | + The number of rows of data in this table, excluding any data in the + streaming buffer. + - name: 'requirePartitionFilter' + type: Boolean + description: | + If set to true, queries over this table require a partition filter + that can be used for partition elimination to be specified. + output: true + - name: 'type' + type: Enum + description: 'Describes the table type' + output: true + enum_values: + - 'TABLE' + - 'VIEW' + - 'EXTERNAL' + - name: 'view' + type: NestedObject + description: The view definition. + properties: + - name: 'useLegacySql' + type: Boolean + description: | + Specifies whether to use BigQuery's legacy SQL for this view + - name: 'userDefinedFunctionResources' + type: Array + description: | + Describes user-defined function resources used in the query. + item_type: + type: NestedObject + properties: + - name: 'inlineCode' + type: String + description: | + An inline resource that contains code for a user-defined + function (UDF). Providing a inline code resource is + equivalent to providing a URI for a file containing the + same code. + # TODO: Convert into cross-product ResourceRef + - name: 'resourceUri' + type: String + description: | + A code resource to load from a Google Cloud Storage URI + (gs://bucket/path). + - name: 'timePartitioning' + type: NestedObject + description: | + If specified, configures time-based partitioning for this table. + properties: + - name: 'expirationMs' + type: Integer + description: | + Number of milliseconds for which to keep the storage for a + partition. If unspecified when the table is created in a dataset + that has `defaultPartitionExpirationMs`, it will inherit + the value of `defaultPartitionExpirationMs` from the dataset. + To specify a unlimited expiration, set the value to 0. + - name: 'field' + type: String + description: | + If not set, the table is partitioned by pseudo column, + referenced via either '_PARTITIONTIME' as TIMESTAMP type, or + '_PARTITIONDATE' as DATE type. If field is specified, the table + is instead partitioned by this field. The field must be a + top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or + REQUIRED. + - name: 'type' + type: Enum + description: | + The only type supported is DAY, which will generate one partition + per day. + enum_values: + - 'DAY' + - name: 'streamingBuffer' + type: NestedObject + description: | + Contains information regarding this table's streaming buffer, if one + is present. This field will be absent if the table is not being + streamed to or if there is no data in the streaming buffer. + output: true + properties: + - name: 'estimatedBytes' + type: Integer + description: | + A lower-bound estimate of the number of bytes currently in the + streaming buffer. + output: true + - name: 'estimatedRows' + type: Integer + description: | + A lower-bound estimate of the number of rows currently in the + streaming buffer. + output: true + - name: 'oldestEntryTime' + type: Integer + description: | + Contains the timestamp of the oldest entry in the streaming + buffer, in milliseconds since the epoch, if the streaming buffer + is available. + output: true + - name: 'schema' + type: NestedObject + description: Describes the schema of this table + properties: + - name: 'fields' + type: Array + description: Describes the fields in a table. + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + The field description. The maximum length is 1,024 + characters. + - name: 'fields' + type: Array + description: | + Describes the nested schema fields if the type property is + set to RECORD. + item_type: + type: String + - name: 'mode' + type: Enum + description: The field mode + enum_values: + - 'NULLABLE' + - 'REQUIRED' + - 'REPEATED' + - name: 'name' + type: String + description: The field name + - name: 'type' + type: Enum + description: 'The field data type' + enum_values: + - 'STRING' + - 'BYTES' + - 'INTEGER' + - 'FLOAT' + - 'TIMESTAMP' + - 'DATE' + - 'TIME' + - 'DATETIME' + - 'RECORD' + - name: 'encryptionConfiguration' + type: NestedObject + description: Custom encryption configuration + properties: + - name: 'kmsKeyName' + type: String + description: | + Describes the Cloud KMS encryption key that will be used to + protect destination BigQuery table. The BigQuery Service Account + associated with your project requires access to this encryption + key. + - name: 'expirationTime' + type: Integer + description: | + The time when this table expires, in milliseconds since the epoch. If + not present, the table will persist indefinitely. + - name: 'externalDataConfiguration' + type: NestedObject + description: | + Describes the data format, location, and other properties of a table + stored outside of BigQuery. By defining these properties, the data + source can then be queried as if it were a standard BigQuery table. + properties: + - name: 'autodetect' + type: Boolean + description: | + Try to detect schema and format options automatically. Any option + specified explicitly will be honored. + - name: 'compression' + type: Enum + description: The compression type of the data source + enum_values: + - 'GZIP' + - 'NONE' + - name: 'ignoreUnknownValues' + type: Boolean + description: | + Indicates if BigQuery should allow extra values that are not + represented in the table schema + - name: 'maxBadRecords' + type: Integer + description: | + The maximum number of bad records that BigQuery can ignore when reading data + default_value: 0 + - name: 'sourceFormat' + type: Enum + description: The data format + enum_values: + - 'CSV' + - 'GOOGLE_SHEETS' + - 'NEWLINE_DELIMITED_JSON' + - 'AVRO' + - 'DATASTORE_BACKUP' + - 'BIGTABLE' + - 'ORC' + - 'PARQUET' + - 'ICEBERG' + - name: 'sourceUris' + type: Array + description: | + The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' + wildcard character and it must come after the 'bucket' name. Size + limits related to load jobs apply to external data sources. For + Google Cloud Bigtable URIs: Exactly one URI can be specified and it + has be a fully specified and valid HTTPS URL for a Google Cloud + Bigtable table. For Google Cloud Datastore backups, exactly one + URI can be specified. Also, the '\*' wildcard character is not + allowed. + item_type: + type: String + - name: 'schema' + type: NestedObject + description: + 'The schema for the data. Schema is required for CSV and JSON formats' + properties: + - name: 'fields' + type: Array + description: 'Describes the fields in a table.' + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: The field description + - name: 'fields' + type: Array + description: | + Describes the nested schema fields if the type property + is set to RECORD + item_type: + type: String + - name: 'mode' + type: Enum + description: Field mode. + enum_values: + - 'NULLABLE' + - 'REQUIRED' + - 'REPEATED' + - name: 'name' + type: String + description: Field name + - name: 'type' + type: Enum + description: Field data type + enum_values: + - 'STRING' + - 'BYTES' + - 'INTEGER' + - 'FLOAT' + - 'TIMESTAMP' + - 'DATE' + - 'TIME' + - 'DATETIME' + - 'RECORD' + - name: 'googleSheetsOptions' + type: NestedObject + description: + 'Additional options if sourceFormat is set to GOOGLE_SHEETS.' + properties: + - name: 'skipLeadingRows' + type: Integer + description: | + The number of rows at the top of a Google Sheet that BigQuery + will skip when reading the data. + default_value: 0 + - name: 'csvOptions' + type: NestedObject + description: Additional properties to set if sourceFormat is set to CSV. + properties: + - name: 'allowJaggedRows' + type: Boolean + description: | + Indicates if BigQuery should accept rows that are missing + trailing optional columns + - name: 'allowQuotedNewlines' + type: Boolean + description: | + Indicates if BigQuery should allow quoted data sections that + contain newline characters in a CSV file + - name: 'encoding' + type: Enum + description: 'The character encoding of the data' + enum_values: + - 'UTF-8' + - 'ISO-8859-1' + - name: 'fieldDelimiter' + type: String + description: 'The separator for fields in a CSV file' + - name: 'quote' + type: String + description: + 'The value that is used to quote data sections in a CSV file' + - name: 'skipLeadingRows' + type: Integer + description: | + The number of rows at the top of a CSV file that BigQuery + will skip when reading the data. + default_value: 0 + - name: 'bigtableOptions' + type: NestedObject + description: 'Additional options if sourceFormat is set to BIGTABLE.' + properties: + - name: 'ignoreUnspecifiedColumnFamilies' + type: Boolean + description: | + If field is true, then the column families that are not specified in + columnFamilies list are not exposed in the table schema + - name: 'readRowkeyAsString' + type: Boolean + description: | + If field is true, then the rowkey column families will be + read and converted to string. + - name: 'columnFamilies' + type: Array + description: | + List of column families to expose in the table schema along + with their types. + item_type: + type: NestedObject + properties: + - name: 'columns' + type: Array + description: | + Lists of columns that should be exposed as individual + fields as opposed to a list of (column name, value) pairs. + item_type: + type: NestedObject + properties: + - name: 'encoding' + type: Enum + description: + The encoding of the values when the type is not STRING + enum_values: + - 'TEXT' + - 'BINARY' + - name: 'fieldName' + type: String + description: | + If the qualifier is not a valid BigQuery field + identifier, a valid identifier must be provided as + the column field name and is used as field name in + queries. + - name: 'onlyReadLatest' + type: Boolean + description: | + If this is set, only the latest version of value in this column are exposed + - name: 'qualifierString' + type: String + description: Qualifier of the column + required: true + - name: 'type' + type: Enum + description: + The type to convert the value in cells of this column + enum_values: + - 'BYTES' + - 'STRING' + - 'INTEGER' + - 'FLOAT' + - 'BOOLEAN' + - name: 'encoding' + type: Enum + description: + The encoding of the values when the type is not STRING + enum_values: + - 'TEXT' + - 'BINARY' + - name: 'familyId' + type: String + description: Identifier of the column family. + - name: 'onlyReadLatest' + type: Boolean + description: | + If this is set only the latest version of value are + exposed for all columns in this column family + - name: 'type' + type: Enum + description: + The type to convert the value in cells of this column family + enum_values: + - 'BYTES' + - 'STRING' + - 'INTEGER' + - 'FLOAT' + - 'BOOLEAN' + - name: 'tableReplicationInfo' + type: NestedObject + description: | + Replication info of a table created using "AS REPLICA" DDL like: + `CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv`. + properties: + - name: 'sourceProjectId' + type: String + description: The ID of the source project. + required: true + - name: 'sourceDatasetId' + type: String + description: The ID of the source dataset. + required: true + - name: 'sourceTableId' + type: String + description: The ID of the source materialized view. + required: true + - name: 'replicationIntervalMs' + type: Integer + description: | + The interval at which the source materialized view is polled for updates. The default is + 300000. + default_value: 300000 + - name: 'resourceTags' + type: KeyValuePairs + description: | + The tags attached to this table. Tag keys are globally unique. Tag key is expected to be + in the namespaced format, for example "123456789012/environment" where 123456789012 is the + ID of the parent organization or project resource for this tag key. Tag value is expected + to be the short name, for example "Production". diff --git a/mmv1/products/bigquery/go_product.yaml b/mmv1/products/bigquery/go_product.yaml new file mode 100644 index 000000000000..804848d8e0f3 --- /dev/null +++ b/mmv1/products/bigquery/go_product.yaml @@ -0,0 +1,25 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BigQuery' +legacy_name: 'bigquery' +display_name: 'BigQuery' +versions: + - name: 'ga' + base_url: 'https://bigquery.googleapis.com/bigquery/v2/' + - name: 'beta' + base_url: 'https://bigquery.googleapis.com/bigquery/v2/' +scopes: + - 'https://www.googleapis.com/auth/bigquery' diff --git a/mmv1/products/bigqueryanalyticshub/go_DataExchange.yaml b/mmv1/products/bigqueryanalyticshub/go_DataExchange.yaml new file mode 100644 index 000000000000..0a1a3312ab59 --- /dev/null +++ b/mmv1/products/bigqueryanalyticshub/go_DataExchange.yaml @@ -0,0 +1,100 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DataExchange' +description: A Bigquery Analytics Hub data exchange +references: + guides: + 'Official Documentation': 'https://cloud.google.com/bigquery/docs/analytics-hub-introduction' + api: 'https://cloud.google.com/bigquery/docs/reference/analytics-hub/rest/v1/projects.locations.dataExchanges' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/dataExchanges' +self_link: 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/dataExchanges?data_exchange_id={{data_exchange_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}' + - '{{data_exchange_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'data_exchange_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}' + - '{{data_exchange_id}}' +custom_code: +examples: + - name: 'bigquery_analyticshub_data_exchange_basic' + primary_resource_id: 'data_exchange' + primary_resource_name: 'fmt.Sprintf("tf_test_my_data_exchange%s", context["random_suffix"])' + region_override: 'US' + vars: + data_exchange_id: 'my_data_exchange' + description: 'example data exchange' +parameters: +properties: + - name: 'name' + type: String + description: |- + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123" + output: true + - name: 'data_exchange_id' + type: String + description: |- + The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The name of the location this data exchange. + url_param_only: true + required: true + immutable: true + - name: 'displayName' + type: String + description: |- + Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces. + required: true + - name: 'description' + type: String + description: |- + Description of the data exchange. + - name: 'primaryContact' + type: String + description: |- + Email or URL of the primary point of contact of the data exchange. + - name: 'documentation' + type: String + description: |- + Documentation describing the data exchange. + - name: 'listingCount' + type: Integer + description: |- + Number of listings contained in the data exchange. + output: true + - name: 'icon' + type: String + description: |- + Base64 encoded image representing the data exchange. diff --git a/mmv1/products/bigqueryanalyticshub/go_Listing.yaml b/mmv1/products/bigqueryanalyticshub/go_Listing.yaml new file mode 100644 index 000000000000..47161cd592f2 --- /dev/null +++ b/mmv1/products/bigqueryanalyticshub/go_Listing.yaml @@ -0,0 +1,168 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Listing' +description: A Bigquery Analytics Hub data exchange listing +references: + guides: + 'Official Documentation': 'https://cloud.google.com/bigquery/docs/analytics-hub-introduction' + api: 'https://cloud.google.com/bigquery/docs/reference/analytics-hub/rest/v1/projects.locations.dataExchanges.listings' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings' +self_link: 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings?listing_id={{listing_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'listing_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}' + - '{{listing_id}}' +custom_code: +skip_sweeper: true +examples: + - name: 'bigquery_analyticshub_listing_basic' + primary_resource_id: 'listing' + primary_resource_name: 'fmt.Sprintf("tf_test_my_data_exchange%s", context["random_suffix"]), fmt.Sprintf("tf_test_my_listing%s", context["random_suffix"])' + region_override: 'US' + vars: + data_exchange_id: 'my_data_exchange' + listing_id: 'my_listing' + description: 'example data exchange' + - name: 'bigquery_analyticshub_listing_restricted' + primary_resource_id: 'listing' + primary_resource_name: 'fmt.Sprintf("tf_test_my_data_exchange%s", context["random_suffix"]), fmt.Sprintf("tf_test_my_listing%s", context["random_suffix"])' + region_override: 'US' + vars: + data_exchange_id: 'my_data_exchange' + listing_id: 'my_listing' + description: 'example data exchange' +parameters: +properties: + - name: 'name' + type: String + description: |- + The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456" + output: true + - name: 'data_exchange_id' + type: String + description: |- + The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + url_param_only: true + required: true + immutable: true + - name: 'listing_id' + type: String + description: |- + The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The name of the location this data exchange listing. + url_param_only: true + required: true + immutable: true + - name: 'displayName' + type: String + description: |- + Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (&) and can't start or end with spaces. + required: true + - name: 'description' + type: String + description: |- + Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF). + - name: 'primaryContact' + type: String + description: |- + Email or URL of the primary point of contact of the listing. + - name: 'documentation' + type: String + description: |- + Documentation describing the listing. + - name: 'icon' + type: String + description: |- + Base64 encoded image representing the listing. + - name: 'requestAccess' + type: String + description: |- + Email or URL of the request access of the listing. Subscribers can use this reference to request access. + - name: 'dataProvider' + type: NestedObject + description: Details of the data provider who owns the source data. + properties: + - name: 'name' + type: String + description: Name of the data provider. + required: true + - name: 'primaryContact' + type: String + description: Email or URL of the data provider. + - name: 'publisher' + type: NestedObject + description: + Details of the publisher who owns the listing and who can share the source + data. + properties: + - name: 'name' + type: String + description: Name of the listing publisher. + required: true + - name: 'primaryContact' + type: String + description: Email or URL of the listing publisher. + - name: 'categories' + type: Array + description: | + Categories of the listing. Up to two categories are allowed. + item_type: + type: String + - name: 'bigqueryDataset' + type: NestedObject + description: Shared dataset i.e. BigQuery dataset source. + required: true + properties: + - name: 'dataset' + type: String + description: + Resource name of the dataset source for this listing. e.g. + projects/myproject/datasets/123 + required: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'restrictedExportConfig' + type: NestedObject + description: If set, restricted export configuration will be propagated and enforced on the linked dataset. + properties: + - name: 'enabled' + type: Boolean + description: + If true, enable restricted export. + - name: 'restrictQueryResult' + type: Boolean + description: + If true, restrict export of query result derived from restricted linked dataset table. diff --git a/mmv1/products/bigqueryanalyticshub/go_product.yaml b/mmv1/products/bigqueryanalyticshub/go_product.yaml new file mode 100644 index 000000000000..3873b7aa7338 --- /dev/null +++ b/mmv1/products/bigqueryanalyticshub/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BigqueryAnalyticsHub' +display_name: 'Bigquery Analytics Hub' +versions: + - name: 'beta' + base_url: 'https://analyticshub.googleapis.com/v1beta1/' + - name: 'ga' + base_url: 'https://analyticshub.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/bigqueryconnection/go_Connection.yaml b/mmv1/products/bigqueryconnection/go_Connection.yaml new file mode 100644 index 000000000000..2ec68a1d7d0a --- /dev/null +++ b/mmv1/products/bigqueryconnection/go_Connection.yaml @@ -0,0 +1,408 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Connection' +description: | + A connection allows BigQuery connections to external data sources.. +references: + guides: + 'Cloud SQL federated queries': 'https://cloud.google.com/bigquery/docs/cloud-sql-federated-queries' + api: 'https://cloud.google.com/bigquery/docs/reference/bigqueryconnection/rest/v1/projects.locations.connections/create' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/connections' +self_link: 'projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/connections?connectionId={{connection_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' + - '{{project}}/{{location}}/{{connection_id}}' + - '{{location}}/{{connection_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'connection_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' + - '{{connection_id}}' +custom_code: + encoder: 'templates/terraform/encoders/go/bigquery_connection.go.tmpl' + post_create: 'templates/terraform/post_create/go/bigquery_connection_id.go.tmpl' +examples: + - name: 'bigquery_connection_cloud_resource' + primary_resource_id: 'connection' + primary_resource_name: 'fmt.Sprintf("tf-test-my-connection%s", context["random_suffix"])' + region_override: 'US' + vars: + connection_id: 'my-connection' + external_providers: ["random", "time"] + - name: 'bigquery_connection_basic' + primary_resource_id: 'connection' + vars: + database_instance_name: 'my-database-instance' + username: 'user' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'cloud_sql.0.credential' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'bigquery_connection_full' + primary_resource_id: 'connection' + vars: + database_instance_name: 'my-database-instance' + username: 'user' + connection_id: 'my-connection' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'cloud_sql.0.credential' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'bigquery_connection_aws' + primary_resource_id: 'connection' + vars: + connection_id: 'my-connection' + iam_role_id: 'arn:aws:iam::999999999999:role/omnirole' + external_providers: ["random", "time"] + - name: 'bigquery_connection_azure' + primary_resource_id: 'connection' + vars: + connection_id: 'my-connection' + customer_tenant_id: 'customer-tenant-id' + federated_application_client_id: 'b43eeeee-eeee-eeee-eeee-a480155501ce' + external_providers: ["random", "time"] + - name: 'bigquery_connection_cloudspanner' + primary_resource_id: 'connection' + vars: + connection_id: 'my-connection' + database: 'projects/project/instances/instance/databases/database' + database_role: 'database_role' + external_providers: ["random", "time"] + - name: 'bigquery_connection_cloudspanner_databoost' + primary_resource_id: 'connection' + vars: + connection_id: 'my-connection' + database: 'projects/project/instances/instance/databases/database' + external_providers: ["random", "time"] + - name: 'bigquery_connection_spark' + primary_resource_id: 'connection' + region_override: 'US' + vars: + connection_id: 'my-connection' + - name: 'bigquery_connection_kms' + primary_resource_id: 'bq-connection-cmek' + vars: + database_instance_name: 'my-database-instance' + username: 'user' + deletion_protection: 'true' + kms_key_name: 'projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key' + test_vars_overrides: + 'deletion_protection': 'false' + 'kms_key_name': 'acctest.BootstrapKMSKey(t).CryptoKey.Name' + 'policyChanged': 'acctest.BootstrapPSARole(t, "bq-", "bigquery-encryption", "roles/cloudkms.cryptoKeyEncrypterDecrypter")' + ignore_read_extra: + - 'cloud_sql.0.credential' +parameters: +properties: + - name: 'name' + type: String + description: |- + The resource name of the connection in the form of: + "projects/{project_id}/locations/{location_id}/connections/{connectionId}" + output: true + - name: 'connection_id' + type: String + description: | + Optional connection id that should be assigned to the created connection. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/id_from_name.tmpl' + - name: 'location' + type: String + description: |- + The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2 + url_param_only: true + required: false + immutable: true + - name: 'friendlyName' + type: String + description: A descriptive name for the connection + - name: 'description' + type: String + description: A descriptive description for the connection + - name: 'hasCredential' + type: Boolean + description: | + True if the connection has credential assigned. + output: true + - name: 'kmsKeyName' + type: String + description: | + Optional. The Cloud KMS key that is used for encryption. + + Example: projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + - name: 'cloudSql' + type: NestedObject + description: Connection properties specific to the Cloud SQL. + exactly_one_of: + - 'cloud_sql' + - 'aws' + - 'azure' + - 'cloud_spanner' + - 'cloud_resource' + - 'spark' + properties: + - name: 'instanceId' + type: String + description: + Cloud SQL instance ID in the form project:location:instance. + required: true + - name: 'database' + type: String + description: Database name. + required: true + - name: 'credential' + type: NestedObject + description: Cloud SQL properties. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/bigquery_connection_flatten.go.tmpl' + properties: + - name: 'username' + type: String + description: Username for database. + required: true + - name: 'password' + type: String + description: Password for database. + required: true + sensitive: true + - name: 'type' + type: Enum + description: Type of the Cloud SQL database. + required: true + enum_values: + - 'DATABASE_TYPE_UNSPECIFIED' + - 'POSTGRES' + - 'MYSQL' + - name: 'serviceAccountId' + type: String + description: + When the connection is used in the context of an operation in + BigQuery, this service account will serve as the identity being used + for connecting to the CloudSQL instance specified in this connection. + output: true + - name: 'aws' + type: NestedObject + description: Connection properties specific to Amazon Web Services. + update_mask_fields: + - 'aws.access_role.iam_role_id' + exactly_one_of: + - 'cloud_sql' + - 'aws' + - 'azure' + - 'cloud_spanner' + - 'cloud_resource' + - 'spark' + properties: + - name: 'accessRole' + type: NestedObject + description: + Authentication using Google owned service account to assume into + customer's AWS IAM Role. + required: true + properties: + - name: 'iamRoleId' + type: String + description: + The user’s AWS IAM Role that trusts the Google-owned AWS IAM user + Connection. + required: true + - name: 'identity' + type: String + description: + A unique Google-owned and Google-generated identity for the + Connection. This identity will be used to access the user's AWS + IAM Role. + output: true + - name: 'azure' + type: NestedObject + description: Container for connection properties specific to Azure. + update_mask_fields: + - 'azure.customer_tenant_id' + - 'azure.federated_application_client_id' + exactly_one_of: + - 'cloud_sql' + - 'aws' + - 'azure' + - 'cloud_spanner' + - 'cloud_resource' + - 'spark' + properties: + - name: 'application' + type: String + description: The name of the Azure Active Directory Application. + output: true + - name: 'clientId' + type: String + description: The client id of the Azure Active Directory Application. + output: true + - name: 'objectId' + type: String + description: The object id of the Azure Active Directory Application. + output: true + - name: 'customerTenantId' + type: String + description: The id of customer's directory that host the data. + required: true + - name: 'federatedApplicationClientId' + type: String + description: + The Azure Application (client) ID where the federated credentials will + be hosted. + - name: 'redirectUri' + type: String + description: + The URL user will be redirected to after granting consent during + connection setup. + output: true + - name: 'identity' + type: String + description: + A unique Google-owned and Google-generated identity for the + Connection. This identity will be used to access the user's Azure + Active Directory Application. + output: true + - name: 'cloudSpanner' + type: NestedObject + description: Connection properties specific to Cloud Spanner + exactly_one_of: + - 'cloud_sql' + - 'aws' + - 'azure' + - 'cloud_spanner' + - 'cloud_resource' + - 'spark' + properties: + - name: 'database' + type: String + description: + Cloud Spanner database in the form `project/instance/database'. + required: true + - name: 'useParallelism' + type: Boolean + description: + If parallelism should be used when reading from Cloud Spanner. + - name: 'maxParallelism' + type: Integer + description: + Allows setting max parallelism per query when executing on Spanner independent compute + resources. If unspecified, default values of parallelism are chosen that are dependent on + the Cloud Spanner instance configuration. `useParallelism` and `useDataBoost` must be set + when setting max parallelism. + required_with: + - 'cloudSpanner.0.useDataBoost' + - 'cloudSpanner.0.useParallelism' + - name: 'useDataBoost' + type: Boolean + description: + If set, the request will be executed via Spanner independent compute resources. + `use_parallelism` must be set when using data boost. + required_with: + - 'cloudSpanner.0.useParallelism' + - name: 'databaseRole' + type: String + description: + Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin + should have provisioned the database role with appropriate permissions, such as `SELECT` + and `INSERT`. Other users should only use roles provided by their Cloud Spanner admins. + The database role name must start with a letter, and can only contain letters, numbers, + and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + validation: + regex: '^[a-zA-Z][a-zA-Z0-9_]*$' + - name: 'useServerlessAnalytics' + type: Boolean + description: + If the serverless analytics service should be used to read data from + Cloud Spanner. `useParallelism` must be set when using serverless + analytics. + deprecation_message: '`useServerlessAnalytics` is deprecated and will be removed in a future major release. Use `useDataBoost` instead.' + - name: 'cloudResource' + type: NestedObject + description: + Container for connection properties for delegation of access to GCP + resources. + send_empty_value: true + exactly_one_of: + - 'cloud_sql' + - 'aws' + - 'azure' + - 'cloud_spanner' + - 'cloud_resource' + - 'spark' + properties: + - name: 'serviceAccountId' + type: String + description: + The account ID of the service created for the purpose of this + connection. + output: true + - name: 'spark' + type: NestedObject + description: Container for connection properties to execute stored procedures for Apache Spark. + resources. + send_empty_value: true + exactly_one_of: + - 'cloud_sql' + - 'aws' + - 'azure' + - 'cloud_spanner' + - 'cloud_resource' + - 'spark' + properties: + - name: 'serviceAccountId' + type: String + description: The account ID of the service created for the purpose of this + connection. + output: true + - name: 'metastoreServiceConfig' + type: NestedObject + description: Dataproc Metastore Service configuration for the connection. + properties: + - name: 'metastoreService' + type: String + description: Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + - name: 'sparkHistoryServerConfig' + type: NestedObject + description: Spark History Server configuration for the connection. + properties: + - name: 'dataprocCluster' + type: String + description: Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. diff --git a/mmv1/products/bigqueryconnection/go_product.yaml b/mmv1/products/bigqueryconnection/go_product.yaml new file mode 100644 index 000000000000..60e682e90d8c --- /dev/null +++ b/mmv1/products/bigqueryconnection/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BigqueryConnection' +legacy_name: 'bigquery' +display_name: 'BigQuery Connection' +versions: + - name: 'ga' + base_url: 'https://bigqueryconnection.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/bigquery' diff --git a/mmv1/products/bigquerydatapolicy/go_DataPolicy.yaml b/mmv1/products/bigquerydatapolicy/go_DataPolicy.yaml new file mode 100644 index 000000000000..4c879f4216c7 --- /dev/null +++ b/mmv1/products/bigquerydatapolicy/go_DataPolicy.yaml @@ -0,0 +1,121 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DataPolicy' +description: A BigQuery Data Policy +references: + guides: + 'Official Documentation': 'https://cloud.google.com/bigquery/docs/column-data-masking-intro' + api: 'https://cloud.google.com/bigquery/docs/reference/bigquerydatapolicy/rest/v1beta1/projects.locations.dataPolicies/create' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/dataPolicies' +self_link: 'projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/dataPolicies' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}' + - '{{project}}/{{location}}/{{data_policy_id}}' + - '{{location}}/{{data_policy_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'data_policy_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}' + - '{{data_policy_id}}' +custom_code: +examples: + - name: 'bigquery_datapolicy_data_policy_basic' + primary_resource_id: 'data_policy' + primary_resource_name: 'fmt.Sprintf("tf_test_data_policy%s", context["random_suffix"])' + vars: + data_policy_id: 'data_policy' + taxonomy: 'taxonomy' + - name: 'bigquery_datapolicy_data_policy_routine' + primary_resource_id: 'data_policy' + primary_resource_name: 'fmt.Sprintf("tf_test_data_policy%s", context["random_suffix"])' + vars: + data_policy_id: 'data_policy' + taxonomy: 'taxonomy' + dataset_id: 'dataset_id' +parameters: +properties: + - name: 'name' + type: String + description: |- + Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + output: true + - name: 'dataPolicyId' + type: String + description: |- + User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. + required: true + immutable: true + - name: 'location' + type: String + description: | + The name of the location of the data policy. + url_param_only: true + required: true + immutable: true + - name: 'policyTag' + type: String + description: |- + Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + required: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'dataPolicyType' + type: Enum + description: | + The enrollment level of the service. + required: true + enum_values: + - 'COLUMN_LEVEL_SECURITY_POLICY' + - 'DATA_MASKING_POLICY' + - name: 'dataMaskingPolicy' + type: NestedObject + description: | + The data masking policy that specifies the data masking rule to use. + properties: + - name: 'predefinedExpression' + type: Enum + description: |- + The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + exactly_one_of: + - 'data_masking_policy.0.predefined_expression' + - 'data_masking_policy.0.routine' + enum_values: + - 'SHA256' + - 'ALWAYS_NULL' + - 'DEFAULT_MASKING_VALUE' + - 'LAST_FOUR_CHARACTERS' + - 'FIRST_FOUR_CHARACTERS' + - 'EMAIL_MASK' + - 'DATE_YEAR_MASK' + - name: 'routine' + type: String + description: |- + The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}. + exactly_one_of: + - 'data_masking_policy.0.predefined_expression' + - 'data_masking_policy.0.routine' + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' diff --git a/mmv1/products/bigquerydatapolicy/go_product.yaml b/mmv1/products/bigquerydatapolicy/go_product.yaml new file mode 100644 index 000000000000..4ce6adf2e5b2 --- /dev/null +++ b/mmv1/products/bigquerydatapolicy/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BigqueryDatapolicy' +display_name: 'BigQuery Data Policy' +versions: + - name: 'beta' + base_url: 'https://bigquerydatapolicy.googleapis.com/v1/' + - name: 'ga' + base_url: 'https://bigquerydatapolicy.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/bigquerydatatransfer/go_Config.yaml b/mmv1/products/bigquerydatatransfer/go_Config.yaml new file mode 100644 index 000000000000..0e086afe91b4 --- /dev/null +++ b/mmv1/products/bigquerydatatransfer/go_Config.yaml @@ -0,0 +1,207 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Config' +description: | + Represents a data transfer configuration. A transfer configuration + contains all metadata needed to perform a data transfer. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/bigquery/docs/reference/datatransfer/rest/' + api: 'https://cloud.google.com/bigquery/docs/reference/datatransfer/rest/v1/projects.locations.transferConfigs/create' +docs: +id_format: '{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/transferConfigs?serviceAccountName={{service_account_name}}' +self_link: '{{name}}' +update_url: '{{name}}?serviceAccountName={{service_account_name}}' +update_verb: 'PATCH' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/bigquery_data_transfer.go.tmpl' + encoder: 'templates/terraform/encoders/go/bigquery_data_transfer.go.tmpl' + decoder: 'templates/terraform/decoders/go/bigquery_data_transfer.go.tmpl' + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + pre_update: 'templates/terraform/pre_update/go/bigquerydatatransfer_config.tmpl' + custom_import: 'templates/terraform/custom_import/go/bigquery_data_transfer_self_link_as_name_set_location.go.tmpl' +custom_diff: + - 'sensitiveParamCustomizeDiff' + - 'paramsCustomizeDiff' +error_retry_predicates: + + - 'transport_tpg.IamMemberMissing' +examples: + - name: 'bigquerydatatransfer_config_scheduled_query' + primary_resource_id: 'query_config' + vars: + display_name: 'my-query' + dataset_id: 'my_dataset' + skip_test: true +parameters: + - name: 'location' + type: String + description: | + The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + url_param_only: true + immutable: true + ignore_read: true + default_value: "US" + - name: 'serviceAccountName' + type: String + description: | + Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. + url_param_only: true + default_value: "" +properties: + - name: 'displayName' + type: String + description: | + The user specified display name for the transfer config. + required: true + - name: 'name' + type: String + description: | + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId} + or projects/{projectId}/transferConfigs/{configId}, + where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. + output: true + - name: 'destinationDatasetId' + type: String + description: | + The BigQuery target dataset id. + - name: 'dataSourceId' + type: String + description: | + The data source id. Cannot be changed once the transfer config is created. + required: true + immutable: true + - name: 'schedule' + type: String + description: | + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: The minimum interval time between recurring transfers depends + on the data source; refer to the documentation for your data source. + - name: 'scheduleOptions' + type: NestedObject + description: | + Options customizing the data transfer schedule. + properties: + - name: 'disableAutoScheduling' + type: Boolean + description: | + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + at_least_one_of: + - 'schedule_options.0.disable_auto_scheduling' + - 'schedule_options.0.start_time' + - 'schedule_options.0.end_time' + - name: 'startTime' + type: Time + description: | + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + at_least_one_of: + - 'schedule_options.0.disable_auto_scheduling' + - 'schedule_options.0.start_time' + - 'schedule_options.0.end_time' + - name: 'endTime' + type: Time + description: | + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + at_least_one_of: + - 'schedule_options.0.disable_auto_scheduling' + - 'schedule_options.0.start_time' + - 'schedule_options.0.end_time' + - name: 'emailPreferences' + type: NestedObject + description: | + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + - name: 'enableFailureEmail' + type: Boolean + description: | + If true, email notifications will be sent on transfer run failures. + required: true + - name: 'notificationPubsubTopic' + type: String + description: | + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. + - name: 'dataRefreshWindowDays' + type: Integer + description: | + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + - name: 'disabled' + type: Boolean + description: | + When set to true, no runs are scheduled for a given transfer. + - name: 'params' + type: KeyValuePairs + description: | + Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer' + section for each data source. For example the parameters for Cloud Storage transfers are listed here: + https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq + + **NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources). + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/json_to_string_map.go.tmpl' + - name: 'sensitiveParams' + type: NestedObject + description: | + Different parameters are configured primarily using the the `params` field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the `params` map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + url_param_only: true + properties: + - name: 'secretAccessKey' + type: String + description: | + The Secret Access Key of the AWS account transferring data from. + + required: true + sensitive: true diff --git a/mmv1/products/bigquerydatatransfer/go_product.yaml b/mmv1/products/bigquerydatatransfer/go_product.yaml new file mode 100644 index 000000000000..da6899681aa6 --- /dev/null +++ b/mmv1/products/bigquerydatatransfer/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BigqueryDataTransfer' +display_name: 'BigQuery Data Transfer' +versions: + - name: 'ga' + base_url: 'https://bigquerydatatransfer.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/bigquery' diff --git a/mmv1/products/bigqueryreservation/Reservation.yaml b/mmv1/products/bigqueryreservation/Reservation.yaml index fcd522017481..5bf8986eee48 100644 --- a/mmv1/products/bigqueryreservation/Reservation.yaml +++ b/mmv1/products/bigqueryreservation/Reservation.yaml @@ -70,6 +70,7 @@ properties: description: | Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. + deprecation_message: "`multi_region_auxiliary` is deprecated and will be removed in a future major release. This field is no longer supported by the BigQuery Reservation API." - !ruby/object:Api::Type::String name: 'edition' immutable: true diff --git a/mmv1/products/bigqueryreservation/ReservationAssignment.yaml b/mmv1/products/bigqueryreservation/ReservationAssignment.yaml new file mode 100644 index 000000000000..b4d077bdc1ff --- /dev/null +++ b/mmv1/products/bigqueryreservation/ReservationAssignment.yaml @@ -0,0 +1,90 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: ReservationAssignment +base_url: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments' +create_url: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments' +self_link: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments' +delete_url: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' +id_format: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' +import_format: + [ + 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}', + ] +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - assignments +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Work with reservation assignments': 'https://cloud.google.com/bigquery/docs/reservations-assignments' + api: 'https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/projects.locations.reservations.assignments' +legacy_long_form_project: true +description: | + The BigqueryReservation Assignment resource. +immutable: true +custom_code: !ruby/object:Provider::Terraform::CustomCode + pre_create: templates/terraform/pre_create/bigquery_reservation_assignment.go.erb +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'bigquery_reservation_assignment_basic' + primary_resource_id: 'assignment' + vars: + reservation_name: "example-reservation" + test_env_vars: + project: :PROJECT_NAME + - !ruby/object:Provider::Terraform::Examples + name: 'bigquery_reservation_assignment_full' + primary_resource_id: 'assignment' + skip_docs: true + vars: + reservation_name: "example-reservation" + test_env_vars: + project: :PROJECT_NAME +parameters: + - !ruby/object:Api::Type::String + name: location + description: The location for the resource + url_param_only: true + immutable: true + default_from_api: true + - !ruby/object:Api::Type::ResourceRef + name: reservation + resource: reservation + imports: name + description: The reservation for the resource + url_param_only: true + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: name + description: Output only. The resource name of the assignment. + output: true + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + - !ruby/object:Api::Type::String + name: assignee + description: The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::String + name: jobType + description: | + Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY + required: true + - !ruby/object:Api::Type::String + name: state + description: | + Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. + Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE + output: true diff --git a/mmv1/products/bigqueryreservation/go_BiReservation.yaml b/mmv1/products/bigqueryreservation/go_BiReservation.yaml new file mode 100644 index 000000000000..98fd71e4b7bb --- /dev/null +++ b/mmv1/products/bigqueryreservation/go_BiReservation.yaml @@ -0,0 +1,92 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BiReservation' +description: | + Represents a BI Reservation. +references: + guides: + 'Introduction to Reservations': 'https://cloud.google.com/bigquery/docs/reservations-intro' + api: 'https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/BiReservation' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/biReservation' +self_link: 'projects/{{project}}/locations/{{location}}/biReservation' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/biReservation' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_bigquery_bi_reservation.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/bigquery_bi_reservation.go.tmpl' +examples: + - name: 'bigquery_reservation_bi_reservation_basic' + primary_resource_id: 'reservation' + external_providers: ["random", "time"] + - name: 'bigquery_reservation_bi_reservation_full' + primary_resource_id: 'reservation' + test_env_vars: + project: 'PROJECT_NAME' + external_providers: ["random", "time"] + skip_docs: true +parameters: + - name: 'location' + type: String + description: | + LOCATION_DESCRIPTION + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the singleton BI reservation. Reservation names have the form `projects/{projectId}/locations/{locationId}/biReservation`. + output: true + - name: 'updateTime' + type: Time + description: | + The last update timestamp of a reservation. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'size' + type: Integer + description: | + Size of a reservation, in bytes. + - name: 'preferredTables' + type: Array + description: | + Preferred tables to use BI capacity for. + item_type: + type: NestedObject + properties: + - name: 'projectId' + type: String + description: | + The assigned project ID of the project. + - name: 'datasetId' + type: String + description: | + The ID of the dataset in the above project. + - name: 'tableId' + type: String + description: | + The ID of the table in the above dataset. diff --git a/mmv1/products/bigqueryreservation/go_CapacityCommitment.yaml b/mmv1/products/bigqueryreservation/go_CapacityCommitment.yaml new file mode 100644 index 000000000000..87e8daa83042 --- /dev/null +++ b/mmv1/products/bigqueryreservation/go_CapacityCommitment.yaml @@ -0,0 +1,117 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CapacityCommitment' +description: | + Capacity commitment is a way to purchase compute capacity for BigQuery jobs (in the form of slots) with some committed period of usage. Annual commitments renew by default. Commitments can be removed after their commitment end time passes. + + In order to remove annual commitment, its plan needs to be changed to monthly or flex first. +references: + guides: + 'Introduction to Reservations': 'https://cloud.google.com/bigquery/docs/reservations-intro' + api: 'https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/projects.locations.capacityCommitments' +docs: +id_format: '{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/capacityCommitments' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/capacityCommitments?capacityCommitmentId={{capacity_commitment_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/capacityCommitments/{{capacity_commitment_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/bigquery_reservation_capacity_commitment.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/bigquery_reservation_capacity_commitment_set_id.go.tmpl' +examples: + - name: 'bigquery_reservation_capacity_commitment_basic' + primary_resource_id: 'commitment' + external_providers: ["random", "time"] + skip_docs: true + - name: 'bigquery_reservation_capacity_commitment_no_id' + primary_resource_id: 'commitment' + external_providers: ["random", "time"] + skip_docs: true + - name: 'bigquery_reservation_capacity_commitment_docs' + skip_test: true +parameters: + - name: 'capacityCommitmentId' + type: String + description: | + The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is + empty. This field must only contain lower case alphanumeric characters or dashes. The first and last character + cannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split + or merged. + url_param_only: true + immutable: true + - name: 'location' + type: String + description: | + The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + url_param_only: true + immutable: true + default_value: "US" + - name: 'enforceSingleAdminProjectPerOrg' + type: String + description: | + If true, fail the request if another project in the organization has a capacity commitment. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123 + output: true + - name: 'slotCount' + type: Integer + description: | + Number of slots in this commitment. + required: true + immutable: true + - name: 'plan' + type: String + description: | + Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan + required: true + diff_suppress_func: 'bigqueryReservationCapacityCommitmentPlanDiffSuppressFunc' + - name: 'state' + type: String + description: | + State of the commitment + output: true + - name: 'commitmentStartTime' + type: Time + description: | + The start of the current commitment period. It is applicable only for ACTIVE capacity commitments. + output: true + - name: 'commitmentEndTime' + type: Time + description: | + The start of the current commitment period. It is applicable only for ACTIVE capacity commitments. + output: true + - name: 'renewalPlan' + type: String + description: | + The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans. + - name: 'edition' + type: String + description: | + The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS + immutable: true diff --git a/mmv1/products/bigqueryreservation/go_Reservation.yaml b/mmv1/products/bigqueryreservation/go_Reservation.yaml new file mode 100644 index 000000000000..ba0d8f27d598 --- /dev/null +++ b/mmv1/products/bigqueryreservation/go_Reservation.yaml @@ -0,0 +1,98 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Reservation' +description: | + A reservation is a mechanism used to guarantee BigQuery slots to users. +references: + guides: + 'Introduction to Reservations': 'https://cloud.google.com/bigquery/docs/reservations-intro' + api: 'https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/projects.locations.reservations/create' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/reservations' +create_url: 'projects/{{project}}/locations/{{location}}/reservations?reservationId={{name}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +skip_sweeper: true +examples: + - name: 'bigquery_reservation_basic' + primary_resource_id: 'reservation' + vars: + name: 'my-reservation' +parameters: + - name: 'location' + type: String + description: | + The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + url_param_only: true + immutable: true + default_value: "US" + - name: 'name' + type: String + description: | + The name of the reservation. This field must only contain alphanumeric characters or dash. + url_param_only: true + required: true + immutable: true +properties: + - name: 'slotCapacity' + type: Integer + description: | + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + required: true + - name: 'ignoreIdleSlots' + type: Boolean + description: | + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + default_value: false + - name: 'concurrency' + type: Integer + description: | + Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size. + default_value: 0 + - name: 'multiRegionAuxiliary' + type: Boolean + description: | + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. + - name: 'edition' + type: String + description: | + The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS + immutable: true + default_from_api: true + - name: 'autoscale' + type: NestedObject + description: | + The configuration parameters for the auto scaling feature. + properties: + - name: 'currentSlots' + type: Integer + description: | + The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots]. + output: true + - name: 'maxSlots' + type: Integer + description: | + Number of slots to be scaled when needed. diff --git a/mmv1/products/bigqueryreservation/go_ReservationAssignment.yaml b/mmv1/products/bigqueryreservation/go_ReservationAssignment.yaml new file mode 100644 index 000000000000..3ff6b78561e1 --- /dev/null +++ b/mmv1/products/bigqueryreservation/go_ReservationAssignment.yaml @@ -0,0 +1,94 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ReservationAssignment' +description: | + The BigqueryReservation Assignment resource. +references: + guides: + 'Work with reservation assignments': 'https://cloud.google.com/bigquery/docs/reservations-assignments' + api: 'https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/projects.locations.reservations.assignments' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments' +self_link: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments' +create_url: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments' +delete_url: 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' +immutable: true +import_format: + - 'projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +nested_query: + keys: + - assignments + is_list_of_ids: false + modify_by_patch: false +custom_code: + pre_create: 'templates/terraform/pre_create/go/bigquery_reservation_assignment.go.tmpl' +legacy_long_form_project: true +examples: + - name: 'bigquery_reservation_assignment_basic' + primary_resource_id: 'assignment' + vars: + reservation_name: 'example-reservation' + test_env_vars: + project: 'PROJECT_NAME' + - name: 'bigquery_reservation_assignment_full' + primary_resource_id: 'assignment' + vars: + reservation_name: 'example-reservation' + test_env_vars: + project: 'PROJECT_NAME' + skip_docs: true +parameters: + - name: 'location' + type: String + description: The location for the resource + url_param_only: true + immutable: true + default_from_api: true + - name: 'reservation' + type: ResourceRef + description: The reservation for the resource + url_param_only: true + required: true + immutable: true + resource: 'reservation' + imports: 'name' +properties: + - name: 'name' + type: String + description: Output only. The resource name of the assignment. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'assignee' + type: String + description: The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'jobType' + type: String + description: | + Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY + required: true + - name: 'state' + type: String + description: | + Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. + Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE + output: true diff --git a/mmv1/products/bigqueryreservation/go_product.yaml b/mmv1/products/bigqueryreservation/go_product.yaml new file mode 100644 index 000000000000..dd481356523f --- /dev/null +++ b/mmv1/products/bigqueryreservation/go_product.yaml @@ -0,0 +1,25 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BigqueryReservation' +legacy_name: 'bigquery' +display_name: 'BigQuery Reservation' +versions: + - name: 'beta' + base_url: 'https://bigqueryreservation.googleapis.com/v1/' + - name: 'ga' + base_url: 'https://bigqueryreservation.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/bigquery' diff --git a/mmv1/products/bigtable/go_AppProfile.yaml b/mmv1/products/bigtable/go_AppProfile.yaml new file mode 100644 index 000000000000..e1c69656545a --- /dev/null +++ b/mmv1/products/bigtable/go_AppProfile.yaml @@ -0,0 +1,163 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AppProfile' +kind: 'bigtable#appProfile' +description: | + App profile is a configuration object describing how Cloud Bigtable should treat traffic from a particular end user application. +references: + guides: + api: 'https://cloud.google.com/bigtable/docs/reference/admin/rest/v2/projects.instances.appProfiles' +docs: +id_format: 'projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}' +base_url: 'projects/{{project}}/instances/{{instance}}/appProfiles?appProfileId={{app_profile_id}}' +self_link: 'projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}' +create_url: 'projects/{{project}}/instances/{{instance}}/appProfiles?appProfileId={{app_profile_id}}&ignoreWarnings={{ignore_warnings}}' +update_url: 'projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}?ignoreWarnings={{ignore_warnings}}' +update_verb: 'PATCH' +update_mask: true +delete_url: 'projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}?ignoreWarnings={{ignore_warnings}}' +import_format: + - 'projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/bigtable_app_profile.go.tmpl' + encoder: 'templates/terraform/encoders/go/bigtable_app_profile.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/bigtable_app_profile.go.tmpl' +skip_sweeper: true +examples: + - name: 'bigtable_app_profile_anycluster' + primary_resource_id: 'ap' + vars: + instance_name: 'bt-instance' + app_profile_name: 'bt-profile' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'ignore_warnings' + skip_vcr: true + - name: 'bigtable_app_profile_singlecluster' + primary_resource_id: 'ap' + vars: + instance_name: 'bt-instance' + app_profile_name: 'bt-profile' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'ignore_warnings' + skip_vcr: true + - name: 'bigtable_app_profile_multicluster' + primary_resource_id: 'ap' + vars: + instance_name: 'bt-instance' + app_profile_name: 'bt-profile' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'ignore_warnings' + skip_vcr: true + - name: 'bigtable_app_profile_priority' + primary_resource_id: 'ap' + vars: + instance_name: 'bt-instance' + app_profile_name: 'bt-profile' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'ignore_warnings' + skip_vcr: true +parameters: + - name: 'appProfileId' + type: String + description: + 'The unique name of the app profile in the form + `[_a-zA-Z0-9][-_.a-zA-Z0-9]*`.' + url_param_only: true + required: true + immutable: true + - name: 'instance' + type: String + description: 'The name of the instance to create the app profile within.' + url_param_only: true + immutable: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + - name: 'ignoreWarnings' + type: Boolean + description: + 'If true, ignore safety checks when deleting/updating the app profile.' + url_param_only: true + default_value: false +properties: + - name: 'name' + type: String + description: + 'The unique name of the requested app profile. Values are of the form + `projects//instances//appProfiles/`.' + output: true + - name: 'description' + type: String + description: | + Long form description of the use case for this app profile. + - name: 'multiClusterRoutingUseAny' + type: Boolean + description: | + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + exactly_one_of: + - 'single_cluster_routing' + - 'multi_cluster_routing_use_any' + custom_flatten: 'templates/terraform/custom_flatten/go/bigtable_app_profile_routing.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bigtable_app_profile_routing.tmpl' + - name: 'singleClusterRouting' + type: NestedObject + description: | + Use a single-cluster routing policy. + exactly_one_of: + - 'single_cluster_routing' + - 'multi_cluster_routing_use_any' + properties: + - name: 'clusterId' + type: String + description: | + The cluster to which read/write requests should be routed. + required: true + - name: 'allowTransactionalWrites' + type: Boolean + description: | + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + - name: 'standardIsolation' + type: NestedObject + description: | + The standard options used for isolating this app profile's traffic from other use cases. + default_from_api: true + properties: + - name: 'priority' + type: Enum + description: | + The priority of requests sent using this app profile. + required: true + enum_values: + - 'PRIORITY_LOW' + - 'PRIORITY_MEDIUM' + - 'PRIORITY_HIGH' diff --git a/mmv1/products/bigtable/go_product.yaml b/mmv1/products/bigtable/go_product.yaml new file mode 100644 index 000000000000..60e5015db2c0 --- /dev/null +++ b/mmv1/products/bigtable/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Bigtable' +display_name: 'Cloud Bigtable' +versions: + - name: 'ga' + base_url: 'https://bigtableadmin.googleapis.com/v2/' +scopes: + - 'https://www.googleapis.com/auth/bigtable' diff --git a/mmv1/products/billing/go_ProjectInfo.yaml b/mmv1/products/billing/go_ProjectInfo.yaml new file mode 100644 index 000000000000..e837e0beb82e --- /dev/null +++ b/mmv1/products/billing/go_ProjectInfo.yaml @@ -0,0 +1,54 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectInfo' +description: | + Billing information for a project. +references: + guides: + 'Enable, disable, or change billing for a project': 'https://cloud.google.com/billing/docs/how-to/modify-project' + api: 'https://cloud.google.com/billing/docs/reference/rest/v1/projects' +docs: +id_format: 'projects/{{project}}/billingInfo' +base_url: 'projects/{{project}}/billingInfo' +create_verb: 'PUT' +delete_verb: 'PUT' +import_format: + - 'projects/{{%project}}' + - '{{%project}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + encoder: 'templates/terraform/encoders/go/billing_project_info.go.tmpl' + decoder: 'templates/terraform/decoders/go/billing_project_info.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/billing_project_info.go.tmpl' +examples: + - name: 'billing_project_info_basic' + primary_resource_id: 'default' + test_env_vars: + billing_account: 'BILLING_ACCT' + org_id: 'ORG_ID' + skip_import_test: true +parameters: +properties: + - name: 'billing_account' + type: String + description: | + The ID of the billing account associated with the project, if + any. Set to empty string to disable billing for the project. + For example, `"012345-567890-ABCDEF"` or `""`. + required: true diff --git a/mmv1/products/billing/go_product.yaml b/mmv1/products/billing/go_product.yaml new file mode 100644 index 000000000000..73fc53ab3204 --- /dev/null +++ b/mmv1/products/billing/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CoreBilling' +legacy_name: 'billing' +display_name: 'Cloud Billing' +versions: + - name: 'ga' + base_url: 'https://cloudbilling.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/billingbudget/Budget.yaml b/mmv1/products/billingbudget/Budget.yaml index dcddda4a0fdf..0ba4a2e3df58 100644 --- a/mmv1/products/billingbudget/Budget.yaml +++ b/mmv1/products/billingbudget/Budget.yaml @@ -68,6 +68,13 @@ examples: channel_name: 'Example Notification Channel' test_env_vars: billing_acct: :MASTER_BILLING_ACCT + - !ruby/object:Provider::Terraform::Examples + name: 'billing_budget_notify_project_recipient' + primary_resource_id: 'budget' + vars: + budget_name: 'Example Billing Budget' + test_env_vars: + billing_acct: :MASTER_BILLING_ACCT - !ruby/object:Provider::Terraform::Examples name: 'billing_budget_customperiod' primary_resource_id: 'budget' @@ -440,6 +447,7 @@ properties: - 'notificationsRule.schemaVersion' - 'notificationsRule.monitoringNotificationChannels' - 'notificationsRule.disableDefaultIamRecipients' + - 'notificationsRule.enableProjectLevelRecipients' properties: - !ruby/object:Api::Type::String name: pubsubTopic @@ -479,6 +487,15 @@ properties: when a threshold is exceeded. Default recipients are those with Billing Account Administrators and Billing Account Users IAM roles for the target account. + - !ruby/object:Api::Type::Boolean + name: enableProjectLevelRecipients + default_value: false + description: | + When set to true, and when the budget has a single project configured, + notifications will be sent to project level recipients of that project. + This field will be ignored if the budget has multiple or no project configured. + + Currently, project level recipients are the users with Owner role on a cloud project. - !ruby/object:Api::Type::Enum name: ownershipScope description: | diff --git a/mmv1/products/billingbudget/go_Budget.yaml b/mmv1/products/billingbudget/go_Budget.yaml new file mode 100644 index 000000000000..f06b573de51e --- /dev/null +++ b/mmv1/products/billingbudget/go_Budget.yaml @@ -0,0 +1,511 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Budget' +description: | + Budget configuration for a billing account. +references: + guides: + 'Creating a budget': 'https://cloud.google.com/billing/docs/how-to/budgets' + api: 'https://cloud.google.com/billing/docs/reference/budget/rest/v1/billingAccounts.budgets' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the Billing Budgets API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +id_format: 'billingAccounts/{{billing_account}}/budgets/{{name}}' +base_url: 'billingAccounts/{{billing_account}}/budgets' +self_link: 'billingAccounts/{{billing_account}}/budgets/{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'billingAccounts/{{billing_account}}/budgets/{{name}}' + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/billing_budget.tmpl' +schema_version: 1 +state_upgraders: true +examples: + - name: 'billing_budget_basic' + primary_resource_id: 'budget' + vars: + display_name: 'Example Billing Budget' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + - name: 'billing_budget_lastperiod' + primary_resource_id: 'budget' + vars: + display_name: 'Example Billing Budget' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + - name: 'billing_budget_filter' + primary_resource_id: 'budget' + vars: + display_name: 'Example Billing Budget' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + org_id: 'ORG_ID' + - name: 'billing_budget_notify' + primary_resource_id: 'budget' + vars: + budget_name: 'Example Billing Budget' + channel_name: 'Example Notification Channel' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + - name: 'billing_budget_notify_project_recipient' + primary_resource_id: 'budget' + vars: + budget_name: 'Example Billing Budget' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + - name: 'billing_budget_customperiod' + primary_resource_id: 'budget' + vars: + display_name: 'Example Billing Budget' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + - name: 'billing_budget_optional' + primary_resource_id: 'budget' + vars: + display_name: 'Example Billing Budget' + topic_name: 'example-topic' + test_env_vars: + billing_acct: 'MASTER_BILLING_ACCT' + skip_docs: true +parameters: + - name: 'billingAccount' + type: String + description: | + ID of the billing account to set a budget on. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Resource name of the budget. The resource name + implies the scope of a budget. Values are of the form + billingAccounts/{billingAccountId}/budgets/{budgetId}. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + User data for display name in UI. Must be <= 60 chars. + - name: 'budgetFilter' + type: NestedObject + description: | + Filters that define which resources are used to compute the actual + spend against the budget. + default_from_api: true + update_mask_fields: + - 'budgetFilter.projects' + - 'budgetFilter.resourceAncestors' + - 'budgetFilter.labels' + - 'budgetFilter.calendarPeriod' + - 'budgetFilter.customPeriod' + - 'budgetFilter.services' + - 'budgetFilter.creditTypesTreatment' + - 'budgetFilter.creditTypes' + - 'budgetFilter.subaccounts' + properties: + - name: 'projects' + type: Array + description: | + A set of projects of the form projects/{project_number}, + specifying that usage from only this set of projects should be + included in the budget. If omitted, the report will include + all usage for the billing account, regardless of which project + the usage occurred on. + is_set: true + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + item_type: + type: String + - name: 'resourceAncestors' + type: Array + description: | + A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId}, + specifying that usage from only this set of folders and organizations should be included in the budget. + If omitted, the budget includes all usage that the billing account pays for. If the folder or organization + contains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects. + is_set: true + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + item_type: + type: String + - name: 'creditTypesTreatment' + type: Enum + description: | + Specifies how credits should be treated when determining spend + for threshold calculations. + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + default_value: "INCLUDE_ALL_CREDITS" + enum_values: + - 'INCLUDE_ALL_CREDITS' + - 'EXCLUDE_ALL_CREDITS' + - 'INCLUDE_SPECIFIED_CREDITS' + - name: 'services' + type: Array + description: | + A set of services of the form services/{service_id}, + specifying that usage from only this set of services should be + included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: + https://cloud.google.com/billing/v1/how-tos/catalog-api. + default_from_api: true + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + item_type: + type: String + - name: 'creditTypes' + type: Array + description: | + Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values. + If creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + + **Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config. + default_from_api: true + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + item_type: + type: String + - name: 'subaccounts' + type: Array + description: | + A set of subaccounts of the form billingAccounts/{account_id}, + specifying that usage from only this set of subaccounts should + be included in the budget. If a subaccount is set to the name of + the parent account, usage from the parent account will be included. + If the field is omitted, the report will include usage from the parent + account and all subaccounts, if they exist. + + **Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config. + default_from_api: true + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + item_type: + type: String + - name: 'labels' + type: KeyValuePairs + description: | + A single label and value pair specifying that usage from only + this set of labeled resources should be included in the budget. + default_from_api: true + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + custom_flatten: 'templates/terraform/custom_flatten/go/billing_budget_budget_filter_labels.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/billing_budget_budget_filter_labels.tmpl' + - name: 'calendarPeriod' + type: Enum + description: | + A CalendarPeriod represents the abstract concept of a recurring time period that has a + canonical start. Grammatically, "the start of the current CalendarPeriod". + All calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8). + + Exactly one of `calendar_period`, `custom_period` must be provided. + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + diff_suppress_func: 'checkValAndDefaultStringSuppress("MONTH", "budget_filter.0.custom_period.0.start_date")' + enum_values: + - 'MONTH' + - 'QUARTER' + - 'YEAR' + - 'CALENDAR_PERIOD_UNSPECIFIED' + - name: 'customPeriod' + type: NestedObject + description: | + Specifies to track usage from any start date (required) to any end date (optional). + This time period is static, it does not recur. + + Exactly one of `calendar_period`, `custom_period` must be provided. + at_least_one_of: + - 'budget_filter.0.projects' + - 'budget_filter.0.resource_ancestors' + - 'budget_filter.0.credit_types_treatment' + - 'budget_filter.0.services' + - 'budget_filter.0.subaccounts' + - 'budget_filter.0.labels' + - 'budget_filter.0.calendarPeriod' + - 'budget_filter.0.customPeriod' + properties: + - name: 'startDate' + type: NestedObject + description: | + A start date is required. The start date must be after January 1, 2017. + required: true + properties: + - name: 'year' + type: Integer + description: | + Year of the date. Must be from 1 to 9999. + required: true + validation: + function: 'validation.IntBetween(1,9999)' + - name: 'month' + type: Integer + description: | + Month of a year. Must be from 1 to 12. + required: true + validation: + function: 'validation.IntBetween(1,12)' + - name: 'day' + type: Integer + description: | + Day of a month. Must be from 1 to 31 and valid for the year and month. + required: true + validation: + function: 'validation.IntBetween(1,31)' + - name: 'endDate' + type: NestedObject + description: | + Optional. The end date of the time period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the startDate. + properties: + - name: 'year' + type: Integer + description: | + Year of the date. Must be from 1 to 9999. + required: true + validation: + function: 'validation.IntBetween(1,9999)' + - name: 'month' + type: Integer + description: | + Month of a year. Must be from 1 to 12. + required: true + validation: + function: 'validation.IntBetween(1,12)' + - name: 'day' + type: Integer + description: | + Day of a month. Must be from 1 to 31 and valid for the year and month. + required: true + validation: + function: 'validation.IntBetween(1,31)' + - name: 'amount' + type: NestedObject + description: | + The budgeted amount for each usage period. + required: true + update_mask_fields: + - 'amount.specifiedAmount.currencyCode' + - 'amount.specifiedAmount.units' + - 'amount.specifiedAmount.nanos' + properties: + - name: 'specifiedAmount' + type: NestedObject + description: | + A specified amount to use as the budget. currencyCode is + optional. If specified, it must match the currency of the + billing account. The currencyCode is provided on output. + exactly_one_of: + - 'amount.0.specified_amount' + - 'amount.0.last_period_amount' + properties: + - name: 'currencyCode' + type: String + description: | + The 3-letter currency code defined in ISO 4217. + default_from_api: true + - name: 'units' + type: String + description: | + The whole units of the amount. For example if currencyCode + is "USD", then 1 unit is one US dollar. + - name: 'nanos' + type: Integer + description: | + Number of nano (10^-9) units of the amount. + The value must be between -999,999,999 and +999,999,999 + inclusive. If units is positive, nanos must be positive or + zero. If units is zero, nanos can be positive, zero, or + negative. If units is negative, nanos must be negative or + zero. For example $-1.75 is represented as units=-1 and + nanos=-750,000,000. + - name: 'lastPeriodAmount' + type: Boolean + description: | + Configures a budget amount that is automatically set to 100% of + last period's spend. + Boolean. Set value to true to use. Do not set to false, instead + use the `specified_amount` block. + exactly_one_of: + - 'amount.0.specified_amount' + - 'amount.0.last_period_amount' + custom_flatten: 'templates/terraform/custom_flatten/go/object_to_bool.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/bool_to_object.go.tmpl' + - name: 'thresholdRules' + type: Array + description: | + Rules that trigger alerts (notifications of thresholds being + crossed) when spend exceeds the specified percentages of the + budget. + item_type: + type: NestedObject + properties: + - name: 'thresholdPercent' + type: Double + description: | + Send an alert when this threshold is exceeded. This is a + 1.0-based percentage, so 0.5 = 50%. Must be >= 0. + required: true + send_empty_value: true + - name: 'spendBasis' + type: Enum + description: | + The type of basis used to determine if spend has passed + the threshold. + default_value: "CURRENT_SPEND" + enum_values: + - 'CURRENT_SPEND' + - 'FORECASTED_SPEND' + - name: 'allUpdatesRule' + type: NestedObject + description: | + Defines notifications that are sent on every update to the + billing account's spend, regardless of the thresholds defined + using threshold rules. + api_name: notificationsRule + update_mask_fields: + - 'notificationsRule.pubsubTopic' + - 'notificationsRule.schemaVersion' + - 'notificationsRule.monitoringNotificationChannels' + - 'notificationsRule.disableDefaultIamRecipients' + - 'notificationsRule.enableProjectLevelRecipients' + properties: + - name: 'pubsubTopic' + type: String + description: | + The name of the Cloud Pub/Sub topic where budget related + messages will be published, in the form + projects/{project_id}/topics/{topic_id}. Updates are sent + at regular intervals to the topic. + at_least_one_of: + - 'all_updates_rule.0.pubsub_topic' + - 'all_updates_rule.0.monitoring_notification_channels' + - name: 'schemaVersion' + type: String + description: | + The schema version of the notification. Only "1.0" is + accepted. It represents the JSON schema as defined in + https://cloud.google.com/billing/docs/how-to/budgets#notification_format. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "1.0" + - name: 'monitoringNotificationChannels' + type: Array + description: | + The full resource name of a monitoring notification + channel in the form + projects/{project_id}/notificationChannels/{channel_id}. + A maximum of 5 channels are allowed. + at_least_one_of: + - 'all_updates_rule.0.pubsub_topic' + - 'all_updates_rule.0.monitoring_notification_channels' + item_type: + type: String + max_size: 5 + - name: 'disableDefaultIamRecipients' + type: Boolean + description: | + Boolean. When set to true, disables default notifications sent + when a threshold is exceeded. Default recipients are + those with Billing Account Administrators and Billing + Account Users IAM roles for the target account. + default_value: false + - name: 'enableProjectLevelRecipients' + type: Boolean + description: | + When set to true, and when the budget has a single project configured, + notifications will be sent to project level recipients of that project. + This field will be ignored if the budget has multiple or no project configured. + + Currently, project level recipients are the users with Owner role on a cloud project. + default_value: false + - name: 'ownershipScope' + type: Enum + description: | + The ownership scope of the budget. The ownership scope and users' + IAM permissions determine who has full access to the budget's data. + enum_values: + - 'OWNERSHIP_SCOPE_UNSPECIFIED' + - 'ALL_USERS' + - 'BILLING_ACCOUNT' diff --git a/mmv1/products/billingbudget/go_product.yaml b/mmv1/products/billingbudget/go_product.yaml new file mode 100644 index 000000000000..dd0e8fe2b43d --- /dev/null +++ b/mmv1/products/billingbudget/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Billing' +display_name: 'Cloud Billing' +versions: + - name: 'ga' + base_url: 'https://billingbudgets.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/binaryauthorization/Attestor.yaml b/mmv1/products/binaryauthorization/Attestor.yaml index a10945e1e2b6..80cf3859e255 100644 --- a/mmv1/products/binaryauthorization/Attestor.yaml +++ b/mmv1/products/binaryauthorization/Attestor.yaml @@ -26,7 +26,7 @@ references: !ruby/object:Api::Resource::ReferenceLinks api: 'https://cloud.google.com/binary-authorization/docs/reference/rest/' import_format: ['projects/{{project}}/attestors/{{name}}'] custom_code: !ruby/object:Provider::Terraform::CustomCode - constants: 'templates/terraform/constants/binaryauthorization_attestor.go' + constants: 'templates/terraform/constants/binaryauthorization_attestor.go.erb' examples: - !ruby/object:Provider::Terraform::Examples name: 'binary_authorization_attestor_basic' diff --git a/mmv1/products/binaryauthorization/Policy.yaml b/mmv1/products/binaryauthorization/Policy.yaml index 1c565b622f09..ef683478ba83 100644 --- a/mmv1/products/binaryauthorization/Policy.yaml +++ b/mmv1/products/binaryauthorization/Policy.yaml @@ -87,6 +87,31 @@ properties: A location is either a compute zone (e.g. `us-central1-a`) or a region (e.g. `us-central1`). key_name: cluster + is_set: true + set_hash_func: |- + func(v interface{}) int { + // require_attestations_by is a set of strings that can have the format + // projects/{project}/attestors/{attestor} or {attestor}. We diffsuppress + // and hash that set on the name, but now we need to make sure that the + // overall hash here respects that so changing the attestor format doesn't + // change the hash code of cluster_admission_rules. + raw := v.(map[string]interface{}) + + // modifying raw actually modifies the values passed to the provider. + // Use a copy to avoid that. + copy := make((map[string]interface{})) + for key, value := range raw { + copy[key] = value + } + at := copy["require_attestations_by"].(*schema.Set) + if at != nil { + t := tpgresource.ConvertAndMapStringArr(at.List(), tpgresource.GetResourceNameFromSelfLink) + copy["require_attestations_by"] = schema.NewSet(tpgresource.SelfLinkNameHash, tpgresource.ConvertStringArrToInterface(t)) + } + var buf bytes.Buffer + schema.SerializeResourceForHash(&buf, copy, ResourceBinaryAuthorizationPolicy().Schema["cluster_admission_rules"].Elem.(*schema.Resource)) + return tpgresource.Hashcode(buf.String()) + } value_type: !ruby/object:Api::Type::NestedObject name: clusterAdmissionRule properties: @@ -123,31 +148,6 @@ properties: values: - :ENFORCED_BLOCK_AND_AUDIT_LOG - :DRYRUN_AUDIT_LOG_ONLY - is_set: true - set_hash_func: |- - func(v interface{}) int { - // require_attestations_by is a set of strings that can have the format - // projects/{project}/attestors/{attestor} or {attestor}. We diffsuppress - // and hash that set on the name, but now we need to make sure that the - // overall hash here respects that so changing the attestor format doesn't - // change the hash code of cluster_admission_rules. - raw := v.(map[string]interface{}) - - // modifying raw actually modifies the values passed to the provider. - // Use a copy to avoid that. - copy := make((map[string]interface{})) - for key, value := range raw { - copy[key] = value - } - at := copy["require_attestations_by"].(*schema.Set) - if at != nil { - t := tpgresource.ConvertAndMapStringArr(at.List(), tpgresource.GetResourceNameFromSelfLink) - copy["require_attestations_by"] = schema.NewSet(tpgresource.SelfLinkNameHash, tpgresource.ConvertStringArrToInterface(t)) - } - var buf bytes.Buffer - schema.SerializeResourceForHash(&buf, copy, ResourceBinaryAuthorizationPolicy().Schema["cluster_admission_rules"].Elem.(*schema.Resource)) - return tpgresource.Hashcode(buf.String()) - } - !ruby/object:Api::Type::NestedObject name: defaultAdmissionRule description: | diff --git a/mmv1/products/binaryauthorization/go_Attestor.yaml b/mmv1/products/binaryauthorization/go_Attestor.yaml new file mode 100644 index 000000000000..6ebbeb770a0e --- /dev/null +++ b/mmv1/products/binaryauthorization/go_Attestor.yaml @@ -0,0 +1,164 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Attestor' +description: | + An attestor that attests to container image artifacts. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/binary-authorization/' + api: 'https://cloud.google.com/binary-authorization/docs/reference/rest/' +docs: +base_url: 'projects/{{project}}/attestors?attestorId={{name}}' +self_link: 'projects/{{project}}/attestors/{{name}}' +import_format: + - 'projects/{{project}}/attestors/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'attestor' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: + constants: 'templates/terraform/constants/go/binaryauthorization_attestor.go.tmpl' +examples: + - name: 'binary_authorization_attestor_basic' + primary_resource_id: 'attestor' + primary_resource_name: 'fmt.Sprintf("tf-test-test-attestor%s", context["random_suffix"])' + vars: + attestor_name: 'test-attestor' + note_name: 'test-attestor-note' + - name: 'binary_authorization_attestor_kms' + primary_resource_id: 'attestor' + vars: + attestor_name: 'test-attestor' + note_name: 'test-attestor-note' + key_name: 'test-attestor-key' + keyring_name: 'test-attestor-key-ring' + skip_test: true +parameters: +properties: + - name: 'name' + type: String + description: | + The resource name. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'description' + type: String + description: | + A descriptive comment. This field may be updated. The field may be + displayed in chooser dialogs. + - name: 'attestationAuthorityNote' + type: NestedObject + description: | + A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. + api_name: userOwnedGrafeasNote + required: true + properties: + - name: 'noteReference' + type: String + description: | + The resource name of a ATTESTATION_AUTHORITY Note, created by the + user. If the Note is in a different project from the Attestor, it + should be specified in the format `projects/*/notes/*` (or the legacy + `providers/*/notes/*`). This field may not be updated. + An attestation by this attestor is stored as a Container Analysis + ATTESTATION_AUTHORITY Occurrence that names a container image + and that links to this Note. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/container_analysis_note.tmpl' + - name: 'publicKeys' + type: Array + description: | + Public keys that verify attestations signed by this attestor. This + field may be updated. + If this field is non-empty, one of the specified public keys must + verify that an attestation was signed by this attestor for the + image specified in the admission request. + If this field is empty, this attestor always returns that no valid + attestations exist. + item_type: + type: NestedObject + properties: + - name: 'comment' + type: String + description: | + A descriptive comment. This field may be updated. + - name: 'id' + type: String + description: | + The ID of this public key. Signatures verified by BinAuthz + must include the ID of the public key that can be used to + verify them, and that ID must match the contents of this + field exactly. Additional restrictions on this field can + be imposed based on which public key type is encapsulated. + See the documentation on publicKey cases below for details. + default_from_api: true + - name: 'asciiArmoredPgpPublicKey' + type: String + description: | + ASCII-armored representation of a PGP public key, as the + entire output by the command + `gpg --export --armor foo@example.com` (either LF or CRLF + line endings). When using this field, id should be left + blank. The BinAuthz API handlers will calculate the ID + and fill it in automatically. BinAuthz computes this ID + as the OpenPGP RFC4880 V4 fingerprint, represented as + upper-case hex. If id is provided by the caller, it will + be overwritten by the API-calculated ID. + - name: 'pkixPublicKey' + type: NestedObject + description: | + A raw PKIX SubjectPublicKeyInfo format public key. + + NOTE: id may be explicitly provided by the caller when using this + type of public key, but it MUST be a valid RFC3986 URI. If id is left + blank, a default one will be computed based on the digest of the DER + encoding of the public key. + properties: + - name: 'publicKeyPem' + type: String + description: | + A PEM-encoded public key, as described in + `https://tools.ietf.org/html/rfc7468#section-13` + - name: 'signatureAlgorithm' + type: String + description: | + The signature algorithm used to verify a message against + a signature using this key. These signature algorithm must + match the structure and any object identifiers encoded in + publicKeyPem (i.e. this algorithm must match that of the + public key). + diff_suppress_func: 'CompareSignatureAlgorithm' + - name: 'delegationServiceAccountEmail' + type: String + description: | + This field will contain the service account email address that + this Attestor will use as the principal when querying Container + Analysis. Attestor administrators must grant this service account + the IAM role needed to read attestations from the noteReference in + Container Analysis (containeranalysis.notes.occurrences.viewer). + This email address is fixed for the lifetime of the Attestor, but + callers should not make any other assumptions about the service + account email; future versions may use an email based on a + different naming pattern. + output: true diff --git a/mmv1/products/binaryauthorization/go_Policy.yaml b/mmv1/products/binaryauthorization/go_Policy.yaml new file mode 100644 index 000000000000..4a3aa59f4f5f --- /dev/null +++ b/mmv1/products/binaryauthorization/go_Policy.yaml @@ -0,0 +1,199 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Policy' +description: | + A policy for container image binary authorization. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/binary-authorization/' + api: 'https://cloud.google.com/binary-authorization/docs/reference/rest/' +docs: +id_format: 'projects/{{project}}' +base_url: 'projects/{{project}}/policy' +self_link: 'projects/{{project}}/policy' +create_verb: 'PUT' +delete_verb: 'PUT' +import_format: + - 'projects/{{project}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/binaryauthorization_policy.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/restore_default_binaryauthorization_policy.tmpl' +examples: + - name: 'binary_authorization_policy_basic' + primary_resource_id: 'policy' + vars: + attestor_name: 'test-attestor' + note_name: 'test-attestor-note' + skip_test: true + - name: 'binary_authorization_policy_global_evaluation' + primary_resource_id: 'policy' + vars: + attestor_name: 'test-attestor' + note_name: 'test-attestor-note' + skip_test: true +parameters: +properties: + - name: 'description' + type: String + description: A descriptive comment. + - name: 'globalPolicyEvaluationMode' + type: Enum + description: | + Controls the evaluation of a Google-maintained global admission policy + for common system-level images. Images not covered by the global + policy will be subject to the project admission policy. + default_from_api: true + enum_values: + - 'ENABLE' + - 'DISABLE' + - name: 'admissionWhitelistPatterns' + type: Array + description: | + A whitelist of image patterns to exclude from admission rules. If an + image's name matches a whitelist pattern, the image's admission + requests will always be permitted regardless of your admission rules. + item_type: + type: NestedObject + properties: + - name: 'namePattern' + type: String + description: | + An image name pattern to whitelist, in the form + `registry/path/to/image`. This supports a trailing * as a + wildcard, but this is allowed only in text after the registry/ + part. + required: true + - name: 'clusterAdmissionRules' + type: Map + description: | + Per-cluster admission rules. An admission rule specifies either that + all container images used in a pod creation request must be attested + to by one or more attestors, that all pod creations will be allowed, + or that all pod creations will be denied. There can be at most one + admission rule per cluster spec. + + + Identifier format: `{{location}}.{{clusterId}}`. + A location is either a compute zone (e.g. `us-central1-a`) or a region + (e.g. `us-central1`). + is_set: true + set_hash_func: |- + func(v interface{}) int { + // require_attestations_by is a set of strings that can have the format + // projects/{project}/attestors/{attestor} or {attestor}. We diffsuppress + // and hash that set on the name, but now we need to make sure that the + // overall hash here respects that so changing the attestor format doesn't + // change the hash code of cluster_admission_rules. + raw := v.(map[string]interface{}) + + // modifying raw actually modifies the values passed to the provider. + // Use a copy to avoid that. + copy := make((map[string]interface{})) + for key, value := range raw { + copy[key] = value + } + at := copy["require_attestations_by"].(*schema.Set) + if at != nil { + t := tpgresource.ConvertAndMapStringArr(at.List(), tpgresource.GetResourceNameFromSelfLink) + copy["require_attestations_by"] = schema.NewSet(tpgresource.SelfLinkNameHash, tpgresource.ConvertStringArrToInterface(t)) + } + var buf bytes.Buffer + schema.SerializeResourceForHash(&buf, copy, ResourceBinaryAuthorizationPolicy().Schema["cluster_admission_rules"].Elem.(*schema.Resource)) + return tpgresource.Hashcode(buf.String()) + } + key_name: 'cluster' + value_type: + type: NestedObject + properties: + - name: 'evaluationMode' + type: Enum + description: How this admission rule will be evaluated. + required: true + enum_values: + - 'ALWAYS_ALLOW' + - 'REQUIRE_ATTESTATION' + - 'ALWAYS_DENY' + - name: 'requireAttestationsBy' + type: Array + description: | + The resource names of the attestors that must attest to a + container image. If the attestor is in a different project from the + policy, it should be specified in the format `projects/*/attestors/*`. + Each attestor must exist before a policy can reference it. To add an + attestor to a policy the principal issuing the policy change + request must be able to read the attestor resource. + + Note: this field must be non-empty when the evaluation_mode field + specifies REQUIRE_ATTESTATION, otherwise it must be empty. + is_set: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + set_hash_func: tpgresource.SelfLinkNameHash + custom_expand: 'templates/terraform/custom_expand/go/binaryauthorization_attestors.tmpl' + item_type: + type: String + - name: 'enforcementMode' + type: Enum + description: | + The action when a pod creation is denied by the admission rule. + required: true + enum_values: + - 'ENFORCED_BLOCK_AND_AUDIT_LOG' + - 'DRYRUN_AUDIT_LOG_ONLY' + - name: 'defaultAdmissionRule' + type: NestedObject + description: | + Default admission rule for a cluster without a per-cluster admission + rule. + required: true + properties: + - name: 'evaluationMode' + type: Enum + description: How this admission rule will be evaluated. + required: true + enum_values: + - 'ALWAYS_ALLOW' + - 'REQUIRE_ATTESTATION' + - 'ALWAYS_DENY' + - name: 'requireAttestationsBy' + type: Array + description: | + The resource names of the attestors that must attest to a + container image. If the attestor is in a different project from the + policy, it should be specified in the format `projects/*/attestors/*`. + Each attestor must exist before a policy can reference it. To add an + attestor to a policy the principal issuing the policy change + request must be able to read the attestor resource. + + Note: this field must be non-empty when the evaluation_mode field + specifies REQUIRE_ATTESTATION, otherwise it must be empty. + is_set: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + set_hash_func: tpgresource.SelfLinkNameHash + custom_expand: 'templates/terraform/custom_expand/go/binaryauthorization_attestors.tmpl' + item_type: + type: String + - name: 'enforcementMode' + type: Enum + description: | + The action when a pod creation is denied by the admission rule. + required: true + enum_values: + - 'ENFORCED_BLOCK_AND_AUDIT_LOG' + - 'DRYRUN_AUDIT_LOG_ONLY' diff --git a/mmv1/products/binaryauthorization/go_product.yaml b/mmv1/products/binaryauthorization/go_product.yaml new file mode 100644 index 000000000000..42b186f46051 --- /dev/null +++ b/mmv1/products/binaryauthorization/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BinaryAuthorization' +display_name: 'Binary Authorization' +versions: + - name: 'ga' + base_url: 'https://binaryauthorization.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/blockchainnodeengine/go_BlockchainNodes.yaml b/mmv1/products/blockchainnodeengine/go_BlockchainNodes.yaml new file mode 100644 index 000000000000..e7708589cd91 --- /dev/null +++ b/mmv1/products/blockchainnodeengine/go_BlockchainNodes.yaml @@ -0,0 +1,220 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BlockchainNodes' +description: | + A representation of a blockchain node. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/blockchain-node-engine' + api: 'https://cloud.google.com/blockchain-node-engine/docs/reference/rest/v1/projects.locations.blockchainNodes' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/blockchainNodes' +self_link: 'projects/{{project}}/locations/{{location}}/blockchainNodes/{{blockchain_node_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/blockchainNodes?blockchain_node_id={{blockchain_node_id}}' +import_format: + - 'projects/{{project}}/locations/{{location}}/blockchainNodes/{{blockchain_node_id}}' +timeouts: + insert_minutes: 45 + update_minutes: 20 + delete_minutes: 35 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'blockchain_nodes_basic' + primary_resource_id: 'default_node' + vars: + blockchain_node_id: 'blockchain_basic_node' + - name: 'blockchain_nodes_geth_details' + primary_resource_id: 'default_node_geth' + vars: + blockchain_node_id: 'blockchain_geth_node' +parameters: + - name: 'location' + type: String + description: | + Location of Blockchain Node being created. + url_param_only: true + required: true + immutable: true + - name: 'blockchainNodeId' + type: String + description: | + ID of the requesting object. + url_param_only: true + required: true +properties: + - name: 'name' + type: String + description: | + The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node. + output: true + - name: 'createTime' + type: String + description: | + The timestamp at which the blockchain node was first created. + output: true + - name: 'updateTime' + type: String + description: | + The timestamp at which the blockchain node was last updated. + output: true + - name: 'labels' + type: KeyValueLabels + description: | + User-provided key-value pairs + immutable: false + - name: 'connectionInfo' + type: NestedObject + description: | + The connection information through which to interact with a blockchain node. + output: true + properties: + - name: 'serviceAttachment' + type: String + description: | + A service attachment that exposes a node, and has the following format: projects/{project}/regions/{region}/serviceAttachments/{service_attachment_name} + output: true + - name: 'endpointInfo' + type: NestedObject + description: | + The endpoint information through which to interact with a blockchain node. + output: true + properties: + - name: 'jsonRpcApiEndpoint' + type: String + description: | + The assigned URL for the node JSON-RPC API endpoint. + output: true + - name: 'websocketsApiEndpoint' + type: String + description: | + The assigned URL for the node WebSockets API endpoint. + output: true + - name: 'ethereumDetails' + type: NestedObject + description: | + User-provided key-value pairs + properties: + - name: 'validatorConfig' + type: NestedObject + description: | + Configuration for validator-related parameters on the beacon client, and for any managed validator client. + properties: + - name: 'mevRelayUrls' + type: Array + description: | + URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client. + item_type: + type: String + - name: 'gethDetails' + type: NestedObject + description: | + User-provided key-value pairs + properties: + - name: 'garbageCollectionMode' + type: Enum + description: | + Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. + immutable: true + enum_values: + - 'FULL' + - 'ARCHIVE' + - name: 'additionalEndpoints' + type: NestedObject + description: | + User-provided key-value pairs + output: true + properties: + - name: 'beaconApiEndpoint' + type: String + description: | + The assigned URL for the node's Beacon API endpoint. + output: true + - name: 'beaconPrometheusMetricsApiEndpoint' + type: String + description: | + The assigned URL for the node's Beacon Prometheus metrics endpoint. + output: true + - name: 'executionClientPrometheusMetricsApiEndpoint' + type: String + description: | + The assigned URL for the node's execution client's Prometheus metrics endpoint. + output: true + - name: 'network' + type: Enum + description: | + The Ethereum environment being accessed. + immutable: true + enum_values: + - 'MAINNET' + - 'TESTNET_GOERLI_PRATER' + - 'TESTNET_SEPOLIA' + - name: 'nodeType' + type: Enum + description: | + The type of Ethereum node. + immutable: true + enum_values: + - 'LIGHT' + - 'FULL' + - 'ARCHIVE' + - name: 'executionClient' + type: Enum + description: | + The execution client + immutable: true + enum_values: + - 'EXECUTION_CLIENT_UNSPECIFIED' + - 'GETH' + - 'ERIGON' + - name: 'consensusClient' + type: Enum + description: | + The consensus client + immutable: true + enum_values: + - 'CONSENSUS_CLIENT_UNSPECIFIED' + - 'LIGHTHOUSE' + - name: 'apiEnableAdmin' + type: Boolean + description: | + Enables JSON-RPC access to functions in the admin namespace. Defaults to false. + immutable: true + - name: 'apiEnableDebug' + type: Boolean + description: | + Enables JSON-RPC access to functions in the debug namespace. Defaults to false. + immutable: true + - name: 'blockchainType' + type: Enum + description: | + User-provided key-value pairs + immutable: true + enum_values: + - 'ETHEREUM' diff --git a/mmv1/products/blockchainnodeengine/go_product.yaml b/mmv1/products/blockchainnodeengine/go_product.yaml new file mode 100644 index 000000000000..58a091264f55 --- /dev/null +++ b/mmv1/products/blockchainnodeengine/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BlockchainNodeEngine' +display_name: 'Blockchain node engine' +versions: + - name: 'ga' + base_url: 'https://blockchainnodeengine.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/certificatemanager/TrustConfig.yaml b/mmv1/products/certificatemanager/TrustConfig.yaml index d7395fa22948..414c639bf9da 100644 --- a/mmv1/products/certificatemanager/TrustConfig.yaml +++ b/mmv1/products/certificatemanager/TrustConfig.yaml @@ -50,8 +50,11 @@ examples: primary_resource_id: 'default' vars: trust_config_name: 'trust-config' -custom_code: !ruby/object:Provider::Terraform::CustomCode - pre_update: templates/terraform/pre_update/certificate_manager_trust_config.go.erb + - !ruby/object:Provider::Terraform::Examples + name: 'certificate_manager_trust_config_allowlisted_certificates' + primary_resource_id: 'default' + vars: + trust_config_name: 'trust-config' parameters: - !ruby/object:Api::Type::String name: 'name' @@ -87,7 +90,6 @@ properties: - !ruby/object:Api::Type::KeyValueLabels name: 'labels' description: 'Set of label tags associated with the trust config.' - immutable: true - !ruby/object:Api::Type::String name: 'description' description: | @@ -124,3 +126,15 @@ properties: PEM intermediate certificate used for building up paths for validation. Each certificate provided in PEM format may occupy up to 5kB. sensitive: true + - !ruby/object:Api::Type::Array + name: allowlistedCertificates + description: | + Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'pemCertificate' + description: | + PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. + required: true diff --git a/mmv1/products/certificatemanager/go_Certificate.yaml b/mmv1/products/certificatemanager/go_Certificate.yaml new file mode 100644 index 000000000000..708c706fb4ca --- /dev/null +++ b/mmv1/products/certificatemanager/go_Certificate.yaml @@ -0,0 +1,282 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Certificate' +description: | + Certificate represents a HTTP-reachable backend for a Certificate. +docs: +id_format: 'projects/{{project}}/locations/{{location}}/certificates/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/certificates' +self_link: 'projects/{{project}}/locations/{{location}}/certificates/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/certificates?certificateId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/certificates/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/cert_manager.tmpl' +schema_version: 1 +state_upgraders: true +examples: + - name: 'certificate_manager_google_managed_certificate_dns' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + dns_auth_subdomain: 'subdomain' + dns_auth_name2: 'dns-auth2' + dns_auth_subdomain2: 'subdomain2' + cert_name: 'dns-cert' + - name: 'certificate_manager_google_managed_certificate_issuance_config' + primary_resource_id: 'default' + vars: + cert_name: 'issuance-config-cert' + ca_name: 'ca-authority' + pool_name: 'ca-pool' + issuance_config_name: 'issuance-config' + - name: 'certificate_manager_self_managed_certificate' + primary_resource_id: 'default' + vars: + cert_name: 'self-managed-cert' + - name: 'certificate_manager_self_managed_certificate_regional' + primary_resource_id: 'default' + vars: + cert_name: 'self-managed-cert' + - name: 'certificate_manager_google_managed_certificate_issuance_config_all_regions' + primary_resource_id: 'default' + vars: + cert_name: 'issuance-config-cert' + ca_name: 'ca-authority' + pool_name: 'ca-pool' + issuance_config_name: 'issuance-config' + - name: 'certificate_manager_google_managed_certificate_dns_all_regions' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + dns_auth_subdomain: 'subdomain' + dns_auth_name2: 'dns-auth2' + dns_auth_subdomain2: 'subdomain2' + cert_name: 'dns-cert' + - name: 'certificate_manager_google_managed_regional_certificate_dns_auth' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + dns_auth_subdomain: 'subdomain' + cert_name: 'dns-cert' +parameters: + - name: 'name' + type: String + description: | + A user-defined name of the certificate. Certificate names must be unique + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The Certificate Manager location. If not specified, "global" is used. + url_param_only: true + immutable: true + default_value: "global" +properties: + - name: 'description' + type: String + description: | + A human-readable description of the resource. + - name: 'labels' + type: KeyValueLabels + description: 'Set of label tags associated with the Certificate resource.' + immutable: false + - name: 'scope' + type: String + description: | + The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence. + See https://cloud.google.com/vpc/docs/edge-locations. + + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + See https://cloud.google.com/compute/docs/regions-zones + immutable: true + diff_suppress_func: 'certManagerDefaultScopeDiffSuppress' + default_value: "DEFAULT" + - name: 'selfManaged' + type: NestedObject + description: | + Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + immutable: true + ignore_read: true + exactly_one_of: + - 'self_managed' + - 'managed' + properties: + - name: 'certificatePem' + type: String + description: | + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + immutable: true + sensitive: true + exactly_one_of: + - 'self_managed.0.certificate_pem' + - 'self_managed.0.pem_certificate' + deprecation_message: '`certificate_pem` is deprecated and will be removed in a future major release. Use `pem_certificate` instead.' + - name: 'privateKeyPem' + type: String + description: | + The private key of the leaf certificate in PEM-encoded form. + immutable: true + sensitive: true + exactly_one_of: + - 'self_managed.0.private_key_pem' + - 'self_managed.0.pem_private_key' + deprecation_message: '`private_key_pem` is deprecated and will be removed in a future major release. Use `pem_private_key` instead.' + - name: 'pemCertificate' + type: String + description: | + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + immutable: true + exactly_one_of: + - 'self_managed.0.certificate_pem' + - 'self_managed.0.pem_certificate' + - name: 'pemPrivateKey' + type: String + description: | + The private key of the leaf certificate in PEM-encoded form. + immutable: true + sensitive: true + exactly_one_of: + - 'self_managed.0.private_key_pem' + - 'self_managed.0.pem_private_key' + - name: 'managed' + type: NestedObject + description: | + Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + immutable: true + exactly_one_of: + - 'self_managed' + - 'managed' + properties: + - name: 'domains' + type: Array + description: | + The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution + immutable: true + item_type: + type: String + - name: 'dnsAuthorizations' + type: Array + description: | + Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both. + immutable: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + item_type: + type: String + - name: 'issuanceConfig' + type: String + description: | + The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*. + If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. + Either issuanceConfig or dnsAuthorizations should be specificed, but not both. + + # when the certificate is created with issuanceConfig in the format "projects/{{project_id}}/locations/global/certificateIssuanceConfigs/{{CICName}}", the + # format changes in the response message to "projects/{{project_number}}/locations/global/certificateIssuanceConfigs/{{CICName}}". That causes the tests to fail + # that's why "tpgresource.CompareResourceNames" is needed. + immutable: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + - name: 'state' + type: String + description: | + A state of this Managed Certificate. + output: true + - name: 'provisioningIssue' + type: NestedObject + description: | + Information about issues with provisioning this Managed Certificate. + output: true + properties: + - name: 'reason' + type: String + description: | + Reason for provisioning failures. + output: true + - name: 'details' + type: String + description: | + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use `reason` field. + output: true + - name: 'authorizationAttemptInfo' + type: Array + description: | + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + output: true + item_type: + type: NestedObject + properties: + - name: 'domain' + type: String + description: | + Domain name of the authorization attempt. + output: true + - name: 'state' + type: String + description: | + State of the domain for managed certificate issuance. + output: true + - name: 'failureReason' + type: String + description: | + Reason for failure of the authorization attempt for the domain. + output: true + - name: 'details' + type: String + description: | + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use `failure_reason` field. + output: true diff --git a/mmv1/products/certificatemanager/go_CertificateIssuanceConfig.yaml b/mmv1/products/certificatemanager/go_CertificateIssuanceConfig.yaml new file mode 100644 index 000000000000..83105994c483 --- /dev/null +++ b/mmv1/products/certificatemanager/go_CertificateIssuanceConfig.yaml @@ -0,0 +1,136 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CertificateIssuanceConfig' +description: | + Certificate represents a HTTP-reachable backend for a Certificate. +references: + guides: + 'Manage certificate issuance configs': 'https://cloud.google.com/certificate-manager/docs/issuance-configs' + api: 'https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.certificateIssuanceConfigs' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs' +create_url: 'projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs?certificateIssuanceConfigId={{name}}' +immutable: true +import_format: + - 'projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +schema_version: 1 +state_upgraders: true +examples: + - name: 'certificate_manager_certificate_issuance_config' + primary_resource_id: 'default' + vars: + ca_name: 'ca-authority' + pool_name: 'ca-pool' + issuance_config_name: 'issuance-config' +parameters: + - name: 'name' + type: String + description: | + A user-defined name of the certificate issuance config. + CertificateIssuanceConfig names must be unique globally. + url_param_only: true + required: true + - name: 'location' + type: String + description: | + The Certificate Manager location. If not specified, "global" is used. + url_param_only: true + immutable: true + default_value: "global" +properties: + - name: 'description' + type: String + description: | + One or more paragraphs of text description of a CertificateIssuanceConfig. + - name: 'rotationWindowPercentage' + type: Integer + description: | + It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate. + Must be a number between 1-99, inclusive. + You must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after + the certificate has been issued and at least 7 days before it expires. + required: true + - name: 'keyAlgorithm' + type: Enum + description: | + Key algorithm to use when generating the private key. + required: true + enum_values: + - 'RSA_2048' + - 'ECDSA_P256' + - name: 'lifetime' + type: String + description: | + Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'. + Example: "1814400s". Valid values are from 21 days (1814400s) to 30 days (2592000s) + required: true + - name: 'createTime' + type: String + description: | + The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: Time + description: | + The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'labels' + type: KeyValueLabels + description: | + 'Set of label tags associated with the CertificateIssuanceConfig resource. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "count": "3" }. + immutable: false + - name: 'certificateAuthorityConfig' + type: NestedObject + description: | + The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc. + required: true + properties: + - name: 'certificateAuthorityServiceConfig' + type: NestedObject + description: Defines a CertificateAuthorityServiceConfig. + properties: + - name: 'caPool' + type: String + description: | + A CA pool resource used to issue a certificate. + The CA pool string has a relative resource path following the form + "projects/{project}/locations/{location}/caPools/{caPool}". + required: true + diff_suppress_func: 'tpgresource.CompareResourceNames' diff --git a/mmv1/products/certificatemanager/go_CertificateMap.yaml b/mmv1/products/certificatemanager/go_CertificateMap.yaml new file mode 100644 index 000000000000..0d5419e4040a --- /dev/null +++ b/mmv1/products/certificatemanager/go_CertificateMap.yaml @@ -0,0 +1,121 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CertificateMap' +description: | + CertificateMap defines a collection of certificate configurations, + which are usable by any associated target proxies +docs: +base_url: 'projects/{{project}}/locations/global/certificateMaps' +self_link: 'projects/{{project}}/locations/global/certificateMaps/{{name}}' +create_url: 'projects/{{project}}/locations/global/certificateMaps?certificateMapId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/global/certificateMaps/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'certificate_manager_certificate_map_basic' + primary_resource_id: 'default' + vars: + cert_map_name: 'cert-map' +parameters: + - name: 'name' + type: String + description: | + A user-defined name of the Certificate Map. Certificate Map names must be unique + globally and match the pattern `projects/*/locations/*/certificateMaps/*`. + url_param_only: true + required: true + immutable: true +properties: + - name: 'description' + type: String + description: | + A human-readable description of the resource. + - name: 'createTime' + type: String + description: | + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: Time + description: | + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Set of labels associated with a Certificate Map resource. + immutable: false + - name: 'gclbTargets' + type: Array + description: | + A list of target proxies that use this Certificate Map + output: true + item_type: + type: NestedObject + properties: + - name: 'ipConfigs' + type: Array + description: | + An IP configuration where this Certificate Map is serving + item_type: + type: NestedObject + properties: + - name: 'ipAddress' + type: String + description: | + An external IP address + - name: 'ports' + type: Array + description: | + A list of ports + item_type: + type: Integer + - name: 'targetHttpsProxy' + type: String + description: | + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field `target_proxy`: Only one of `targetHttpsProxy` or + `targetSslProxy` may be set. + - name: 'targetSslProxy' + type: String + description: | + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field `target_proxy`: Only one of `targetHttpsProxy` or + `targetSslProxy` may be set. diff --git a/mmv1/products/certificatemanager/go_CertificateMapEntry.yaml b/mmv1/products/certificatemanager/go_CertificateMapEntry.yaml new file mode 100644 index 000000000000..87075965dd9a --- /dev/null +++ b/mmv1/products/certificatemanager/go_CertificateMapEntry.yaml @@ -0,0 +1,134 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CertificateMapEntry' +description: | + CertificateMapEntry is a list of certificate configurations, + that have been issued for a particular hostname +docs: +base_url: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries' +self_link: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries/{{name}}' +create_url: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries?certificateMapEntryId={{name}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'certificate_manager_certificate_map_entry_full' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + dns_auth_subdomain: 'subdomain' + dns_auth_name2: 'dns-auth2' + dns_auth_subdomain2: 'subdomain2' + cert_map_entry_name: 'cert-map-entry' +parameters: + - name: 'name' + type: String + description: | + A user-defined name of the Certificate Map Entry. Certificate Map Entry + names must be unique globally and match pattern + 'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + - name: 'map' + type: ResourceRef + description: | + A map entry that is inputted into the cetrificate map + url_param_only: true + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + resource: 'CertificateMap' + imports: 'name' +properties: + - name: 'description' + type: String + description: | + A human-readable description of the resource. + - name: 'createTime' + type: String + description: | + Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: Time + description: | + Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Set of labels associated with a Certificate Map Entry. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + immutable: false + - name: 'certificates' + type: Array + description: | + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + required: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + item_type: + type: String + - name: 'state' + type: String + description: | + A serving state of this Certificate Map Entry. + output: true + - name: 'hostname' + type: String + description: | + A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + immutable: true + exactly_one_of: + - 'hostname' + - 'matcher' + - name: 'matcher' + type: String + description: | + A predefined matcher for particular cases, other than SNI selection + immutable: true + exactly_one_of: + - 'hostname' + - 'matcher' diff --git a/mmv1/products/certificatemanager/go_DnsAuthorization.yaml b/mmv1/products/certificatemanager/go_DnsAuthorization.yaml new file mode 100644 index 000000000000..8c17d205e5b3 --- /dev/null +++ b/mmv1/products/certificatemanager/go_DnsAuthorization.yaml @@ -0,0 +1,135 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DnsAuthorization' +description: | + DnsAuthorization represents a HTTP-reachable backend for a DnsAuthorization. +docs: +base_url: 'projects/{{project}}/locations/{{location}}/dnsAuthorizations' +self_link: 'projects/{{project}}/locations/{{location}}/dnsAuthorizations/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/dnsAuthorizations?dnsAuthorizationId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/dnsAuthorizations/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +schema_version: 1 +state_upgraders: true +examples: + - name: 'certificate_manager_dns_authorization_basic' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + zone_name: 'my-zone' + subdomain: 'subdomain' + - name: 'certificate_manager_dns_authorization_regional' + primary_resource_id: 'default' + vars: + dns_auth_name: 'dns-auth' + zone_name: 'my-zone' + subdomain: 'subdomain' +parameters: + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The Certificate Manager location. If not specified, "global" is used. + url_param_only: true + immutable: true + default_value: "global" +properties: + - name: 'description' + type: String + description: | + A human-readable description of the resource. + - name: 'labels' + type: KeyValueLabels + description: + 'Set of label tags associated with the DNS Authorization resource.' + immutable: false + - name: 'domain' + type: String + description: | + A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + required: true + immutable: true + - name: 'type' + type: Enum + description: | + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + + FIXED_RECORD DNS authorization uses DNS-01 validation method + + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + immutable: true + default_from_api: true + enum_values: + - 'FIXED_RECORD' + - 'PER_PROJECT_RECORD' + - name: 'dnsResourceRecord' + type: NestedObject + description: | + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. + output: true + properties: + - name: 'name' + type: String + description: | + Fully qualified name of the DNS Resource Record. + E.g. `_acme-challenge.example.com`. + output: true + - name: 'type' + type: String + description: | + Type of the DNS Resource Record. + output: true + - name: 'data' + type: String + description: | + Data of the DNS Resource Record. + output: true diff --git a/mmv1/products/certificatemanager/go_TrustConfig.yaml b/mmv1/products/certificatemanager/go_TrustConfig.yaml new file mode 100644 index 000000000000..5357f70d30bf --- /dev/null +++ b/mmv1/products/certificatemanager/go_TrustConfig.yaml @@ -0,0 +1,146 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TrustConfig' +description: | + TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/certificate-manager/docs' + api: 'https://cloud.google.com/certificate-manager/docs/reference/certificate-manager/rest/v1/projects.locations.trustConfigs/create' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/trustConfigs' +self_link: 'projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/trustConfigs?trustConfigId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{location}}/trustConfigs/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'certificate_manager_trust_config' + primary_resource_id: 'default' + vars: + trust_config_name: 'trust-config' + - name: 'certificate_manager_trust_config_allowlisted_certificates' + primary_resource_id: 'default' + vars: + trust_config_name: 'trust-config' +parameters: + - name: 'name' + type: String + description: | + A user-defined name of the trust config. Trust config names must be unique globally. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The trust config location. + url_param_only: true + required: true + immutable: true +properties: + - name: 'createTime' + type: Time + description: | + The creation timestamp of a TrustConfig. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: Time + description: | + The last update timestamp of a TrustConfig. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'labels' + type: KeyValueLabels + description: 'Set of label tags associated with the trust config.' + immutable: false + - name: 'description' + type: String + description: | + One or more paragraphs of text description of a trust config. + - name: 'trustStores' + type: Array + description: | + Set of trust stores to perform validation against. + This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + item_type: + type: NestedObject + properties: + - name: 'trustAnchors' + type: Array + description: | + List of Trust Anchors to be used while performing validation against a given TrustStore. + item_type: + type: NestedObject + properties: + - name: 'pemCertificate' + type: String + description: | + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + sensitive: true + - name: 'intermediateCas' + type: Array + description: | + Set of intermediate CA certificates used for the path building phase of chain validation. + The field is currently not supported if trust config is used for the workload certificate feature. + item_type: + type: NestedObject + properties: + - name: 'pemCertificate' + type: String + description: | + PEM intermediate certificate used for building up paths for validation. + Each certificate provided in PEM format may occupy up to 5kB. + sensitive: true + - name: 'allowlistedCertificates' + type: Array + description: | + Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + item_type: + type: NestedObject + properties: + - name: 'pemCertificate' + type: String + description: | + PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. + required: true diff --git a/mmv1/products/certificatemanager/go_product.yaml b/mmv1/products/certificatemanager/go_product.yaml new file mode 100644 index 000000000000..0644d2acd76a --- /dev/null +++ b/mmv1/products/certificatemanager/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CertificateManager' +display_name: 'Certificate manager' +versions: + - name: 'beta' + base_url: 'https://certificatemanager.googleapis.com/v1/' + - name: 'ga' + base_url: 'https://certificatemanager.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-identity' diff --git a/mmv1/products/cloudasset/go_FolderFeed.yaml b/mmv1/products/cloudasset/go_FolderFeed.yaml new file mode 100644 index 000000000000..e5d6b0af1240 --- /dev/null +++ b/mmv1/products/cloudasset/go_FolderFeed.yaml @@ -0,0 +1,160 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FolderFeed' +description: | + Describes a Cloud Asset Inventory feed used to to listen to asset updates. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/asset-inventory/docs' + api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' +docs: +base_url: 'folders/{{folder_id}}/feeds' +self_link: '{{name}}' +create_url: 'folders/{{folder_id}}/feeds?feedId={{feed_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'feeds' +custom_code: + encoder: 'templates/terraform/encoders/go/cloud_asset_feed.go.tmpl' + pre_create: 'templates/terraform/pre_create/go/cloud_asset_feed.go.tmpl' + post_create: 'templates/terraform/post_create/go/cloud_asset_feed.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/cloud_asset_feed.go.tmpl' +supports_indirect_user_project_override: true +examples: + - name: 'cloud_asset_folder_feed' + primary_resource_id: 'folder_feed' + vars: + feed_id: 'network-updates' + folder_name: 'Networking' + test_env_vars: + project: 'PROJECT_NAME' + org_id: 'ORG_ID' +parameters: + - name: 'folder' + type: String + description: | + The folder this feed should be created in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'billing_project' + type: String + description: | + The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + url_param_only: true + required: true + immutable: true + - name: 'folder_id' + type: String + description: | + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. + output: true + - name: 'name' + type: String + description: | + The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. + output: true + - name: 'feedId' + type: String + description: | + This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. + url_param_only: true + required: true + immutable: true + - name: 'assetNames' + type: Array + description: | + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + item_type: + type: String + - name: 'assetTypes' + type: Array + description: | + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + item_type: + type: String + - name: 'contentType' + type: Enum + description: | + Asset content type. If not specified, no content but the asset name and type will be returned. + enum_values: + - 'CONTENT_TYPE_UNSPECIFIED' + - 'RESOURCE' + - 'IAM_POLICY' + - 'ORG_POLICY' + - 'OS_INVENTORY' + - 'ACCESS_POLICY' + - name: 'feedOutputConfig' + type: NestedObject + description: | + Output configuration for asset feed destination. + required: true + properties: + - name: 'pubsubDestination' + type: NestedObject + description: | + Destination on Cloud Pubsub. + required: true + properties: + - name: 'topic' + type: String + description: | + Destination on Cloud Pubsub topic. + required: true + - name: 'condition' + type: NestedObject + description: | + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. diff --git a/mmv1/products/cloudasset/go_OrganizationFeed.yaml b/mmv1/products/cloudasset/go_OrganizationFeed.yaml new file mode 100644 index 000000000000..0fa98ea528ab --- /dev/null +++ b/mmv1/products/cloudasset/go_OrganizationFeed.yaml @@ -0,0 +1,153 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationFeed' +description: | + Describes a Cloud Asset Inventory feed used to to listen to asset updates. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/asset-inventory/docs' + api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' +docs: +base_url: 'organizations/{{org_id}}/feeds' +self_link: '{{name}}' +create_url: 'organizations/{{org_id}}/feeds?feedId={{feed_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'feeds' +custom_code: + encoder: 'templates/terraform/encoders/go/cloud_asset_feed.go.tmpl' + pre_create: 'templates/terraform/pre_create/go/cloud_asset_feed.go.tmpl' + post_create: 'templates/terraform/post_create/go/cloud_asset_feed.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/cloud_asset_feed.go.tmpl' +supports_indirect_user_project_override: true +examples: + - name: 'cloud_asset_organization_feed' + primary_resource_id: 'organization_feed' + vars: + feed_id: 'network-updates' + test_env_vars: + project: 'PROJECT_NAME' + org_id: 'ORG_ID' +parameters: + - name: 'org_id' + type: String + description: | + The organization this feed should be created in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'billing_project' + type: String + description: | + The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + url_param_only: true + required: true + immutable: true + - name: 'name' + type: String + description: | + The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + output: true + - name: 'feedId' + type: String + description: | + This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. + url_param_only: true + required: true + immutable: true + - name: 'assetNames' + type: Array + description: | + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + item_type: + type: String + - name: 'assetTypes' + type: Array + description: | + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + item_type: + type: String + - name: 'contentType' + type: Enum + description: | + Asset content type. If not specified, no content but the asset name and type will be returned. + enum_values: + - 'CONTENT_TYPE_UNSPECIFIED' + - 'RESOURCE' + - 'IAM_POLICY' + - 'ORG_POLICY' + - 'OS_INVENTORY' + - 'ACCESS_POLICY' + - name: 'feedOutputConfig' + type: NestedObject + description: | + Output configuration for asset feed destination. + required: true + properties: + - name: 'pubsubDestination' + type: NestedObject + description: | + Destination on Cloud Pubsub. + required: true + properties: + - name: 'topic' + type: String + description: | + Destination on Cloud Pubsub topic. + required: true + - name: 'condition' + type: NestedObject + description: | + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. diff --git a/mmv1/products/cloudasset/go_ProjectFeed.yaml b/mmv1/products/cloudasset/go_ProjectFeed.yaml new file mode 100644 index 000000000000..8880b642a71e --- /dev/null +++ b/mmv1/products/cloudasset/go_ProjectFeed.yaml @@ -0,0 +1,144 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectFeed' +description: | + Describes a Cloud Asset Inventory feed used to to listen to asset updates. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/asset-inventory/docs' + api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' +docs: +base_url: 'projects/{{project}}/feeds' +self_link: '{{name}}' +create_url: 'projects/{{project}}/feeds?feedId={{feed_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'feeds' +custom_code: + encoder: 'templates/terraform/encoders/go/cloud_asset_feed.go.tmpl' + pre_create: 'templates/terraform/pre_create/go/cloud_asset_feed.go.tmpl' + post_create: 'templates/terraform/post_create/go/cloud_asset_feed.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/cloud_asset_feed.go.tmpl' +examples: + - name: 'cloud_asset_project_feed' + primary_resource_id: 'project_feed' + vars: + feed_id: 'network-updates' + test_env_vars: + project: 'PROJECT_NAME' +parameters: +properties: + - name: 'billing_project' + type: String + description: | + The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. If not specified, the resource's + project will be used. + url_param_only: true + immutable: true + - name: 'name' + type: String + description: | + The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. + output: true + - name: 'feedId' + type: String + description: | + This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. + url_param_only: true + required: true + immutable: true + - name: 'assetNames' + type: Array + description: | + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + item_type: + type: String + - name: 'assetTypes' + type: Array + description: | + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + item_type: + type: String + - name: 'contentType' + type: Enum + description: | + Asset content type. If not specified, no content but the asset name and type will be returned. + enum_values: + - 'CONTENT_TYPE_UNSPECIFIED' + - 'RESOURCE' + - 'IAM_POLICY' + - 'ORG_POLICY' + - 'OS_INVENTORY' + - 'ACCESS_POLICY' + - name: 'feedOutputConfig' + type: NestedObject + description: | + Output configuration for asset feed destination. + required: true + properties: + - name: 'pubsubDestination' + type: NestedObject + description: | + Destination on Cloud Pubsub. + required: true + properties: + - name: 'topic' + type: String + description: | + Destination on Cloud Pubsub topic. + required: true + - name: 'condition' + type: NestedObject + description: | + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. diff --git a/mmv1/products/cloudasset/go_product.yaml b/mmv1/products/cloudasset/go_product.yaml new file mode 100644 index 000000000000..881677daefb0 --- /dev/null +++ b/mmv1/products/cloudasset/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudAsset' +display_name: 'Cloud Asset Inventory' +versions: + - name: 'ga' + base_url: 'https://cloudasset.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudbuild/go_BitbucketServerConfig.yaml b/mmv1/products/cloudbuild/go_BitbucketServerConfig.yaml new file mode 100644 index 000000000000..57cfd7db6aa1 --- /dev/null +++ b/mmv1/products/cloudbuild/go_BitbucketServerConfig.yaml @@ -0,0 +1,166 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BitbucketServerConfig' +description: | + BitbucketServerConfig represents the configuration for a Bitbucket Server. +references: + guides: + 'Connect to a Bitbucket Server host': 'https://cloud.google.com/build/docs/automating-builds/bitbucket/connect-host-bitbucket-server' + api: 'https://cloud.google.com/build/docs/api/reference/rest/v1/projects.locations.bitbucketServerConfigs' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/bitbucketServerConfigs' +self_link: 'projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/bitbucketServerConfigs?bitbucketServerConfigId={{config_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{config_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/cloudbuild_bitbucketserver_config.go.tmpl' + post_create: 'templates/terraform/post_create/go/cloudbuild_bitbucketserver_config.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/cloudbuild_bitbucketserver_config.go.tmpl' + post_update: 'templates/terraform/post_update/go/cloudbuild_bitbucketserver_config.go.tmpl' +examples: + - name: 'cloudbuild_bitbucket_server_config' + primary_resource_id: 'bbs-config' + vars: + config_id: 'bbs-config' + - name: 'cloudbuild_bitbucket_server_config_repositories' + primary_resource_id: 'bbs-config-with-repos' + vars: + config_id: 'bbs-config' + skip_test: true + - name: 'cloudbuild_bitbucket_server_config_peered_network' + primary_resource_id: 'bbs-config-with-peered-network' + vars: + config_id: 'bbs-config' + network_name: 'vpc-network' + global_address_name: 'private-ip-alloc' +parameters: + - name: 'config_id' + type: String + description: | + The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The location of this bitbucket server config. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name for the config. + output: true + - name: 'hostUri' + type: String + description: | + Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed. + If you need to change it, please create another BitbucketServerConfig. + required: true + - name: 'secrets' + type: NestedObject + description: | + Secret Manager secrets needed by the config. + required: true + properties: + - name: 'adminAccessTokenVersionName' + type: String + description: | + The resource name for the admin access token's secret version. + required: true + - name: 'readAccessTokenVersionName' + type: String + description: | + The resource name for the read access token's secret version. + required: true + - name: 'webhookSecretVersionName' + type: String + description: | + Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed. + Changing this field will result in deleting/ recreating the resource. + required: true + immutable: true + - name: 'username' + type: String + description: | + Username of the account Cloud Build will use on Bitbucket Server. + required: true + - name: 'webhookKey' + type: String + description: | + Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config. + output: true + - name: 'apiKey' + type: String + description: | + Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed. + Changing this field will result in deleting/ recreating the resource. + required: true + immutable: true + - name: 'connectedRepositories' + type: Array + description: | + Connected Bitbucket Server repositories for this config. + is_set: true + item_type: + type: NestedObject + properties: + - name: 'projectKey' + type: String + description: | + Identifier for the project storing the repository. + required: true + - name: 'repoSlug' + type: String + description: | + Identifier for the repository. + required: true + - name: 'peeredNetwork' + type: String + description: | + The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection. + This should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty, + no network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format + projects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project. + - name: 'sslCa' + type: String + description: | + SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt. diff --git a/mmv1/products/cloudbuild/go_Trigger.yaml b/mmv1/products/cloudbuild/go_Trigger.yaml new file mode 100644 index 000000000000..eda4c0ee9b7b --- /dev/null +++ b/mmv1/products/cloudbuild/go_Trigger.yaml @@ -0,0 +1,1328 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Trigger' +description: | + Configuration for an automated build in response to source repository changes. +references: + guides: + 'Automating builds using build triggers': 'https://cloud.google.com/cloud-build/docs/running-builds/automate-builds' + api: 'https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers' +docs: + note: | + You can retrieve the email of the Cloud Build Service Account used in jobs by using the `google_project_service_identity` resource. + # import by default only works with old-style self links ending in a name +id_format: 'projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/triggers' +self_link: 'projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/triggers/{{trigger_id}}' + - 'projects/{{project}}/locations/{{location}}/triggers/{{trigger_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/cloudbuild_trigger.tmpl' + post_create: 'templates/terraform/post_create/go/cloudbuild_trigger_id.go.tmpl' + pre_read: 'templates/terraform/pre_read/go/cloudbuild_trigger.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/cloudbuild_trigger.go.tmpl' + post_import: 'templates/terraform/post_import/go/cloudbuild_trigger.go.tmpl' +custom_diff: + - 'stepTimeoutCustomizeDiff' +schema_version: 2 +state_upgraders: true +examples: + - name: 'cloudbuild_trigger_filename' + primary_resource_id: 'filename-trigger' + - name: 'cloudbuild_trigger_build' + primary_resource_id: 'build-trigger' + vars: + cloudbuild_trigger_name: 'my-trigger' + - name: 'cloudbuild_trigger_service_account' + primary_resource_id: 'service-account-trigger' + vars: + sa_name: 'cloud-sa' + - name: 'cloudbuild_trigger_include_build_logs' + primary_resource_id: 'include-build-logs-trigger' + skip_test: true + - name: 'cloudbuild_trigger_pubsub_config' + primary_resource_id: 'pubsub-config-trigger' + vars: + pubsub_topic_name: 'my-topic' + cloudbuild_trigger_name: 'pubsub-trigger' + - name: 'cloudbuild_trigger_webhook_config' + primary_resource_id: 'webhook-config-trigger' + vars: + cloudbuild_trigger_name: 'webhook-trigger' + secret_id: 'webhook-trigger-secret-key' + - name: 'cloudbuild_trigger_manual' + primary_resource_id: 'manual-trigger' + vars: + cloudbuild_trigger_name: 'manual-trigger' + - name: 'cloudbuild_trigger_manual_github_enterprise' + primary_resource_id: 'manual-ghe-trigger' + skip_test: true + - name: 'cloudbuild_trigger_manual_bitbucket_server' + primary_resource_id: 'manual-bitbucket-trigger' + - name: 'cloudbuild_trigger_repo' + primary_resource_id: 'repo-trigger' + vars: + installation_id: '123123' + pat_secret: 'projects/my-project/secrets/github-pat-secret/versions/latest' + repo_uri: 'https://github.com/myuser/my-repo.git' + cloudbuildv2_connection_name: 'my-connection' + cloudbuildv2_repo_name: 'my-repo' + test_vars_overrides: + 'installation_id': '31300675' + 'pat_secret': '"projects/gcb-terraform-creds/secrets/github-pat/versions/latest"' + 'repo_uri': '"https://github.com/gcb-repos-robot/tf-demo.git"' + - name: 'cloudbuild_trigger_bitbucket_server_push' + primary_resource_id: 'bbs-push-trigger' + vars: + cloudbuild_trigger_name: 'bbs-push-trigger' + - name: 'cloudbuild_trigger_bitbucket_server_pull_request' + primary_resource_id: 'bbs-pull-request-trigger' + vars: + cloudbuild_trigger_name: 'ghe-trigger' + - name: 'cloudbuild_trigger_github_enterprise' + primary_resource_id: 'ghe-trigger' + vars: + cloudbuild_trigger_name: 'ghe-trigger' + skip_test: true + - name: 'cloudbuild_trigger_allow_failure' + primary_resource_id: 'allow-failure-trigger' + vars: + cloudbuild_trigger_name: 'my-trigger' + - name: 'cloudbuild_trigger_allow_exit_codes' + primary_resource_id: 'allow-exit-codes-trigger' + vars: + cloudbuild_trigger_name: 'my-trigger' + - name: 'cloudbuild_trigger_pubsub_with_repo' + primary_resource_id: 'pubsub-with-repo-trigger' + vars: + installation_id: '123123' + pat_secret: 'projects/my-project/secrets/github-pat-secret/versions/latest' + repo_uri: 'https://github.com/myuser/my-repo.git' + cloudbuildv2_connection_name: 'my-connection' + cloudbuildv2_repo_name: 'my-repo' + pubsub_topic_name: 'my-topic' + cloudbuild_trigger_name: 'pubsub-with-repo-trigger' + test_vars_overrides: + 'installation_id': '31300675' + 'pat_secret': '"projects/gcb-terraform-creds/secrets/github-pat/versions/latest"' + 'repo_uri': '"https://github.com/gcb-repos-robot/tf-demo.git"' +parameters: + - name: 'location' + type: String + description: | + The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + url_param_only: true + immutable: true + default_value: "global" +properties: + - name: 'trigger_id' + type: String + description: | + The unique identifier for the trigger. + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the trigger. Must be unique within the project. + default_from_api: true + - name: 'description' + type: String + description: | + Human-readable description of the trigger. + - name: 'tags' + type: Array + description: | + Tags for annotation of a BuildTrigger + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + Whether the trigger is disabled or not. If true, the trigger will never result in a build. + - name: 'createTime' + type: Time + description: | + Time when the trigger was created. + output: true + - name: 'substitutions' + type: KeyValuePairs + description: | + Substitutions data for Build resource. + - name: 'serviceAccount' + type: String + description: | + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + Format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL} + - name: 'includeBuildLogs' + type: Enum + description: | + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS + enum_values: + - 'INCLUDE_BUILD_LOGS_UNSPECIFIED' + - 'INCLUDE_BUILD_LOGS_WITH_STATUS' + - name: 'filename' + type: String + description: | + Path, from the source root, to a file whose contents is used for the template. + Either a filename or build template must be provided. Set this only when using trigger_template or github. + When using Pub/Sub, Webhook or Manual set the file name using git_file_source instead. + exactly_one_of: + - 'filename' + - 'build' + - 'git_file_source' + - name: 'filter' + type: String + description: | + A Common Expression Language string. Used only with Pub/Sub and Webhook. + - name: 'gitFileSource' + type: NestedObject + description: | + The file source describing the local or remote Build template. + exactly_one_of: + - 'filename' + - 'git_file_source' + - 'build' + properties: + - name: 'path' + type: String + description: | + The path of the file, with the repo root as the root of the path. + required: true + - name: 'uri' + type: String + description: | + The URI of the repo (optional). If unspecified, the repo from which the trigger + invocation originated is assumed to be the repo from which to read the specified path. + - name: 'repository' + type: String + description: | + The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository. + If unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path. + - name: 'repoType' + type: Enum + description: | + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER + required: true + enum_values: + - 'UNKNOWN' + - 'CLOUD_SOURCE_REPOSITORIES' + - 'GITHUB' + - 'BITBUCKET_SERVER' + - name: 'revision' + type: String + description: | + The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the + filename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions + If unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path. + - name: 'githubEnterpriseConfig' + type: String + description: | + The full resource name of the github enterprise config. + Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. + - name: 'bitbucketServerConfig' + type: String + description: | + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + - name: 'repositoryEventConfig' + type: NestedObject + description: | + The configuration of a trigger that creates a build whenever an event from Repo API is received. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'repository' + type: String + description: | + The resource name of the Repo API resource. + - name: 'pullRequest' + type: NestedObject + description: | + Contains filter properties for matching Pull Requests. + exactly_one_of: + - 'pull_request' + - 'push' + properties: + - name: 'branch' + type: String + description: | + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - 'branch' + - name: 'invertRegex' + type: Boolean + description: | + If true, branches that do NOT match the git_ref will trigger a build. + - name: 'commentControl' + type: Enum + description: | + Configure builds to run whether a repository owner or collaborator need to comment `/gcbrun`. + enum_values: + - 'COMMENTS_DISABLED' + - 'COMMENTS_ENABLED' + - 'COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY' + - name: 'push' + type: NestedObject + description: | + Contains filter properties for matching git pushes. + exactly_one_of: + - 'pull_request' + - 'push' + properties: + - name: 'branch' + type: String + description: | + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - 'branch' + - 'tag' + - name: 'tag' + type: String + description: | + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - 'branch' + - 'tag' + - name: 'invertRegex' + type: Boolean + description: | + If true, only trigger a build if the revision regex does NOT match the git_ref regex. + - name: 'sourceToBuild' + type: NestedObject + description: | + The repo and ref of the repository from which to build. + This field is used only for those triggers that do not respond to SCM events. + Triggers that respond to such events build source at whatever commit caused the event. + This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. + + One of `trigger_template`, `github`, `pubsub_config` `webhook_config` or `source_to_build` must be provided. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'uri' + type: String + description: | + The URI of the repo. + - name: 'repository' + type: String + description: | + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + - name: 'ref' + type: String + description: | + The branch or tag to use. Must start with "refs/" (required). + required: true + - name: 'repoType' + type: Enum + description: | + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER + required: true + enum_values: + - 'UNKNOWN' + - 'CLOUD_SOURCE_REPOSITORIES' + - 'GITHUB' + - 'BITBUCKET_SERVER' + - name: 'githubEnterpriseConfig' + type: String + description: | + The full resource name of the github enterprise config. + Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. + - name: 'bitbucketServerConfig' + type: String + description: | + The full resource name of the bitbucket server config. + Format: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + - name: 'ignoredFiles' + type: Array + description: | + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for `**`. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + item_type: + type: String + - name: 'includedFiles' + type: Array + description: | + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for `**`. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + item_type: + type: String + - name: 'triggerTemplate' + type: NestedObject + description: | + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of `trigger_template`, `github`, `pubsub_config`, `webhook_config` or `source_to_build` must be provided. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'projectId' + type: String + description: | + ID of the project that owns the Cloud Source Repository. If + omitted, the project ID requesting the build is assumed. + default_from_api: true + - name: 'repoName' + type: String + description: | + Name of the Cloud Source Repository. If omitted, the name "default" is assumed. + default_value: "default" + - name: 'dir' + type: String + description: | + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + + - name: 'invertRegex' + type: Boolean + description: | + Only trigger a build if the revision regex does NOT match the revision regex. + - name: 'branchName' + type: String + description: | + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + exactly_one_of: + - 'trigger_template.0.branch_name' + - 'trigger_template.0.tag_name' + - 'trigger_template.0.commit_sha' + - name: 'tagName' + type: String + description: | + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + exactly_one_of: + - 'trigger_template.0.branch_name' + - 'trigger_template.0.tag_name' + - 'trigger_template.0.commit_sha' + - name: 'commitSha' + type: String + description: | + Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided. + exactly_one_of: + - 'trigger_template.0.branch_name' + - 'trigger_template.0.tag_name' + - 'trigger_template.0.commit_sha' + - name: 'github' + type: NestedObject + description: | + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of `trigger_template`, `github`, `pubsub_config` or `webhook_config` must be provided. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'owner' + type: String + description: | + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + - name: 'name' + type: String + description: | + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + - name: 'pullRequest' + type: NestedObject + description: | + filter to match changes in pull requests. Specify only one of `pull_request` or `push`. + exactly_one_of: + - 'github.0.pull_request' + - 'github.0.push' + properties: + - name: 'branch' + type: String + description: | + Regex of branches to match. + required: true + - name: 'commentControl' + type: Enum + description: | + Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. + enum_values: + - 'COMMENTS_DISABLED' + - 'COMMENTS_ENABLED' + - 'COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY' + - name: 'invertRegex' + type: Boolean + description: | + If true, branches that do NOT match the git_ref will trigger a build. + - name: 'push' + type: NestedObject + description: | + filter to match changes in refs, like branches or tags. Specify only one of `pull_request` or `push`. + exactly_one_of: + - 'github.0.pull_request' + - 'github.0.push' + properties: + - name: 'invertRegex' + type: Boolean + description: | + When true, only trigger a build if the revision regex does NOT match the git_ref regex. + - name: 'branch' + type: String + description: | + Regex of branches to match. Specify only one of branch or tag. + exactly_one_of: + - 'github.0.push.0.branch' + - 'github.0.push.0.tag' + - name: 'tag' + type: String + description: | + Regex of tags to match. Specify only one of branch or tag. + exactly_one_of: + - 'github.0.push.0.branch' + - 'github.0.push.0.tag' + - name: 'enterpriseConfigResourceName' + type: String + description: | + The resource name of the github enterprise config that should be applied to this installation. + For example: "projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}" + - name: 'bitbucketServerTriggerConfig' + type: NestedObject + description: | + BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'repoSlug' + type: String + description: | + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + required: true + - name: 'projectKey' + type: String + description: | + Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is "TEST". + required: true + - name: 'bitbucketServerConfigResource' + type: String + description: | + The Bitbucket server config resource that this trigger config maps to. + required: true + - name: 'pullRequest' + type: NestedObject + description: | + Filter to match changes in pull requests. + exactly_one_of: + - 'bitbucket_server_trigger_config.0.pull_request' + - 'bitbucket_server_trigger_config.0.push' + properties: + - name: 'branch' + type: String + description: | + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax + required: true + - name: 'commentControl' + type: Enum + description: | + Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. + enum_values: + - 'COMMENTS_DISABLED' + - 'COMMENTS_ENABLED' + - 'COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY' + - name: 'invertRegex' + type: Boolean + description: | + If true, branches that do NOT match the git_ref will trigger a build. + - name: 'push' + type: NestedObject + description: | + Filter to match changes in refs like branches, tags. + exactly_one_of: + - 'bitbucket_server_trigger_config.0.pull_request' + - 'bitbucket_server_trigger_config.0.push' + properties: + - name: 'invertRegex' + type: Boolean + description: | + When true, only trigger a build if the revision regex does NOT match the gitRef regex. + - name: 'branch' + type: String + description: | + Regex of branches to match. Specify only one of branch or tag. + exactly_one_of: + - 'bitbucket_server_trigger_config.0.push.0.branch' + - 'bitbucket_server_trigger_config.0.push.0.tag' + - name: 'tag' + type: String + description: | + Regex of tags to match. Specify only one of branch or tag. + exactly_one_of: + - 'bitbucket_server_trigger_config.0.push.0.branch' + - 'bitbucket_server_trigger_config.0.push.0.tag' + - name: 'pubsubConfig' + type: NestedObject + description: | + PubsubConfig describes the configuration of a trigger that creates + a build whenever a Pub/Sub message is published. + + One of `trigger_template`, `github`, `pubsub_config` `webhook_config` or `source_to_build` must be provided. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'subscription' + type: String + description: | + Output only. Name of the subscription. + output: true + - name: 'topic' + type: String + description: | + The name of the topic from which this subscription is receiving messages. + required: true + - name: 'service_account_email' + type: String + description: | + Service account that will make the push request. + - name: 'state' + type: String + description: | + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + output: true + - name: 'webhookConfig' + type: NestedObject + description: | + WebhookConfig describes the configuration of a trigger that creates + a build whenever a webhook is sent to a trigger's webhook URL. + + One of `trigger_template`, `github`, `pubsub_config` `webhook_config` or `source_to_build` must be provided. + at_least_one_of: + - 'trigger_template' + - 'github' + - 'bitbucket_server_trigger_config' + - 'pubsub_config' + - 'webhook_config' + - 'source_to_build' + - 'repository_event_config' + properties: + - name: 'secret' + type: String + description: | + Resource name for the secret required as a URL parameter. + required: true + - name: 'state' + type: String + description: | + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + output: true + - name: 'approvalConfig' + type: NestedObject + description: | + Configuration for manual approval to start a build invocation of this BuildTrigger. + Builds created by this trigger will require approval before they execute. + Any user with a Cloud Build Approver role for the project can approve a build. + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/cloudbuild_approval_required.go.tmpl' + properties: + - name: 'approvalRequired' + type: Boolean + description: | + Whether or not approval is needed. If this is set on a build, it will become pending when run, + and will need to be explicitly approved to start. + default_value: false + - name: 'build' + type: NestedObject + description: | + Contents of the build template. Either a filename or build template must be provided. + exactly_one_of: + - 'filename' + - 'build' + - 'git_file_source' + properties: + - name: 'source' + type: NestedObject + description: | + The location of the source files to build. + + One of `storageSource` or `repoSource` must be provided. + properties: + - name: 'storageSource' + type: NestedObject + description: | + Location of the source in an archive file in Google Cloud Storage. + properties: + - name: 'bucket' + type: String + description: | + Google Cloud Storage bucket containing the source. + required: true + - name: 'object' + type: String + description: | + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + required: true + - name: 'generation' + type: String + description: | + Google Cloud Storage generation for the object. + If the generation is omitted, the latest generation will be used + - name: 'repoSource' + type: NestedObject + description: | + Location of the source in a Google Cloud Source Repository. + properties: + - name: 'projectId' + type: String + description: | + ID of the project that owns the Cloud Source Repository. + If omitted, the project ID requesting the build is assumed. + - name: 'repoName' + type: String + description: | + Name of the Cloud Source Repository. + required: true + - name: 'dir' + type: String + description: | + Directory, relative to the source root, in which to run the build. + This must be a relative path. If a step's dir is specified and is an absolute path, + this value is ignored for that step's execution. + - name: 'invertRegex' + type: Boolean + description: | + Only trigger a build if the revision regex does NOT match the revision regex. + - name: 'substitutions' + type: KeyValuePairs + description: | + Substitutions to use in a triggered build. Should only be used with triggers.run + - name: 'branchName' + type: String + description: | + Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - 'build.0.source.0.repo_source.0.branch_name' + - 'build.0.source.0.repo_source.0.commit_sha' + - 'build.0.source.0.repo_source.0.tag_name' + - name: 'tagName' + type: String + description: | + Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - 'build.0.source.0.repo_source.0.branch_name' + - 'build.0.source.0.repo_source.0.commit_sha' + - 'build.0.source.0.repo_source.0.tag_name' + - name: 'commitSha' + type: String + description: | + Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided. + exactly_one_of: + - 'build.0.source.0.repo_source.0.branch_name' + - 'build.0.source.0.repo_source.0.commit_sha' + - 'build.0.source.0.repo_source.0.tag_name' + - name: 'tags' + type: Array + description: | + Tags for annotation of a Build. These are not docker tags. + item_type: + type: String + - name: 'images' + type: Array + description: | + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + item_type: + type: String + - name: 'substitutions' + type: KeyValuePairs + description: | + Substitutions data for Build resource. + - name: 'queueTtl' + type: String + description: | + TTL in queue for this build. If provided and the build is enqueued longer than this value, + the build will expire and the build status will be EXPIRED. + The TTL starts ticking from createTime. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - name: 'logsBucket' + type: String + description: | + Google Cloud Storage bucket where logs should be written. + Logs file names will be of the format ${logsBucket}/log-${build_id}.txt. + - name: 'timeout' + type: String + description: | + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + default_value: "600s" + - name: 'secret' + type: Array + description: | + Secrets to decrypt using Cloud Key Management Service. + api_name: secrets + item_type: + type: NestedObject + properties: + - name: 'kmsKeyName' + type: String + description: | + Cloud KMS key name to use to decrypt these envs. + required: true + - name: 'secretEnv' + type: KeyValuePairs + description: | + Map of environment variable name to its encrypted value. + Secret environment variables must be unique across all of a build's secrets, + and must be used by at least one build step. Values can be at most 64 KB in size. + There can be at most 100 secret values across all of a build's secrets. + - name: 'availableSecrets' + type: NestedObject + description: | + Secrets and secret environment variables. + properties: + - name: 'secretManager' + type: Array + description: | + Pairs a secret environment variable with a SecretVersion in Secret Manager. + required: true + item_type: + type: NestedObject + properties: + - name: 'versionName' + type: String + description: | + Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/* + required: true + - name: 'env' + type: String + description: | + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + required: true + - name: 'step' + type: Array + description: | + The operations to be performed on the workspace. + api_name: steps + required: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name of the container image that will run this particular build step. + + If the image is available in the host's Docker daemon's cache, it will be + run directly. If not, the host will attempt to pull the image first, using + the builder service account's credentials if necessary. + + The Docker daemon's cache will already have the latest versions of all of + the officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + for images and examples). + The Docker daemon will also have cached many of the layers for some popular + images, like "ubuntu", "debian", but they will be refreshed at the time + you attempt to use them. + + If you built an image in a previous build step, it will be stored in the + host's Docker daemon's cache and is available to use as the name for a + later build step. + required: true + - name: 'args' + type: Array + description: | + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + item_type: + type: String + - name: 'env' + type: Array + description: | + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + item_type: + type: String + - name: 'id' + type: String + description: | + Unique identifier for this build step, used in `wait_for` to + reference this build step as a dependency. + - name: 'entrypoint' + type: String + description: | + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used + - name: 'dir' + type: String + description: | + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a `volume` for that path is specified. + + If the build specifies a `RepoSource` with `dir` and a step with a + `dir`, + which specifies an absolute path, the `RepoSource` `dir` is ignored + for the step's execution. + - name: 'secretEnv' + type: Array + description: | + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's `Secret`. + item_type: + type: String + - name: 'timeout' + type: String + description: | + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + - name: 'timing' + type: String + description: | + Output only. Stores timing information for executing this + build step. + immutable: false + - name: 'volumes' + type: Array + description: | + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + required: true + - name: 'path' + type: String + description: | + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + required: true + - name: 'waitFor' + type: Array + description: | + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in `wait_for` + have completed successfully. If `wait_for` is empty, this build step + will start when all previous build steps in the `Build.Steps` list + have completed successfully. + item_type: + type: String + - name: 'script' + type: String + description: | + A shell script to be executed in the step. + When script is provided, the user cannot specify the entrypoint or args. + - name: 'allowFailure' + type: Boolean + description: | + Allow this build step to fail without failing the entire build. + If false, the entire build will fail if this step fails. Otherwise, the + build will succeed, but this step will still have a failure status. + Error information will be reported in the `failureDetail` field. + + `allowExitCodes` takes precedence over this field. + - name: 'allowExitCodes' + type: Array + description: | + Allow this build step to fail without failing the entire build if and + only if the exit code is one of the specified codes. + + If `allowFailure` is also specified, this field will take precedence. + item_type: + type: Integer + - name: 'artifacts' + type: NestedObject + description: | + Artifacts produced by the build that should be uploaded upon successful completion of all build steps. + properties: + - name: 'images' + type: Array + description: | + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + item_type: + type: String + - name: 'objects' + type: NestedObject + description: | + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + - name: 'location' + type: String + description: | + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + - name: 'paths' + type: Array + description: | + Path globs used to match files in the build's workspace. + item_type: + type: String + - name: 'timing' + type: NestedObject + description: | + Output only. Stores timing information for pushing all artifact objects. + output: true + properties: + - name: 'startTime' + type: String + description: | + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - name: 'endTime' + type: String + description: | + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - name: 'mavenArtifacts' + type: Array + description: | + A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + item_type: + type: NestedObject + properties: + - name: 'repository' + type: String + description: | + Artifact Registry repository, in the form "https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY" + + Artifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix. + - name: 'path' + type: String + description: | + Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar. + - name: 'artifactId' + type: String + description: | + Maven artifactId value used when uploading the artifact to Artifact Registry. + - name: 'groupId' + type: String + description: | + Maven groupId value used when uploading the artifact to Artifact Registry. + - name: 'version' + type: String + description: | + Maven version value used when uploading the artifact to Artifact Registry. + - name: 'pythonPackages' + type: Array + description: | + Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + item_type: + type: NestedObject + properties: + - name: 'repository' + type: String + description: | + Artifact Registry repository, in the form "https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY" + + Files in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix. + - name: 'paths' + type: Array + description: | + Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file. + item_type: + type: String + - name: 'npmPackages' + type: Array + description: | + Npm package to upload to Artifact Registry upon successful completion of all build steps. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + item_type: + type: NestedObject + properties: + - name: 'repository' + type: String + description: | + Artifact Registry repository, in the form "https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY" + + Npm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix. + - name: 'packagePath' + type: String + description: | + Path to the package.json. e.g. workspace/path/to/package + - name: 'options' + type: NestedObject + description: | + Special options for this build. + properties: + - name: 'sourceProvenanceHash' + type: Array + description: | + Requested hash for SourceProvenance. + item_type: + type: Enum + description: | + Specifies the hash algorithm, if any. + enum_values: + - 'NONE' + - 'SHA256' + - 'MD5' + - name: 'requestedVerifyOption' + type: Enum + description: | + Requested verifiability options. + enum_values: + - 'NOT_VERIFIED' + - 'VERIFIED' + - name: 'machineType' + type: String + description: | + Compute Engine machine type on which to run the build. + - name: 'diskSizeGb' + type: Integer + description: | + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + - name: 'substitutionOption' + type: Enum + description: | + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. + enum_values: + - 'MUST_MATCH' + - 'ALLOW_LOOSE' + - name: 'dynamicSubstitutions' + type: Boolean + description: | + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + send_empty_value: true + - name: 'logStreamingOption' + type: Enum + description: | + Option to define build log streaming behavior to Google Cloud Storage. + enum_values: + - 'STREAM_DEFAULT' + - 'STREAM_ON' + - 'STREAM_OFF' + - name: 'workerPool' + type: String + description: | + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + - name: 'logging' + type: Enum + description: | + Option to specify the logging mode, which determines if and where build logs are stored. + enum_values: + - 'LOGGING_UNSPECIFIED' + - 'LEGACY' + - 'GCS_ONLY' + - 'STACKDRIVER_ONLY' + - 'CLOUD_LOGGING_ONLY' + - 'NONE' + - name: 'env' + type: Array + description: | + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + item_type: + type: String + - name: 'secretEnv' + type: Array + description: | + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + item_type: + type: String + - name: 'volumes' + type: Array + description: | + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + - name: 'path' + type: String + description: | + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. diff --git a/mmv1/products/cloudbuild/go_product.yaml b/mmv1/products/cloudbuild/go_product.yaml new file mode 100644 index 000000000000..0f2aa50748c9 --- /dev/null +++ b/mmv1/products/cloudbuild/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudBuild' +legacy_name: 'cloudbuild' +display_name: 'Cloud Build' +versions: + - name: 'ga' + base_url: 'https://cloudbuild.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudbuildv2/Connection.yaml b/mmv1/products/cloudbuildv2/Connection.yaml index 0678336e62b4..d4098206e000 100644 --- a/mmv1/products/cloudbuildv2/Connection.yaml +++ b/mmv1/products/cloudbuildv2/Connection.yaml @@ -26,7 +26,7 @@ async: !ruby/object:Api::OpAsync base_url: '{{op_id}}' update_verb: :PATCH description: | - A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center or GitLab. + A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center/Cloud or GitLab. exclude_tgc: true legacy_long_form_project: true iam_policy: !ruby/object:Api::Resource::IamPolicy @@ -84,6 +84,8 @@ properties: conflicts: - 'github_enterprise_config' - 'gitlab_config' + - 'bitbucket_cloud_config' + - 'bitbucket_data_center_config' properties: - !ruby/object:Api::Type::NestedObject name: authorizerCredential @@ -105,6 +107,8 @@ properties: conflicts: - 'github_config' - 'gitlab_config' + - 'bitbucket_cloud_config' + - 'bitbucket_data_center_config' description: Configuration for connections to an instance of GitHub Enterprise. properties: - !ruby/object:Api::Type::String @@ -145,6 +149,8 @@ properties: conflicts: - 'github_config' - 'github_enterprise_config' + - 'bitbucket_cloud_config' + - 'bitbucket_data_center_config' description: Configuration for connections to gitlab.com or an instance of GitLab Enterprise. properties: - !ruby/object:Api::Type::String @@ -201,6 +207,116 @@ properties: name: serverVersion description: Output only. Version of the GitLab Enterprise server running on the `host_uri`. output: true + - !ruby/object:Api::Type::NestedObject + name: bitbucketDataCenterConfig + conflicts: + - 'github_config' + - 'github_enterprise_config' + - 'bitbucket_cloud_config' + - 'gitlab_config' + description: Configuration for connections to Bitbucket Data Center. + properties: + - !ruby/object:Api::Type::String + name: hostUri + description: The URI of the Bitbucket Data Center host this connection is for. + required: true + - !ruby/object:Api::Type::String + name: webhookSecretSecretVersion + description: Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as `projects/*/secrets/*/versions/*`. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::NestedObject + name: readAuthorizerCredential + description: Required. A http access token with the `REPO_READ` access. + required: true + properties: + - !ruby/object:Api::Type::String + name: userTokenSecretVersion + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::String + name: username + description: Output only. The username associated to this token. + output: true + - !ruby/object:Api::Type::NestedObject + name: authorizerCredential + description: Required. A http access token with the `REPO_ADMIN` scope access. + required: true + properties: + - !ruby/object:Api::Type::String + name: userTokenSecretVersion + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::String + name: username + description: Output only. The username associated to this token. + output: true + - !ruby/object:Api::Type::NestedObject + name: serviceDirectoryConfig + description: Configuration for using Service Directory to privately connect to a Bitbucket Data Center. This should only be set if the Bitbucket Data Center is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the Bitbucket Data Center will be made over the public internet. + properties: + - !ruby/object:Api::Type::String + name: service + description: 'Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::String + name: sslCa + description: SSL certificate to use for requests to the Bitbucket Data Center. + - !ruby/object:Api::Type::String + name: serverVersion + description: Output only. Version of the Bitbucket Data Center running on the `host_uri`. + output: true + - !ruby/object:Api::Type::NestedObject + name: bitbucketCloudConfig + conflicts: + - 'github_config' + - 'github_enterprise_config' + - 'gitlab_config' + - 'bitbucket_data_center_config' + description: Configuration for connections to Bitbucket Cloud. + properties: + - !ruby/object:Api::Type::String + name: workspace + description: The Bitbucket Cloud Workspace ID to be connected to Google Cloud Platform. + required: true + - !ruby/object:Api::Type::String + name: webhookSecretSecretVersion + description: Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as `projects/*/secrets/*/versions/*`. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::NestedObject + name: readAuthorizerCredential + description: Required. An access token with the `repository` access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate the credentials. + required: true + properties: + - !ruby/object:Api::Type::String + name: userTokenSecretVersion + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::String + name: username + description: Output only. The username associated to this token. + output: true + - !ruby/object:Api::Type::NestedObject + name: authorizerCredential + description: Required. An access token with the `webhook`, `repository`, `repository:admin` and `pullrequest` scope access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate these credentials. + required: true + properties: + - !ruby/object:Api::Type::String + name: userTokenSecretVersion + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - !ruby/object:Api::Type::String + name: username + description: Output only. The username associated to this token. + output: true - !ruby/object:Api::Type::NestedObject name: installationState description: Output only. Installation state of the Connection. diff --git a/mmv1/products/cloudbuildv2/go_Connection.yaml b/mmv1/products/cloudbuildv2/go_Connection.yaml new file mode 100644 index 000000000000..027d933d153a --- /dev/null +++ b/mmv1/products/cloudbuildv2/go_Connection.yaml @@ -0,0 +1,360 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Connection' +description: | + A connection to a SCM like GitHub, GitHub Enterprise, Bitbucket Data Center/Cloud or GitLab. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/build/docs' + api: 'https://cloud.google.com/build/docs/api/reference/rest' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/connections/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/connections' +self_link: 'projects/{{project}}/locations/{{location}}/connections/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/connections?connectionId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{location}}/connections/{{name}}' + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false +iam_policy: + skip_import_test: true + method_name_separator: ':' + allowed_iam_role: 'roles/cloudbuild.connectionViewer' + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: +exclude_tgc: true +legacy_long_form_project: true +examples: + - name: 'cloudbuildv2_connection' + primary_resource_id: 'my-connection' + primary_resource_name: 'fmt.Sprintf("tf-test-connection%s", context["random_suffix"])' + vars: + connection_name: 'tf-test-connection' + - name: 'cloudbuildv2_connection_ghe' + skip_test: true + - name: 'cloudbuildv2_connection_github' + skip_test: true +parameters: + - name: 'name' + type: String + description: Immutable. The resource name of the connection. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: The location for the resource + url_param_only: true + required: true + immutable: true +properties: + - name: 'createTime' + type: String + description: Output only. Server assigned timestamp for when the connection was created. + output: true + - name: 'updateTime' + type: String + description: Output only. Server assigned timestamp for when the connection was updated. + output: true + - name: 'githubConfig' + type: NestedObject + description: Configuration for connections to github.com. + conflicts: + - github_enterprise_config + - gitlab_config + - bitbucket_cloud_config + - bitbucket_data_center_config + properties: + - name: 'authorizerCredential' + type: NestedObject + description: OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App. + properties: + - name: 'oauthTokenSecretVersion' + type: String + description: 'A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'appInstallationId' + type: Integer + description: GitHub App installation id. + - name: 'githubEnterpriseConfig' + type: NestedObject + description: Configuration for connections to an instance of GitHub Enterprise. + conflicts: + - github_config + - gitlab_config + - bitbucket_cloud_config + - bitbucket_data_center_config + properties: + - name: 'hostUri' + type: String + description: Required. The URI of the GitHub Enterprise host this connection is for. + required: true + - name: 'appId' + type: Integer + description: Id of the GitHub App created from the manifest. + - name: 'appSlug' + type: String + description: The URL-friendly name of the GitHub App. + - name: 'privateKeySecretVersion' + type: String + description: SecretManager resource containing the private key of the GitHub App, formatted as `projects/*/secrets/*/versions/*`. + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'webhookSecretSecretVersion' + type: String + description: SecretManager resource containing the webhook secret of the GitHub App, formatted as `projects/*/secrets/*/versions/*`. + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'appInstallationId' + type: Integer + description: ID of the installation of the GitHub App. + - name: 'serviceDirectoryConfig' + type: NestedObject + description: Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet. + properties: + - name: 'service' + type: String + description: 'Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'sslCa' + type: String + description: SSL certificate to use for requests to GitHub Enterprise. + - name: 'gitlabConfig' + type: NestedObject + description: Configuration for connections to gitlab.com or an instance of GitLab Enterprise. + conflicts: + - github_config + - github_enterprise_config + - bitbucket_cloud_config + - bitbucket_data_center_config + properties: + - name: 'hostUri' + type: String + description: The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com. + default_from_api: true + - name: 'webhookSecretSecretVersion' + type: String + description: Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as `projects/*/secrets/*/versions/*`. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'readAuthorizerCredential' + type: NestedObject + description: Required. A GitLab personal access token with the minimum `read_api` scope access. + required: true + properties: + - name: 'userTokenSecretVersion' + type: String + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'authorizerCredential' + type: NestedObject + description: Required. A GitLab personal access token with the `api` scope access. + required: true + properties: + - name: 'userTokenSecretVersion' + type: String + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'serviceDirectoryConfig' + type: NestedObject + description: Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. + properties: + - name: 'service' + type: String + description: 'Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'sslCa' + type: String + description: SSL certificate to use for requests to GitLab Enterprise. + - name: 'serverVersion' + type: String + description: Output only. Version of the GitLab Enterprise server running on the `host_uri`. + output: true + - name: 'bitbucketDataCenterConfig' + type: NestedObject + description: Configuration for connections to Bitbucket Data Center. + conflicts: + - github_config + - github_enterprise_config + - bitbucket_cloud_config + - gitlab_config + properties: + - name: 'hostUri' + type: String + description: The URI of the Bitbucket Data Center host this connection is for. + required: true + - name: 'webhookSecretSecretVersion' + type: String + description: Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as `projects/*/secrets/*/versions/*`. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'readAuthorizerCredential' + type: NestedObject + description: Required. A http access token with the `REPO_READ` access. + required: true + properties: + - name: 'userTokenSecretVersion' + type: String + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'authorizerCredential' + type: NestedObject + description: Required. A http access token with the `REPO_ADMIN` scope access. + required: true + properties: + - name: 'userTokenSecretVersion' + type: String + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'serviceDirectoryConfig' + type: NestedObject + description: Configuration for using Service Directory to privately connect to a Bitbucket Data Center. This should only be set if the Bitbucket Data Center is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the Bitbucket Data Center will be made over the public internet. + properties: + - name: 'service' + type: String + description: 'Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'sslCa' + type: String + description: SSL certificate to use for requests to the Bitbucket Data Center. + - name: 'serverVersion' + type: String + description: Output only. Version of the Bitbucket Data Center running on the `host_uri`. + output: true + - name: 'bitbucketCloudConfig' + type: NestedObject + description: Configuration for connections to Bitbucket Cloud. + conflicts: + - github_config + - github_enterprise_config + - gitlab_config + - bitbucket_data_center_config + properties: + - name: 'workspace' + type: String + description: The Bitbucket Cloud Workspace ID to be connected to Google Cloud Platform. + required: true + - name: 'webhookSecretSecretVersion' + type: String + description: Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as `projects/*/secrets/*/versions/*`. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'readAuthorizerCredential' + type: NestedObject + description: Required. An access token with the `repository` access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate the credentials. + required: true + properties: + - name: 'userTokenSecretVersion' + type: String + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'authorizerCredential' + type: NestedObject + description: Required. An access token with the `webhook`, `repository`, `repository:admin` and `pullrequest` scope access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate these credentials. + required: true + properties: + - name: 'userTokenSecretVersion' + type: String + description: 'Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: `projects/*/secrets/*/versions/*`.' + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'username' + type: String + description: Output only. The username associated to this token. + output: true + - name: 'installationState' + type: NestedObject + description: Output only. Installation state of the Connection. + output: true + properties: + - name: 'stage' + type: Enum + description: Output only. Current step of the installation process. + output: true + enum_values: + - 'STAGE_UNSPECIFIED' + - 'PENDING_CREATE_APP' + - 'PENDING_USER_OAUTH' + - 'PENDING_INSTALL_APP' + - 'COMPLETE' + - name: 'message' + type: String + description: Output only. Message of what the user should do next to continue the installation. Empty string if the installation is already complete. + output: true + - name: 'actionUri' + type: String + description: Output only. Link to follow for next action. Empty string if the installation is already complete. + output: true + - name: 'disabled' + type: Boolean + description: If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled. + - name: 'reconciling' + type: Boolean + description: Output only. Set to true when the connection is being set up or updated in the background. + output: true + - name: 'annotations' + type: KeyValueAnnotations + description: Allows clients to store small amounts of arbitrary data. + - name: 'etag' + type: Fingerprint + description: This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. + output: true diff --git a/mmv1/products/cloudbuildv2/go_Repository.yaml b/mmv1/products/cloudbuildv2/go_Repository.yaml new file mode 100644 index 000000000000..167d611f8544 --- /dev/null +++ b/mmv1/products/cloudbuildv2/go_Repository.yaml @@ -0,0 +1,109 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Repository' +description: "A repository associated to a parent connection." +references: + guides: + 'Official Documentation': 'https://cloud.google.com/build/docs' + api: 'https://cloud.google.com/build/docs/api/reference/rest' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories' +self_link: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/repositories?repositoryId={{name}}' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false +custom_code: + encoder: 'templates/terraform/encoders/go/cloudbuildv2_repository.go.tmpl' +exclude_tgc: true +legacy_long_form_project: true +examples: + - name: 'cloudbuildv2_repository_ghe' + primary_resource_id: 'primary' + vars: + connection_name: 'connection' + repository_name: 'repository' + skip_docs: true + - name: 'cloudbuildv2_repository_github' + primary_resource_id: 'primary' + vars: + connection_name: 'connection' + repository_name: 'repository' + skip_docs: true + - name: 'cloudbuildv2_repository_gle' + primary_resource_id: 'primary' + vars: + connection_name: 'connection' + repository_name: 'repository' + skip_docs: true + - name: 'cloudbuildv2_repository_ghe_doc' + skip_test: true + - name: 'cloudbuildv2_repository_github_doc' + skip_test: true +parameters: + - name: 'location' + type: String + description: The location for the resource + url_param_only: true + immutable: true + default_from_api: true + - name: 'parent_connection' + type: ResourceRef + description: The connection for the resource + url_param_only: true + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + resource: 'connection' + imports: 'name' +properties: + - name: 'name' + type: String + description: Name of the repository. + required: true + immutable: true + ignore_read: true + - name: 'remoteUri' + type: String + description: Required. Git Clone HTTPS URI. + required: true + immutable: true + - name: 'createTime' + type: String + description: Output only. Server assigned timestamp for when the connection was created. + output: true + - name: 'updateTime' + type: String + description: Output only. Server assigned timestamp for when the connection was updated. + output: true + - name: 'annotations' + type: KeyValueAnnotations + description: Allows clients to store small amounts of arbitrary data. + immutable: true + - name: 'etag' + type: String + description: This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. + output: true diff --git a/mmv1/products/cloudbuildv2/go_product.yaml b/mmv1/products/cloudbuildv2/go_product.yaml new file mode 100644 index 000000000000..4963430cccf4 --- /dev/null +++ b/mmv1/products/cloudbuildv2/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Cloudbuildv2' +display_name: 'Cloud Build v2' +versions: + - name: 'ga' + base_url: 'https://cloudbuild.googleapis.com/v2/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/clouddeploy/go_Automation.yaml b/mmv1/products/clouddeploy/go_Automation.yaml new file mode 100644 index 000000000000..c32ee0bc28d9 --- /dev/null +++ b/mmv1/products/clouddeploy/go_Automation.yaml @@ -0,0 +1,178 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Automation' +description: | + An `Automation` enables the automation of manually driven actions for a Delivery Pipeline, which includes Release promotion amongst Targets, Rollout repair and Rollout deployment strategy advancement. +references: + guides: + 'Automate your deployment': 'https://cloud.google.com/deploy/docs/automation' + api: 'https://cloud.google.com/deploy/docs/api/reference/rest/v1/projects.locations.deliveryPipelines.automations' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{delivery_pipeline}}/automations/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{delivery_pipeline}}/automations' +self_link: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{delivery_pipeline}}/automations/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{delivery_pipeline}}/automations?automationId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{delivery_pipeline}}/automations/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'clouddeploy_automation_basic' + primary_resource_id: 'b-automation' + vars: + automation: 'cd-automation' + delivery_pipeline: 'cd-pipeline' + test_env_vars: + service_account: 'SERVICE_ACCT' + - name: 'clouddeploy_automation_full' + primary_resource_id: 'f-automation' + vars: + automation: 'cd-automation' + delivery_pipeline: 'cd-pipeline' + test_env_vars: + service_account: 'SERVICE_ACCT' +parameters: + - name: 'location' + type: String + description: "The location for the resource" + url_param_only: true + required: true + immutable: true + - name: 'delivery_pipeline' + type: String + description: "The delivery_pipeline for the resource" + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: "Name of the `Automation`." + url_param_only: true + required: true + immutable: true + - name: 'uid' + type: String + description: "Output only. Unique identifier of the `Automation`." + output: true + - name: 'description' + type: String + description: "Optional. Description of the `Automation`. Max length is 255 characters." + - name: 'createTime' + type: String + description: "Output only. Time at which the automation was created." + output: true + - name: 'updateTime' + type: String + description: "Output only. Time at which the automation was updated." + output: true + - name: 'annotations' + type: KeyValueAnnotations + description: "Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash (`/`). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character (`[a-z0-9A-Z]`) with dashes (`-`), underscores (`_`), dots (`.`), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots(`.`), not longer than 253 characters in total, followed by a slash (`/`). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details." + - name: 'labels' + type: KeyValueLabels + description: "Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be <= 63 characters." + immutable: false + - name: 'etag' + type: String + description: "Optional. The weak etag of the `Automation` resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding." + output: true + - name: 'suspended' + type: Boolean + description: "Optional. When Suspended, automation is deactivated from execution." + send_empty_value: true + - name: 'serviceAccount' + type: String + description: "Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources." + required: true + - name: 'selector' + type: NestedObject + description: "Required. Selected resources to which the automation will be applied." + required: true + properties: + - name: 'targets' + type: Array + description: "Contains attributes about a target." + required: true + item_type: + type: NestedObject + properties: + - name: 'id' + type: String + description: "ID of the `Target`. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * \"*\", all targets in a location." + - name: 'labels' + type: KeyValuePairs + description: "Target labels." + default_from_api: true + - name: 'rules' + type: Array + description: "Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution." + required: true + item_type: + type: NestedObject + properties: + - name: 'promoteReleaseRule' + type: NestedObject + description: "Optional. `PromoteReleaseRule` will automatically promote a release from the current target to a specified target." + properties: + - name: 'id' + type: String + description: "Required. ID of the rule. This id must be unique in the `Automation` resource to which this rule belongs. The format is `a-z{0,62}`." + required: true + - name: 'wait' + type: String + description: "Optional. How long the release need to be paused until being promoted to the next target." + - name: 'destinationTargetId' + type: String + description: "Optional. The ID of the stage in the pipeline to which this `Release` is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * \"@next\", the next target in the promotion sequence." + - name: 'destinationPhase' + type: String + description: "Optional. The starting phase of the rollout created by this operation. Default to the first phase." + - name: 'advanceRolloutRule' + type: NestedObject + description: "Optional. The `AdvanceRolloutRule` will automatically advance a successful Rollout." + properties: + - name: 'id' + type: String + description: "Required. ID of the rule. This id must be unique in the `Automation` resource to which this rule belongs. The format is `a-z{0,62}`." + required: true + - name: 'wait' + type: String + description: "Optional. How long to wait after a rollout is finished." + - name: 'sourcePhases' + type: Array + description: "Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`." + item_type: + type: String diff --git a/mmv1/products/clouddeploy/go_CustomTargetType.yaml b/mmv1/products/clouddeploy/go_CustomTargetType.yaml new file mode 100644 index 000000000000..183e1e1bbc12 --- /dev/null +++ b/mmv1/products/clouddeploy/go_CustomTargetType.yaml @@ -0,0 +1,197 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CustomTargetType' +description: | + A Cloud Deploy `CustomTargetType` defines a type of custom target that can be referenced in a + Cloud Deploy `Target` in order to facilitate deploying to other systems besides the supported runtimes. +references: + guides: + 'Define and use a custom target type': 'https://cloud.google.com/deploy/docs/deploy-app-custom-target' + api: 'https://cloud.google.com/deploy/docs/api/reference/rest/v1/projects.locations.customTargetTypes' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/customTargetTypes/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/customTargetTypes' +self_link: 'projects/{{project}}/locations/{{location}}/customTargetTypes/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/customTargetTypes?customTargetTypeId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/customTargetTypes/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/locations/{{location}}/customTargetTypes/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/customTargetTypes/{{name}}' + - '{{name}}' +custom_code: +examples: + - name: 'clouddeploy_custom_target_type_basic' + primary_resource_id: 'custom-target-type' + primary_resource_name: 'fmt.Sprintf("tf-test-my-custom-target-type%s", context["random_suffix"])' + vars: + custom_target_type_name: 'my-custom-target-type' + - name: 'clouddeploy_custom_target_type_git_skaffold_modules' + primary_resource_id: 'custom-target-type' + primary_resource_name: 'fmt.Sprintf("tf-test-my-custom-target-type%s", context["random_suffix"])' + vars: + custom_target_type_name: 'my-custom-target-type' + - name: 'clouddeploy_custom_target_type_gcs_skaffold_modules' + primary_resource_id: 'custom-target-type' + primary_resource_name: 'fmt.Sprintf("tf-test-my-custom-target-type%s", context["random_suffix"])' + vars: + custom_target_type_name: 'my-custom-target-type' + - name: 'clouddeploy_custom_target_type_gcb_repo_skaffold_modules' + primary_resource_id: 'custom-target-type' + primary_resource_name: 'fmt.Sprintf("tf-test-my-custom-target-type%s", context["random_suffix"])' + vars: + custom_target_type_name: 'my-custom-target-type' +parameters: + - name: 'location' + type: String + description: "The location of the source." + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: "Name of the `CustomTargetType`." + url_param_only: true + required: true + immutable: true + - name: 'customTargetTypeId' + type: String + description: "Resource id of the `CustomTargetType`." + output: true + - name: 'uid' + type: String + description: "Unique identifier of the `CustomTargetType`." + output: true + - name: 'description' + type: String + description: "Description of the `CustomTargetType`. Max length is 255 characters." + - name: 'annotations' + type: KeyValueAnnotations + description: "User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations." + - name: 'labels' + type: KeyValueLabels + description: "Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be <= 128 bytes." + immutable: false + - name: 'createTime' + type: String + description: "Time at which the `CustomTargetType` was created." + output: true + - name: 'updateTime' + type: String + description: "Time at which the `CustomTargetType` was updated." + output: true + - name: 'etag' + type: String + description: "The weak etag of the `CustomTargetType` resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding." + output: true + - name: 'customActions' + type: NestedObject + description: "Configures render and deploy for the `CustomTargetType` using Skaffold custom actions." + properties: + - name: 'renderAction' + type: String + description: "The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via `skaffold render`." + - name: 'deployAction' + type: String + description: "The Skaffold custom action responsible for deploy operations." + required: true + - name: 'includeSkaffoldModules' + type: Array + description: "List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose." + item_type: + type: NestedObject + properties: + - name: 'configs' + type: Array + description: "The Skaffold Config modules to use from the specified source." + item_type: + type: String + - name: 'git' + type: NestedObject + description: "Remote git repository containing the Skaffold Config modules." + exactly_one_of: + - 'git' + - 'googleCloudStorage' + - 'googleCloudBuildRepo' + properties: + - name: 'repo' + type: String + description: "Git repository the package should be cloned from." + required: true + - name: 'path' + type: String + description: "Relative path from the repository root to the Skaffold file." + - name: 'ref' + type: String + description: "Git ref the package should be cloned from." + - name: 'googleCloudStorage' + type: NestedObject + description: "Cloud Storage bucket containing Skaffold Config modules." + exactly_one_of: + - 'git' + - 'googleCloudStorage' + - 'googleCloudBuildRepo' + properties: + - name: 'source' + type: String + description: "Cloud Storage source paths to copy recursively. For example, providing `gs://my-bucket/dir/configs/*` will result in Skaffold copying all files within the `dir/configs` directory in the bucket `my-bucket`." + required: true + - name: 'path' + type: String + description: "Relative path from the source to the Skaffold file." + - name: 'googleCloudBuildRepo' + type: NestedObject + description: "Cloud Build 2nd gen repository containing the Skaffold Config modules." + exactly_one_of: + - 'git' + - 'googleCloudStorage' + - 'googleCloudBuildRepo' + properties: + - name: 'repository' + type: String + description: "Cloud Build 2nd gen repository in the format of 'projects//locations//connections//repositories/'." + required: true + - name: 'path' + type: String + description: "Relative path from the repository root to the Skaffold file." + - name: 'ref' + type: String + description: "Branch or tag to use when cloning the repository." diff --git a/mmv1/products/clouddeploy/go_DeliveryPipeline.yaml b/mmv1/products/clouddeploy/go_DeliveryPipeline.yaml new file mode 100644 index 000000000000..b76a721f65d3 --- /dev/null +++ b/mmv1/products/clouddeploy/go_DeliveryPipeline.yaml @@ -0,0 +1,56 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DeliveryPipeline' +description: | + A DeliveryPipeline defines a pipeline through which a Skaffold configuration can progress. +exclude_resource: true +references: + guides: + 'Deploy an app to GKE using Cloud Deploy': 'https://cloud.google.com/deploy/docs/deploy-app-gke' + 'Deploy an app to Cloud Run using Cloud Deploy': 'https://cloud.google.com/deploy/docs/deploy-app-run' + 'Create a pipeline and release in the Google Cloud console': 'https://cloud.google.com/deploy/docs/deploy-app-in-console' + api: 'https://cloud.google.com/deploy/docs/api/reference/rest/v1/projects.locations.deliveryPipelines' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/deliveryPipelines' +self_link: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{name}}' +import_format: + - 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/deliveryPipelines/{{name}}' + - '{{name}}' +custom_code: +examples: + - name: 'clouddeploy_delivery_pipeline_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cd-delivery-pipeline%s", context["random_suffix"])' + vars: + delivery_pipeline: 'cd-delivery-pipeline' +parameters: +properties: + - name: 'name' + type: String + description: "Dummy property." + required: true diff --git a/mmv1/products/clouddeploy/go_Target.yaml b/mmv1/products/clouddeploy/go_Target.yaml new file mode 100644 index 000000000000..b897ab8a86ad --- /dev/null +++ b/mmv1/products/clouddeploy/go_Target.yaml @@ -0,0 +1,50 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Target' +description: | + The Cloud Deploy `Target` resource. +exclude_resource: true +docs: +id_format: 'projects/{{project}}/locations/{{location}}/targets/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/targets' +self_link: 'projects/{{project}}/locations/{{location}}/targets/{{name}}' +import_format: + - 'projects/{{project}}/locations/{{location}}/targets/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/locations/{{location}}/targets/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/targets/{{name}}' + - '{{name}}' +custom_code: +examples: + - name: 'clouddeploy_target_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cd-target%s", context["random_suffix"])' + vars: + target: 'cd-target' +parameters: +properties: + - name: 'name' + type: String + description: "Dummy property." + required: true diff --git a/mmv1/products/clouddeploy/go_product.yaml b/mmv1/products/clouddeploy/go_product.yaml new file mode 100644 index 000000000000..d08276ee376a --- /dev/null +++ b/mmv1/products/clouddeploy/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Clouddeploy' +display_name: 'Cloud Deploy' +versions: + - name: 'ga' + base_url: 'https://clouddeploy.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://clouddeploy.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/clouddomains/go_Registration.yaml b/mmv1/products/clouddomains/go_Registration.yaml new file mode 100644 index 000000000000..611824e3c475 --- /dev/null +++ b/mmv1/products/clouddomains/go_Registration.yaml @@ -0,0 +1,456 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Registration' +description: | + Registers a new domain name and creates a corresponding Registration resource. +references: + guides: + 'Register a domain with Cloud Domains': 'https://cloud.google.com/domains/docs/buy-register-domain' + api: 'https://cloud.google.com/domains/docs/reference/rest/v1/projects.locations.registrations' +docs: + warning: | + The Terraform implementation of this resource will not actually delete a Registration during + `terraform destroy`. Instead it will "abandon" the resource and remove it from state. + For information on deleting a registered domain, see https://cloud.google.com/domains/docs/delete-domain +id_format: 'projects/{{project}}/locations/{{location}}/registrations/{{domain_name}}' +base_url: 'projects/{{project}}/locations/{{location}}/registrations' +self_link: 'projects/{{project}}/locations/{{location}}/registrations/{{domain_name}}' +create_url: 'projects/{{project}}/locations/{{location}}/registrations:register' +skip_delete: true +immutable: true +import_format: + - 'projects/{{project}}/locations/{{location}}/registrations/{{domain_name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/clouddomains_registration.go.tmpl' + encoder: 'templates/terraform/encoders/go/clouddomains_registration.go.tmpl' + post_create: 'templates/terraform/post_create/go/clouddomains_registration.go.tmpl' +examples: + - name: 'clouddomains_registration_full' + primary_resource_id: 'my_registration' + skip_test: true +parameters: + - name: 'location' + type: String + description: "The location for the resource" + url_param_only: true + required: true + - name: 'domainName' + type: String + description: "Required. The domain name. Unicode domain names must be expressed in Punycode format." + required: true +properties: + - name: 'name' + type: String + description: "Output only. Name of the Registration resource, in the format projects/*/locations/*/registrations/." + output: true + - name: 'createTime' + type: String + description: "Output only. Time at which the automation was created." + output: true + - name: 'expireTime' + type: String + description: "Output only. Time at which the automation was updated." + output: true + - name: 'state' + type: String + description: Output only. The current state of the Registration. + output: true + - name: 'issues' + type: Array + description: Output only. The set of issues with the Registration that require attention. + output: true + item_type: + type: String + - name: 'labels' + type: KeyValueLabels + description: Set of labels associated with the Registration. + immutable: false + - name: 'domainNotices' + type: Array + description: The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED + ignore_read: true + item_type: + type: String + - name: 'contactNotices' + type: Array + description: The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT + ignore_read: true + item_type: + type: String + - name: 'yearlyPrice' + type: NestedObject + description: | + Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from + registrations.retrieveRegisterParameters or registrations.searchDomains calls. + required: true + ignore_read: true + properties: + - name: 'currencyCode' + type: String + description: The three-letter currency code defined in ISO 4217. + - name: 'units' + type: String + description: The whole units of the amount. For example if currencyCode is "USD", then 1 unit is one US dollar. + - name: 'supportedPrivacy' + type: Array + description: Output only. Set of options for the contactSettings.privacy field that this Registration supports. + output: true + item_type: + type: String + - name: 'registerFailureReason' + type: String + description: Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state. + output: true + - name: 'managementSettings' + type: NestedObject + description: "Settings for management of the Registration, including renewal, billing, and transfer" + default_from_api: true + properties: + - name: 'renewalMethod' + type: String + description: | + Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL, + the actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account + or reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the + renewalMethod is automatically updated to preferredRenewalMethod in a few hours. + output: true + - name: 'preferredRenewalMethod' + type: String + description: | + The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice. + If unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL. + You cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration + resource has state ACTIVE or SUSPENDED. + + When preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of + problems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After + the problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours. + default_from_api: true + at_least_one_of: + - 'managementSettings.0.preferredRenewalMethod' + - 'managementSettings.0.transferLockState' + - name: 'transferLockState' + type: String + description: Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED. + default_from_api: true + at_least_one_of: + - 'managementSettings.0.preferredRenewalMethod' + - 'managementSettings.0.transferLockState' + - name: 'dnsSettings' + type: NestedObject + description: Settings controlling the DNS configuration of the Registration. + properties: + - name: 'customDns' + type: NestedObject + description: Configuration for an arbitrary DNS provider. + properties: + - name: 'nameServers' + type: Array + description: | + Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain + name, with Unicode domain names expressed in Punycode format. + required: true + item_type: + type: String + - name: 'dsRecords' + type: Array + description: | + The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide + the values to set here. If this field is empty, DNSSEC is disabled. + item_type: + type: NestedObject + properties: + - name: 'keyTag' + type: Integer + description: The key tag of the record. Must be set in range 0 -- 65535. + - name: 'algorithm' + type: String + description: The algorithm used to generate the referenced DNSKEY. + - name: 'digestType' + type: String + description: The hash function used to generate the digest of the referenced DNSKEY. + - name: 'digest' + type: String + description: The digest generated from the referenced DNSKEY. + - name: 'glueRecords' + type: Array + description: "The list of glue records for this Registration. Commonly empty." + item_type: + type: NestedObject + properties: + - name: 'hostName' + type: String + description: "Required. Domain name of the host in Punycode format." + required: true + - name: 'ipv4Addresses' + type: Array + description: | + List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1). + At least one of ipv4_address and ipv6_address must be set. + item_type: + type: String + - name: 'ipv6Addresses' + type: Array + description: | + List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1). + At least one of ipv4_address and ipv6_address must be set. + item_type: + type: String + - name: 'contactSettings' + type: NestedObject + description: Required. Settings for contact information linked to the Registration. + required: true + properties: + - name: 'privacy' + type: String + description: | + Required. Privacy setting for the contacts associated with the Registration. + Values are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA + required: true + - name: 'registrantContact' + type: NestedObject + description: | + Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain. + + Warning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to + avoid domain suspension. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/clouddomains_ignore_numbers_registrant.go.tmpl' + properties: + - name: 'email' + type: String + description: Required. Email address of the contact. + required: true + - name: 'phoneNumber' + type: String + description: Required. Phone number of the contact in international format. For example, "+1-800-555-0123". + required: true + - name: 'faxNumber' + type: String + description: Fax number of the contact in international format. For example, "+1-800-555-0123". + - name: 'postalAddress' + type: NestedObject + description: Required. Postal address of the contact. + required: true + properties: + - name: 'regionCode' + type: String + description: | + Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to + ensure the value is correct. See https://cldr.unicode.org/ and + https://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: "CH" for Switzerland. + required: true + - name: 'postalCode' + type: String + description: | + Postal code of the address. Not all countries use or require postal codes to be present, but where they are used, + they may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.). + - name: 'administrativeArea' + type: String + description: | + Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state, + a province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community + (e.g. "Barcelona" and not "Catalonia"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland + this should be left unpopulated. + - name: 'locality' + type: String + description: | + Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world + where localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines. + - name: 'organization' + type: String + description: | + The name of the organization at the address. + - name: 'addressLines' + type: Array + description: | + Unstructured address lines describing the lower levels of an address. + Because values in addressLines do not have type information and may sometimes contain multiple values in a single + field (e.g. "Austin, TX"), it is important that the line order is clear. The order of address lines should be + "envelope order" for the country/region of the address. In places where this can vary (e.g. Japan), address_language + is used to make it explicit (e.g. "ja" for large-to-small ordering and "ja-Latn" or "en" for small-to-large). This way, + the most specific line of an address can be selected based on the language. + item_type: + type: String + - name: 'recipients' + type: Array + description: | + The recipient at the address. This field may, under certain circumstances, contain multiline information. For example, + it might contain "care of" information. + item_type: + type: String + - name: 'adminContact' + type: NestedObject + description: | + Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain. + + Warning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to + avoid domain suspension. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/clouddomains_ignore_numbers_admin.go.tmpl' + properties: + - name: 'email' + type: String + description: Required. Email address of the contact. + required: true + - name: 'phoneNumber' + type: String + description: Required. Phone number of the contact in international format. For example, "+1-800-555-0123". + required: true + - name: 'faxNumber' + type: String + description: Fax number of the contact in international format. For example, "+1-800-555-0123". + - name: 'postalAddress' + type: NestedObject + description: Required. Postal address of the contact. + required: true + properties: + - name: 'regionCode' + type: String + description: | + Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to + ensure the value is correct. See https://cldr.unicode.org/ and + https://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: "CH" for Switzerland. + required: true + - name: 'postalCode' + type: String + description: | + Postal code of the address. Not all countries use or require postal codes to be present, but where they are used, + they may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.). + - name: 'administrativeArea' + type: String + description: | + Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state, + a province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community + (e.g. "Barcelona" and not "Catalonia"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland + this should be left unpopulated. + - name: 'locality' + type: String + description: | + Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world + where localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines. + - name: 'organization' + type: String + description: | + The name of the organization at the address. + - name: 'addressLines' + type: Array + description: | + Unstructured address lines describing the lower levels of an address. + Because values in addressLines do not have type information and may sometimes contain multiple values in a single + field (e.g. "Austin, TX"), it is important that the line order is clear. The order of address lines should be + "envelope order" for the country/region of the address. In places where this can vary (e.g. Japan), address_language + is used to make it explicit (e.g. "ja" for large-to-small ordering and "ja-Latn" or "en" for small-to-large). This way, + the most specific line of an address can be selected based on the language. + item_type: + type: String + - name: 'recipients' + type: Array + description: | + The recipient at the address. This field may, under certain circumstances, contain multiline information. For example, + it might contain "care of" information. + item_type: + type: String + - name: 'technicalContact' + type: NestedObject + description: | + Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain. + + Warning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to + avoid domain suspension. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/clouddomains_ignore_numbers_technical.go.tmpl' + properties: + - name: 'email' + type: String + description: Required. Email address of the contact. + required: true + - name: 'phoneNumber' + type: String + description: Required. Phone number of the contact in international format. For example, "+1-800-555-0123". + required: true + - name: 'faxNumber' + type: String + description: Fax number of the contact in international format. For example, "+1-800-555-0123". + - name: 'postalAddress' + type: NestedObject + description: Required. Postal address of the contact. + required: true + properties: + - name: 'regionCode' + type: String + description: | + Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to + ensure the value is correct. See https://cldr.unicode.org/ and + https://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: "CH" for Switzerland. + required: true + - name: 'postalCode' + type: String + description: | + Postal code of the address. Not all countries use or require postal codes to be present, but where they are used, + they may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.). + - name: 'administrativeArea' + type: String + description: | + Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state, + a province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community + (e.g. "Barcelona" and not "Catalonia"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland + this should be left unpopulated. + - name: 'locality' + type: String + description: | + Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world + where localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines. + - name: 'organization' + type: String + description: | + The name of the organization at the address. + - name: 'addressLines' + type: Array + description: | + Unstructured address lines describing the lower levels of an address. + Because values in addressLines do not have type information and may sometimes contain multiple values in a single + field (e.g. "Austin, TX"), it is important that the line order is clear. The order of address lines should be + "envelope order" for the country/region of the address. In places where this can vary (e.g. Japan), address_language + is used to make it explicit (e.g. "ja" for large-to-small ordering and "ja-Latn" or "en" for small-to-large). This way, + the most specific line of an address can be selected based on the language. + item_type: + type: String + - name: 'recipients' + type: Array + description: | + The recipient at the address. This field may, under certain circumstances, contain multiline information. For example, + it might contain "care of" information. + item_type: + type: String diff --git a/mmv1/products/clouddomains/go_product.yaml b/mmv1/products/clouddomains/go_product.yaml new file mode 100644 index 000000000000..7f7c87b9d838 --- /dev/null +++ b/mmv1/products/clouddomains/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Clouddomains' +display_name: 'Cloud Domains' +versions: + - name: 'ga' + base_url: 'https://domains.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://domains.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudfunctions/CloudFunction.yaml b/mmv1/products/cloudfunctions/CloudFunction.yaml index 03d28a182c84..c4b92107f2fa 100644 --- a/mmv1/products/cloudfunctions/CloudFunction.yaml +++ b/mmv1/products/cloudfunctions/CloudFunction.yaml @@ -118,6 +118,10 @@ properties: name: 'serviceAccountEmail' output: true description: 'The email of the service account for this function.' + - !ruby/object:Api::Type::String + name: 'buildServiceAccount' + default_from_api: true + description: 'The fully-qualified name of the service account to be used for the build step of deploying this function' - !ruby/object:Api::Type::String name: 'updateTime' output: true diff --git a/mmv1/products/cloudfunctions/go_CloudFunction.yaml b/mmv1/products/cloudfunctions/go_CloudFunction.yaml new file mode 100644 index 000000000000..e63aab6647ef --- /dev/null +++ b/mmv1/products/cloudfunctions/go_CloudFunction.yaml @@ -0,0 +1,210 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudFunction' +legacy_name: 'google_cloudfunctions_function' +description: | + A Cloud Function that contains user computation executed in response to an event. +exclude_resource: true +docs: +id_format: 'projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}' +base_url: 'projects/{{project}}/locations/{{region}}/functions' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +collection_url_key: 'functions' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'cloud_function' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: +examples: + - name: 'cloudfunctions_cloud_function' + primary_resource_id: 'function' + primary_resource_name: 'fmt.Sprintf("tf-test-my-function%s", context["random_suffix"])' + vars: + function_name: 'my-function' + bucket_name: 'cloudfunctions-function-example-bucket' + zip_path: 'path/to/index.zip' + test_vars_overrides: + 'zip_path': 'acctest.CreateZIPArchiveForCloudFunctionSource(t, testHTTPTriggerPath)' +parameters: + - name: 'region' + type: String + description: The location of this cloud function. + # This is not a real API field. + # This is a more user-centric way for users to specify + # that they want to use a HTTP Trigger rather than + # send httpsTrigger with an empty dictionary. + required: true + - name: 'trigger_http' + type: Boolean + description: 'Use HTTP to trigger this function' +properties: + - name: 'name' + type: String + description: | + A user-defined name of the function. Function names must + be unique globally and match pattern `projects/*/locations/*/functions/*`. + required: true + - name: 'description' + type: String + description: 'User-provided description of a function.' + - name: 'status' + type: Enum + description: | + Status of the function deployment. + output: true + enum_values: + - 'CLOUD_FUNCTION_STATUS_UNSPECIFIED' + - 'ACTOVE' + - 'OFFLINE' + - 'DEPLOY_IN_PROGRESS' + - 'DELETE_IN_PROGRESS' + - 'UNKNOWN' + - name: 'entryPoint' + type: String + description: | + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + - name: 'runtime' + type: String + description: | + The runtime in which the function is going to run. If empty, + defaults to Node.js 6. + - name: 'timeout' + type: String + description: | + The function execution timeout. Execution is considered failed and can + be terminated if the function is not completed at the end of the timeout + period. Defaults to 60 seconds. + - name: 'availableMemoryMb' + type: Integer + description: 'The amount of memory in MB available for a function.' + - name: 'serviceAccountEmail' + type: String + description: 'The email of the service account for this function.' + output: true + - name: 'buildServiceAccount' + type: String + description: 'The fully-qualified name of the service account to be used for the build step of deploying this function' + default_from_api: true + - name: 'updateTime' + type: String + description: 'The last update timestamp of a Cloud Function' + output: true + - name: 'versionId' + type: String + description: | + The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + output: true + - name: 'labels' + type: KeyValueLabels + description: | + A set of key/value label pairs associated with this Cloud Function. + immutable: false + - name: 'environmentVariables' + type: KeyValuePairs + description: | + Environment variables that shall be available during function execution. + - name: 'sourceArchiveUrl' + type: String + description: | + The Google Cloud Storage URL, starting with gs://, pointing to the zip + archive which contains the function. + exactly_one_of: + - 'source_repository' + - 'source_archive_url' + - 'source_upload_url' + - name: 'sourceUploadUrl' + type: String + description: | + The Google Cloud Storage signed URL used for source uploading. + exactly_one_of: + - 'source_repository' + - 'source_archive_url' + - 'source_upload_url' + - name: 'sourceRepository' + type: NestedObject + description: | + The source repository where a function is hosted. + exactly_one_of: + - 'source_repository' + - 'source_archive_url' + - 'source_upload_url' + properties: + - name: 'url' + type: String + description: | + The URL pointing to the hosted repository where the function is defined + required: true + - name: 'deployedUrl' + type: String + description: | + The URL pointing to the hosted repository where the function were defined + at the time of deployment. + output: true + - name: 'httpsTrigger' + type: NestedObject + description: | + An HTTPS endpoint type of source that can be triggered via URL. + properties: + - name: 'url' + type: String + description: 'The deployed url for the function.' + output: true + - name: 'eventTrigger' + type: NestedObject + description: | + An HTTPS endpoint type of source that can be triggered via URL. + properties: + - name: 'eventType' + type: String + description: | + The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + required: true + - name: 'resource' + type: String + description: | + The resource(s) from which to observe events, + for example, `projects/_/buckets/myBucket.` + required: true + - name: 'service' + type: String + description: | + The hostname of the service that should be observed. diff --git a/mmv1/products/cloudfunctions/go_product.yaml b/mmv1/products/cloudfunctions/go_product.yaml new file mode 100644 index 000000000000..0992b4ca143e --- /dev/null +++ b/mmv1/products/cloudfunctions/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudFunctions' +legacy_name: 'cloudfunctions' +display_name: 'Cloud Functions' +versions: + - name: 'ga' + base_url: 'https://cloudfunctions.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudfunctions2/Function.yaml b/mmv1/products/cloudfunctions2/Function.yaml index 1027898e7e16..dbf5c29e51ba 100644 --- a/mmv1/products/cloudfunctions2/Function.yaml +++ b/mmv1/products/cloudfunctions2/Function.yaml @@ -51,6 +51,9 @@ import_format: ['projects/{{project}}/locations/{{location}}/functions/{{name}}'] taint_resource_on_failed_create: true autogen_async: true +custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: 'templates/terraform/constants/cloudfunctions2_function.go.erb' + encoder: 'templates/terraform/encoders/cloudfunctions2_runtime_update_policy.go.erb' examples: - !ruby/object:Provider::Terraform::Examples name: 'cloudfunctions2_basic' @@ -65,9 +68,9 @@ examples: test_env_vars: project: :PROJECT_NAME test_vars_overrides: - zip_path: '"./test-fixtures/function-source.zip"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' # ignore these fields during import step ignore_read_extra: - 'build_config.0.source.0.storage_source.0.object' @@ -103,10 +106,10 @@ examples: test_env_vars: project: :PROJECT_NAME test_vars_overrides: - zip_path: '"./test-fixtures/function-source.zip"' primary_resource_id: '"terraform-test"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' # ignore these fields during import step ignore_read_extra: - 'build_config.0.source.0.storage_source.0.object' @@ -170,9 +173,9 @@ examples: test_env_vars: project: :PROJECT_NAME test_vars_overrides: - zip_path: '"./test-fixtures/function-source.zip"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' # ignore these fields during import step ignore_read_extra: - 'build_config.0.source.0.storage_source.0.object' @@ -189,8 +192,8 @@ examples: test_env_vars: project: :PROJECT_NAME test_vars_overrides: - zip_path: '"./test-fixtures/function-source.zip"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' policyChanged: "acctest.BootstrapPSARole(t, \"service-\", \"gcp-sa-pubsub\", \"roles/cloudkms.cryptoKeyEncrypterDecrypter\"\ @@ -210,8 +213,8 @@ examples: test_env_vars: project: :PROJECT_NAME test_vars_overrides: - zip_path: '"./test-fixtures/function-source.zip"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' policyChanged: "acctest.BootstrapPSARole(t, \"service-\", \"gcp-sa-pubsub\", \"roles/cloudkms.cryptoKeyEncrypterDecrypter\"\ @@ -231,9 +234,9 @@ examples: test_env_vars: project: :PROJECT_NAME test_vars_overrides: - zip_path: '"./test-fixtures/function-source.zip"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' # ignore these fields during import step ignore_read_extra: - 'build_config.0.source.0.storage_source.0.object' @@ -256,9 +259,9 @@ examples: project: :PROJECT_NAME test_vars_overrides: kms_key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' - zip_path: '"./test-fixtures/function-source.zip"' location: '"us-central1"' + zip_path: '"./test-fixtures/function-source.zip"' # ignore these fields during import step ignore_read_extra: - 'build_config.0.source.0.storage_source.0.object' @@ -277,6 +280,48 @@ examples: unencoded-ar-repo: 'ar-repo' kms_key_name: 'cmek-key' project: 'my-project-name' + - !ruby/object:Provider::Terraform::Examples + name: 'cloudfunctions2_abiu' + primary_resource_id: 'function' + min_version: beta + vars: + bucket_name: 'gcf-source' + service_account: 'gcf-sa' + topic: 'functions2-topic' + function: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: :PROJECT_NAME + test_vars_overrides: + zip_path: '"./test-fixtures/function-source-pubsub.zip"' + primary_resource_id: '"terraform-test"' + location: + '"europe-west6"' + # ignore these fields during import step + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - !ruby/object:Provider::Terraform::Examples + name: 'cloudfunctions2_abiu_on_deploy' + primary_resource_id: 'function' + min_version: beta + vars: + bucket_name: 'gcf-source' + service_account: 'gcf-sa' + topic: 'functions2-topic' + function: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: :PROJECT_NAME + test_vars_overrides: + zip_path: '"./test-fixtures/function-source-pubsub.zip"' + primary_resource_id: '"terraform-test"' + location: + '"europe-west6"' + # ignore these fields during import step + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' iam_policy: !ruby/object:Api::Resource::IamPolicy parent_resource_attribute: 'cloud_function' method_name_separator: ':' @@ -448,6 +493,33 @@ properties: name: 'serviceAccount' description: 'The fully-qualified name of the service account to be used for building the container.' default_from_api: true + - !ruby/object:Api::Type::NestedObject + name: 'automaticUpdatePolicy' + description: | + Security patches are applied automatically to the runtime without requiring + the function to be redeployed. + exactly_one_of: + - automatic_update_policy + - on_deploy_update_policy + send_empty_value: true + allow_empty_object: true + default_from_api: true + properties: [] + - !ruby/object:Api::Type::NestedObject + name: 'onDeployUpdatePolicy' + description: | + Security patches are only applied when a function is redeployed. + exactly_one_of: + - automatic_update_policy + - on_deploy_update_policy + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::String + name: 'runtimeVersion' + output: true + description: | + The runtime version which was used during latest function deployment. - !ruby/object:Api::Type::NestedObject name: 'serviceConfig' description: 'Describes the Service being deployed.' @@ -488,6 +560,7 @@ properties: description: 'Environment variables that shall be available during function execution.' + diff_suppress_func: 'environmentVariablesDiffSuppress' - !ruby/object:Api::Type::Integer name: 'maxInstanceCount' description: | diff --git a/mmv1/products/cloudfunctions2/go_Function.yaml b/mmv1/products/cloudfunctions2/go_Function.yaml new file mode 100644 index 000000000000..aad081468b16 --- /dev/null +++ b/mmv1/products/cloudfunctions2/go_Function.yaml @@ -0,0 +1,716 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'function' +description: | + A Cloud Function that contains user computation executed in response to an event. +references: + guides: + api: 'https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/functions/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/functions' +self_link: 'projects/{{project}}/locations/{{location}}/functions/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/functions?functionId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/functions/{{name}}' +timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'cloud_function' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}' + - '{{cloud_function}}' +custom_code: + constants: 'templates/terraform/constants/go/cloudfunctions2_function.go.tmpl' + encoder: 'templates/terraform/encoders/go/cloudfunctions2_runtime_update_policy.go.tmpl' +taint_resource_on_failed_create: true +examples: + - name: 'cloudfunctions2_basic' + primary_resource_id: 'function' + primary_resource_name: 'fmt.Sprintf("tf-test-function-v2%s", context["random_suffix"])' + vars: + function: 'function-v2' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_full' + primary_resource_id: 'function' + vars: + bucket_name: 'gcf-source' + service_account: 'gcf-sa' + topic: 'functions2-topic' + function: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'zip_path': '"./test-fixtures/function-source-pubsub.zip"' + 'primary_resource_id': '"terraform-test"' + 'location': '"us-central1"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_scheduler_auth' + primary_resource_id: 'function' + vars: + bucket_name: 'gcf-source' + service_account: 'gcf-sa' + function: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'primary_resource_id': '"terraform-test"' + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + skip_test: true + - name: 'cloudfunctions2_basic_gcs' + primary_resource_id: 'function' + vars: + bucket_name_source: 'gcf-source-bucket' + bucket_name_trigger: 'gcf-trigger-bucket' + service_account: 'gcf-sa' + function_name: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'zip_path': '"./test-fixtures/function-source-eventarc-gcs.zip"' + 'primary_resource_id': '"terraform-test"' + 'policyChanged': 'acctest.BootstrapPSARole(t, "service-", "gcp-sa-pubsub", "roles/cloudkms.cryptoKeyEncrypterDecrypter")' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_basic_auditlogs' + primary_resource_id: 'function' + vars: + bucket_name_source: 'gcf-source-bucket' + bucket_name_auditlogs: 'gcf-auditlog-bucket' + service_account: 'gcf-sa' + function_name: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'zip_path': '"./test-fixtures/function-source-eventarc-gcs.zip"' + 'primary_resource_id': '"terraform-test"' + 'policyChanged': 'acctest.BootstrapPSARole(t, "service-", "gcp-sa-pubsub", "roles/cloudkms.cryptoKeyEncrypterDecrypter")' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_basic_builder' + primary_resource_id: 'function' + primary_resource_name: 'fmt.Sprintf("tf-test-function-v2%s", context["random_suffix"])' + vars: + function: 'function-v2' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + service_account: 'gcf-sa' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + external_providers: ["random", "time"] + - name: 'cloudfunctions2_secret_env' + primary_resource_id: 'function' + vars: + function: 'function-secret' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + secret: 'secret' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + 'policyChanged': 'acctest.BootstrapPSARole(t, "service-", "gcp-sa-pubsub", "roles/cloudkms.cryptoKeyEncrypterDecrypter")' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_secret_volume' + primary_resource_id: 'function' + vars: + function: 'function-secret' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + secret: 'secret' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + 'policyChanged': 'acctest.BootstrapPSARole(t, "service-", "gcp-sa-pubsub", "roles/cloudkms.cryptoKeyEncrypterDecrypter")' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_private_workerpool' + primary_resource_id: 'function' + vars: + function: 'function-workerpool' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + pool: 'workerpool' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_cmek' + primary_resource_id: 'function' + min_version: 'beta' + vars: + function: 'function-cmek' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + kms_service_name: 'cloudkms.googleapis.com' + cmek-repo: 'cmek-repo' + unencoded-ar-repo: 'ar-repo' + kms_key_name: 'cmek-key' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'kms_key_name': 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + 'location': '"us-central1"' + 'zip_path': '"./test-fixtures/function-source.zip"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + skip_docs: true + skip_vcr: true + - name: 'cloudfunctions2_cmek_docs' + primary_resource_id: 'function' + min_version: 'beta' + vars: + function: 'function-cmek' + bucket_name: 'gcf-source' + zip_path: 'function-source.zip' + kms_service_name: 'cloudkms.googleapis.com' + cmek-repo: 'cmek-repo' + unencoded-ar-repo: 'ar-repo' + kms_key_name: 'cmek-key' + project: 'my-project-name' + skip_test: true + - name: 'cloudfunctions2_abiu' + primary_resource_id: 'function' + min_version: 'beta' + vars: + bucket_name: 'gcf-source' + service_account: 'gcf-sa' + topic: 'functions2-topic' + function: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'zip_path': '"./test-fixtures/function-source-pubsub.zip"' + 'primary_resource_id': '"terraform-test"' + 'location': '"europe-west6"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' + - name: 'cloudfunctions2_abiu_on_deploy' + primary_resource_id: 'function' + min_version: 'beta' + vars: + bucket_name: 'gcf-source' + service_account: 'gcf-sa' + topic: 'functions2-topic' + function: 'gcf-function' + zip_path: 'function-source.zip' + test_env_vars: + project: 'PROJECT_NAME' + test_vars_overrides: + 'zip_path': '"./test-fixtures/function-source-pubsub.zip"' + 'primary_resource_id': '"terraform-test"' + 'location': '"europe-west6"' + ignore_read_extra: + - 'build_config.0.source.0.storage_source.0.object' + - 'build_config.0.source.0.storage_source.0.bucket' +parameters: + - name: 'location' + type: String + description: The location of this cloud function. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + A user-defined name of the function. Function names must + be unique globally and match pattern `projects/*/locations/*/functions/*`. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'description' + type: String + description: 'User-provided description of a function.' + - name: 'environment' + type: Enum + description: 'The environment the function is hosted on.' + output: true + enum_values: + - 'ENVIRONMENT_UNSPECIFIED' + - 'GEN_1' + - 'GEN_2' + - name: 'url' + type: String + description: 'Output only. The deployed url for the function.' + output: true + - name: 'state' + type: Enum + description: 'Describes the current state of the function.' + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'ACTIVE' + - 'FAILED' + - 'DEPLOYING' + - 'DELETING' + - 'UNKNOWN' + - name: 'buildConfig' + type: NestedObject + description: | + Describes the Build step of the function that builds a container + from the given source. + properties: + - name: 'build' + type: String + description: | + The Cloud Build name of the latest successful + deployment of the function. + output: true + - name: 'runtime' + type: String + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + - name: 'entryPoint' + type: String + description: | + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + - name: 'source' + type: NestedObject + description: 'The location of the function source code.' + properties: + - name: 'storageSource' + type: NestedObject + description: + 'If provided, get the source from this location in Google Cloud + Storage.' + exactly_one_of: + - 'storage_source' + - 'repo_source' + properties: + - name: 'bucket' + type: String + description: 'Google Cloud Storage bucket containing the source' + custom_flatten: 'templates/terraform/custom_flatten/go/cloudfunctions2_function_source_bucket.go.tmpl' + - name: 'object' + type: String + description: + 'Google Cloud Storage object containing the source.' + custom_flatten: 'templates/terraform/custom_flatten/go/cloudfunctions2_function_source_object.go.tmpl' + - name: 'generation' + type: Integer + description: | + Google Cloud Storage generation for the object. If the generation + is omitted, the latest generation will be used. + default_from_api: true + - name: 'repoSource' + type: NestedObject + description: + 'If provided, get the source from this location in a Cloud Source + Repository.' + exactly_one_of: + - 'storage_source' + - 'repo_source' + properties: + - name: 'projectId' + type: String + description: | + ID of the project that owns the Cloud Source Repository. If omitted, the + project ID requesting the build is assumed. + immutable: true + - name: 'repoName' + type: String + description: 'Name of the Cloud Source Repository.' + - name: 'branchName' + type: String + description: 'Regex matching branches to build.' + exactly_one_of: + - 'branch_name' + - 'tag_name' + - 'commit_sha' + - name: 'tagName' + type: String + description: 'Regex matching tags to build.' + exactly_one_of: + - 'branch_name' + - 'tag_name' + - 'commit_sha' + - name: 'commitSha' + type: String + description: 'Regex matching tags to build.' + exactly_one_of: + - 'branch_name' + - 'tag_name' + - 'commit_sha' + - name: 'dir' + type: String + description: | + Directory, relative to the source root, in which to run the build. + - name: 'invertRegex' + type: Boolean + description: | + Only trigger a build if the revision regex does + NOT match the revision regex. + - name: 'workerPool' + type: String + description: + 'Name of the Cloud Build Custom Worker Pool that should be used to + build the function.' + - name: 'environmentVariables' + type: KeyValuePairs + description: | + User-provided build-time environment variables for the function. + default_from_api: true + - name: 'dockerRepository' + type: String + description: | + User managed repository created in Artifact Registry optionally with a customer managed encryption key. + default_from_api: true + - name: 'serviceAccount' + type: String + description: 'The fully-qualified name of the service account to be used for building the container.' + default_from_api: true + - name: 'automaticUpdatePolicy' + type: NestedObject + description: | + Security patches are applied automatically to the runtime without requiring + the function to be redeployed. + default_from_api: true + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'automatic_update_policy' + - 'on_deploy_update_policy' + properties: + [] + - name: 'onDeployUpdatePolicy' + type: NestedObject + description: | + Security patches are only applied when a function is redeployed. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'automatic_update_policy' + - 'on_deploy_update_policy' + properties: + - name: 'runtimeVersion' + type: String + description: | + The runtime version which was used during latest function deployment. + output: true + - name: 'serviceConfig' + type: NestedObject + description: 'Describes the Service being deployed.' + properties: + - name: 'service' + type: String + description: | + Name of the service associated with a Function. + default_from_api: true + - name: 'timeoutSeconds' + type: Integer + description: | + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + default_from_api: true + - name: 'availableMemory' + type: String + description: | + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + default_from_api: true + - name: 'maxInstanceRequestConcurrency' + type: Integer + description: + 'Sets the maximum number of concurrent requests that each instance can + receive. Defaults to 1.' + default_from_api: true + - name: 'availableCpu' + type: String + description: + 'The number of CPUs used in a single container instance. Default value + is calculated from available memory.' + default_from_api: true + - name: 'environmentVariables' + type: KeyValuePairs + description: + 'Environment variables that shall be available during function + execution.' + diff_suppress_func: 'environmentVariablesDiffSuppress' + - name: 'maxInstanceCount' + type: Integer + description: | + The limit on the maximum number of function instances that may coexist at a + given time. + default_from_api: true + - name: 'minInstanceCount' + type: Integer + description: | + The limit on the minimum number of function instances that may coexist at a + given time. + - name: 'vpcConnector' + type: String + description: + 'The Serverless VPC Access connector that this cloud function can + connect to.' + - name: 'vpcConnectorEgressSettings' + type: Enum + description: 'Available egress settings.' + enum_values: + - 'VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED' + - 'PRIVATE_RANGES_ONLY' + - 'ALL_TRAFFIC' + - name: 'ingressSettings' + type: Enum + description: + 'Available ingress settings. Defaults to "ALLOW_ALL" if unspecified.' + default_value: "ALLOW_ALL" + enum_values: + - 'ALLOW_ALL' + - 'ALLOW_INTERNAL_ONLY' + - 'ALLOW_INTERNAL_AND_GCLB' + - name: 'uri' + type: String + description: 'URI of the Service deployed.' + output: true + - name: 'gcfUri' + type: String + description: 'URIs of the Service deployed' + output: true + - name: 'serviceAccountEmail' + type: String + description: 'The email of the service account for this function.' + default_from_api: true + - name: 'allTrafficOnLatestRevision' + type: Boolean + description: + 'Whether 100% of traffic is routed to the latest revision. Defaults to + true.' + default_value: true + - name: 'secretEnvironmentVariables' + type: Array + description: 'Secret environment variables configuration.' + item_type: + type: NestedObject + properties: + - name: 'key' + type: String + description: | + Name of the environment variable. + required: true + - name: 'projectId' + type: String + description: | + Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + required: true + - name: 'secret' + type: String + description: | + Name of the secret in secret manager (not the full resource name). + required: true + - name: 'version' + type: String + description: | + Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start. + required: true + - name: 'secretVolumes' + type: Array + description: 'Secret volumes configuration.' + item_type: + type: NestedObject + properties: + - name: 'mountPath' + type: String + description: | + The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets + required: true + - name: 'projectId' + type: String + description: | + Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + required: true + - name: 'secret' + type: String + description: | + Name of the secret in secret manager (not the full resource name). + required: true + - name: 'versions' + type: Array + description: + List of secret versions to mount for this secret. If empty, the + latest version of the secret will be made available in a file + named after the secret under the mount point.' + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'version' + type: String + description: | + Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately. + required: true + - name: 'path' + type: String + description: | + Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo. + required: true + - name: 'eventTrigger' + type: NestedObject + description: | + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + - name: 'trigger' + type: String + description: 'Output only. The resource name of the Eventarc trigger.' + output: true + - name: 'triggerRegion' + type: String + description: | + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + default_from_api: true + - name: 'eventType' + type: String + description: 'Required. The type of event to observe.' + - name: 'eventFilters' + type: Array + description: 'Criteria used to filter events.' + is_set: true + item_type: + type: NestedObject + properties: + - name: 'attribute' + type: String + description: | + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the `gcloud eventarc providers describe` command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's `event_type` attribute. + required: true + - name: 'value' + type: String + description: | + Required. The value for the attribute. + If the operator field is set as `match-path-pattern`, this value can be a path pattern instead of an exact value. + required: true + - name: 'operator' + type: String + description: | + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is `match-path-pattern`. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)' + - name: 'pubsubTopic' + type: String + description: | + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + default_from_api: true + - name: 'serviceAccountEmail' + type: String + description: | + Optional. The email of the trigger's service account. The service account + must have permission to invoke Cloud Run services. If empty, defaults to the + Compute Engine default service account: {project_number}-compute@developer.gserviceaccount.com. + default_from_api: true + - name: 'retryPolicy' + type: Enum + description: | + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. + enum_values: + - 'RETRY_POLICY_UNSPECIFIED' + - 'RETRY_POLICY_DO_NOT_RETRY' + - 'RETRY_POLICY_RETRY' + - name: 'updateTime' + type: String + description: 'The last update timestamp of a Cloud Function.' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + A set of key/value label pairs associated with this Cloud Function. + immutable: false + - name: 'kmsKeyName' + type: String + description: | + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. diff --git a/mmv1/products/cloudfunctions2/go_product.yaml b/mmv1/products/cloudfunctions2/go_product.yaml new file mode 100644 index 000000000000..48d6ff6888bd --- /dev/null +++ b/mmv1/products/cloudfunctions2/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Cloudfunctions2' +display_name: 'Cloud Functions (2nd gen)' +versions: + - name: 'beta' + base_url: 'https://cloudfunctions.googleapis.com/v2beta/' + - name: 'ga' + base_url: 'https://cloudfunctions.googleapis.com/v2/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudidentity/go_Group.yaml b/mmv1/products/cloudidentity/go_Group.yaml new file mode 100644 index 000000000000..c1aa7c5ffc74 --- /dev/null +++ b/mmv1/products/cloudidentity/go_Group.yaml @@ -0,0 +1,190 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Group' +description: | + A Cloud Identity resource representing a Group. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/identity/docs/how-to/setup' + api: 'https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +base_url: 'groups?initialGroupConfig={{initial_group_config}}' +self_link: '{{name}}' +update_url: '{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + type: 'PollAsync' + check_response_func_existence: 'transport_tpg.PollCheckForExistenceWith403' + check_response_func_absence: 'transport_tpg.PollCheckForAbsenceWith403' + suppress_error: false + target_occurrences: 10 + actions: ['create', 'update', 'delete'] +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_import: 'templates/terraform/custom_import/go/cloud_identity_group_import.go.tmpl' +skip_sweeper: true +examples: + - name: 'cloud_identity_groups_basic' + primary_resource_id: 'cloud_identity_group_basic' + vars: + id_group: 'my-identity-group' + test_env_vars: + org_domain: 'ORG_DOMAIN' + cust_id: 'CUST_ID' + skip_test: true +parameters: + - name: 'initialGroupConfig' + type: Enum + description: | + The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. + url_param_only: true + immutable: true + default_value: "EMPTY" + enum_values: + - 'INITIAL_GROUP_CONFIG_UNSPECIFIED' + - 'WITH_INITIAL_OWNER' + - 'EMPTY' +properties: + - name: 'name' + type: String + description: | + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + output: true + - name: 'groupKey' + type: NestedObject + description: | + EntityKey of the Group. + required: true + immutable: true + properties: + - name: 'id' + type: String + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + required: true + immutable: true + - name: 'namespace' + type: String + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + immutable: true + - name: 'parent' + type: String + description: | + The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + required: true + immutable: true + - name: 'displayName' + type: String + description: | + The display name of the Group. + - name: 'description' + type: String + description: | + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + - name: 'additionalGroupKeys' + type: Array + description: 'Additional group keys associated with the Group' + output: true + item_type: + type: NestedObject + properties: + - name: 'id' + type: String + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + output: true + - name: 'namespace' + type: String + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + output: true + - name: 'createTime' + type: String + description: | + The time when the Group was created. + output: true + - name: 'updateTime' + type: String + description: | + The time when the Group was last updated. + output: true + - name: 'labels' + type: KeyValuePairs + description: | + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + required: true diff --git a/mmv1/products/cloudidentity/go_GroupMembership.yaml b/mmv1/products/cloudidentity/go_GroupMembership.yaml new file mode 100644 index 000000000000..8fa798397306 --- /dev/null +++ b/mmv1/products/cloudidentity/go_GroupMembership.yaml @@ -0,0 +1,203 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'GroupMembership' +description: | + A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member". +references: + guides: + 'Official Documentation': 'https://cloud.google.com/identity/docs/how-to/memberships-google-groups' + api: 'https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships' +docs: + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the Cloud Identity API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. +base_url: '{{group}}/memberships' +self_link: '{{name}}' +immutable: true +import_format: + - '{{%name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_update: 'templates/terraform/custom_update/go/cloud_identity_group_membership.go.tmpl' + post_import: 'templates/terraform/post_import/go/cloud_identity_group_membership.go.tmpl' +skip_sweeper: true +read_error_transform: 'transformCloudIdentityGroupMembershipReadError' +examples: + - name: 'cloud_identity_group_membership' + primary_resource_id: 'cloud_identity_group_membership_basic' + vars: + id_group: 'my-identity-group' + test_env_vars: + org_domain: 'ORG_DOMAIN' + cust_id: 'CUST_ID' + skip_test: true + - name: 'cloud_identity_group_membership_user' + primary_resource_id: 'cloud_identity_group_membership_basic' + vars: + id_group: 'my-identity-group' + test_env_vars: + org_domain: 'ORG_DOMAIN' + cust_id: 'CUST_ID' + identity_user: 'IDENTITY_USER' + skip_test: true +parameters: + - name: 'group' + type: ResourceRef + description: | + The name of the Group to create this membership in. + url_param_only: true + required: true + immutable: true + resource: 'Group' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}. + output: true + - name: 'memberKey' + type: NestedObject + description: | + EntityKey of the member. + min_version: 'beta' + immutable: true + default_from_api: true + exactly_one_of: + - 'member_key' + - 'preferred_member_key' + properties: + - name: 'id' + type: String + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + required: true + immutable: true + - name: 'namespace' + type: String + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + immutable: true + - name: 'preferredMemberKey' + type: NestedObject + description: | + EntityKey of the member. + immutable: true + default_from_api: true + exactly_one_of: + - 'member_key' + - 'preferred_member_key' + properties: + - name: 'id' + type: String + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + required: true + immutable: true + - name: 'namespace' + type: String + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + immutable: true + - name: 'createTime' + type: String + description: | + The time when the Membership was created. + output: true + - name: 'updateTime' + type: String + description: | + The time when the Membership was last updated. + output: true + - name: 'roles' + type: Array + description: | + The MembershipRoles that apply to the Membership. + Must not contain duplicate MembershipRoles with the same name. + is_set: true + required: true + update_url: '{{name}}:modifyMembershipRoles' + update_verb: 'POST' + item_type: + type: NestedObject + properties: + - name: 'name' + type: Enum + description: | + The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. + required: true + enum_values: + - 'OWNER' + - 'MANAGER' + - 'MEMBER' + - name: 'expiryDetail' + type: NestedObject + description: | + The MembershipRole expiry details, only supported for MEMBER role. + Other roles cannot be accompanied with MEMBER role having expiry. + properties: + - name: 'expireTime' + type: String + description: | + The time at which the MembershipRole will expire. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + required: true + - name: 'type' + type: String + description: | + The type of the membership. + output: true diff --git a/mmv1/products/cloudidentity/go_product.yaml b/mmv1/products/cloudidentity/go_product.yaml new file mode 100644 index 000000000000..14883c7af453 --- /dev/null +++ b/mmv1/products/cloudidentity/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudIdentity' +display_name: 'Cloud Identity' +versions: + - name: 'ga' + base_url: 'https://cloudidentity.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://cloudidentity.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-identity' diff --git a/mmv1/products/cloudids/go_Endpoint.yaml b/mmv1/products/cloudids/go_Endpoint.yaml new file mode 100644 index 000000000000..a563cd84178e --- /dev/null +++ b/mmv1/products/cloudids/go_Endpoint.yaml @@ -0,0 +1,121 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Endpoint' +description: | + Cloud IDS is an intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks on your network. +references: + guides: + api: 'https://cloud.google.com/intrusion-detection-system/docs/configuring-ids' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/endpoints' +self_link: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/endpoints?endpointId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 2000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +skip_sweeper: true +examples: + - name: 'cloudids_endpoint' + primary_resource_id: 'example-endpoint' + skip_test: true +parameters: + - name: 'location' + type: String + description: | + The location for the endpoint. + url_param_only: true + required: true + immutable: true + ignore_read: true +properties: + - name: 'name' + type: String + description: | + Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/id_from_name.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'createTime' + type: String + description: | + Creation timestamp in RFC 3339 text format. + output: true + - name: 'updateTime' + type: String + description: | + Last update timestamp in RFC 3339 text format. + output: true + - name: 'network' + type: String + description: | + Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + required: true + immutable: true + - name: 'description' + type: String + description: | + An optional description of the endpoint. + immutable: true + - name: 'endpointForwardingRule' + type: String + description: | + URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring. + output: true + - name: 'endpointIp' + type: String + description: | + Internal IP address of the endpoint's network entry point. + output: true + - name: 'severity' + type: Enum + description: | + The minimum alert severity level that is reported by the endpoint. + required: true + immutable: true + enum_values: + - 'INFORMATIONAL' + - 'LOW' + - 'MEDIUM' + - 'HIGH' + - 'CRITICAL' + - name: 'threatExceptions' + type: Array + description: | + Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs. + item_type: + type: String diff --git a/mmv1/products/cloudids/go_product.yaml b/mmv1/products/cloudids/go_product.yaml new file mode 100644 index 000000000000..ffe8c33468fa --- /dev/null +++ b/mmv1/products/cloudids/go_product.yaml @@ -0,0 +1,34 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudIds' +display_name: 'Cloud Intrusion Detection Service' +versions: + - name: 'ga' + base_url: 'https://ids.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloudids' +async: + type: "OpAsync" + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 2000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' diff --git a/mmv1/products/cloudquotas/go_QuotaPreference.yaml b/mmv1/products/cloudquotas/go_QuotaPreference.yaml new file mode 100644 index 000000000000..2e6b5d5fe675 --- /dev/null +++ b/mmv1/products/cloudquotas/go_QuotaPreference.yaml @@ -0,0 +1,161 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'QuotaPreference' +description: | + QuotaPreference represents the preferred quota configuration specified for a project, folder or organization. There is only one QuotaPreference resource for a quota value targeting a unique set of dimensions. +references: + guides: + 'Cloud Quotas Overview': 'https://cloud.google.com/docs/quotas/overview' + api: 'https://cloud.google.com/docs/quotas/reference/rest/v1/projects.locations.quotaPreferences' +docs: +id_format: '{{parent}}/locations/global/quotaPreferences/{{name}}' +base_url: '{{parent}}/locations/global/quotaPreferences' +self_link: '{{parent}}/locations/global/quotaPreferences/{{name}}' +create_url: '{{parent}}/locations/global/quotaPreferences?quotaPreferenceId={{name}}&ignoreSafetyChecks={{ignore_safety_checks}}' +update_url: '{{parent}}/locations/global/quotaPreferences/{{name}}?ignoreSafetyChecks={{ignore_safety_checks}}' +update_verb: 'PATCH' +update_mask: true +skip_delete: true +import_format: + - '{{%parent}}/locations/global/quotaPreferences/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'cloudquotas_quota_preference_basic' + primary_resource_id: 'preference' + vars: + name: 'compute_googleapis_com-CPUS-per-project_us-east1' + test_env_vars: + project: 'PROJECT_NAME' + skip_test: true +parameters: + - name: 'parent' + type: String + description: The parent of the quota preference. Allowed parents are "projects/[project-id / number]" or "folders/[folder-id / number]" or "organizations/[org-id / number]". + url_param_only: true + required: true + immutable: true + default_from_api: true + - name: 'ignore_safety_checks' + type: Enum + description: The list of quota safety checks to be ignored. + url_param_only: true + default_value: "QUOTA_SAFETY_CHECK_UNSPECIFIED" + enum_values: + - 'QUOTA_SAFETY_CHECK_UNSPECIFIED' + - 'QUOTA_DECREASE_BELOW_USAGE' + - 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH' +properties: + - name: 'name' + type: String + description: | + The resource name of the quota preference. Required except in the CREATE requests. + pattern: '{{parent}}/locations/global/quotaPreferences/{{name}}' + default_from_api: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + - name: 'service' + type: String + description: The name of the service to which the quota preference is applied. + required: true + default_from_api: true + - name: 'quotaId' + type: String + description: | + The id of the quota to which the quota preference is applied. A quota id is unique in the service. + Example: `CPUS-per-project-region`. + required: true + default_from_api: true + - name: 'quotaConfig' + type: NestedObject + description: The preferred quota configuration. + required: true + properties: + - name: 'preferredValue' + type: String + description: | + The preferred value. Must be greater than or equal to -1. If set to -1, it means the value is "unlimited". + required: true + - name: 'stateDetail' + type: String + description: Optional details about the state of this quota preference. + output: true + - name: 'grantedValue' + type: String + description: Granted quota value. + output: true + - name: 'traceId' + type: String + description: | + The trace id that the Google Cloud uses to provision the requested quota. This trace id may be used by the client to contact Cloud support to track the state of a quota preference request. The trace id is only produced for increase requests and is unique for each request. The quota decrease requests do not have a trace id. + output: true + - name: 'annotations' + type: KeyValuePairs + description: |- + The annotations map for clients to store small amounts of arbitrary data. Do not put PII or other sensitive information here. See https://google.aip.dev/128#annotations. + + An object containing a list of "key: value" pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`. + custom_flatten: 'templates/terraform/custom_flatten/go/cloudquotas_quota_preference_annotations.go.tmpl' + - name: 'requestOrigin' + type: String + description: The origin of the quota preference request. + output: true + - name: 'dimensions' + type: KeyValuePairs + description: |- + The dimensions that this quota preference applies to. The key of the map entry is the name of a dimension, such as "region", "zone", "network_id", and the value of the map entry is the dimension value. If a dimension is missing from the map of dimensions, the quota preference applies to all the dimension values except for those that have other quota preferences configured for the specific value. + + NOTE: QuotaPreferences can only be applied across all values of "user" and "resource" dimension. Do not set values for "user" or "resource" in the dimension map. + + Example: `{"provider": "Foo Inc"}` where "provider" is a service specific dimension. + default_from_api: true + - name: 'etag' + type: String + description: | + The current etag of the quota preference. If an etag is provided on update and does not match the current server's etag of the quota preference, the request will be blocked and an ABORTED error will be returned. See https://google.aip.dev/134#etags for more details on etags. + output: true + - name: 'createTime' + type: String + description: | + Create time stamp. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `2014-10-02T15:01:23Z` and `2014-10-02T15:01:23.045123456Z`. + output: true + - name: 'updateTime' + type: String + description: | + Update time stamp. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `2014-10-02T15:01:23Z` and `2014-10-02T15:01:23.045123456Z`. + output: true + - name: 'reconciling' + type: Boolean + description: | + Is the quota preference pending Google Cloud approval and fulfillment. + output: true + - name: 'justification' + type: String + description: The reason / justification for this quota preference. + ignore_read: true + - name: 'contactEmail' + type: String + description: |- + An email address that can be used for quota related communication between the Google Cloud and the user in case the Google Cloud needs further information to make a decision on whether the user preferred quota can be granted. + + The Google account for the email address must have quota update permission for the project, folder or organization this quota preference is for. + ignore_read: true diff --git a/mmv1/products/cloudquotas/go_product.yaml b/mmv1/products/cloudquotas/go_product.yaml new file mode 100644 index 000000000000..af7296cf7925 --- /dev/null +++ b/mmv1/products/cloudquotas/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudQuotas' +display_name: 'Cloud Quotas' +versions: + - name: 'ga' + base_url: 'https://cloudquotas.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudrun/DomainMapping.yaml b/mmv1/products/cloudrun/DomainMapping.yaml index 82aa8c386dd3..64f6a575726b 100644 --- a/mmv1/products/cloudrun/DomainMapping.yaml +++ b/mmv1/products/cloudrun/DomainMapping.yaml @@ -210,8 +210,8 @@ properties: name: 'annotations' description: |- Annotations is a key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + may be set by external tools to store and retrieve arbitrary metadata. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations **Note**: The Cloud Run API may add additional annotations that were not provided in your config. If terraform plan shows a diff where a server-side annotation is added, you can add it to your config diff --git a/mmv1/products/cloudrun/Service.yaml b/mmv1/products/cloudrun/Service.yaml index 86114149d106..993c12f4c2c0 100644 --- a/mmv1/products/cloudrun/Service.yaml +++ b/mmv1/products/cloudrun/Service.yaml @@ -284,8 +284,8 @@ properties: name: 'annotations' description: |- Annotations is a key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + may be set by external tools to store and retrieve arbitrary metadata. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations **Note**: The Cloud Run API may add additional annotations that were not provided in your config. If terraform plan shows a diff where a server-side annotation is added, you can add it to your config @@ -748,11 +748,8 @@ properties: name: containerConcurrency description: |- ContainerConcurrency specifies the maximum allowed in-flight (concurrent) - requests per container of the Revision. Values are: - - `0` thread-safe, the system should manage the max concurrency. This is - the default value. - - `1` not-thread-safe. Single concurrency - - `2-N` thread-safe, max concurrency of N + requests per container of the Revision. If not specified or 0, defaults to 80 when + requested CPU >= 1 and defaults to 1 when requested CPU < 1. default_from_api: true - !ruby/object:Api::Type::Integer name: timeoutSeconds @@ -1063,8 +1060,8 @@ properties: name: 'annotations' description: |- Annotations is a key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + may be set by external tools to store and retrieve arbitrary metadata. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations **Note**: The Cloud Run API may add additional annotations that were not provided in your config. If terraform plan shows a diff where a server-side annotation is added, you can add it to your config diff --git a/mmv1/products/cloudrun/go_DomainMapping.yaml b/mmv1/products/cloudrun/go_DomainMapping.yaml new file mode 100644 index 000000000000..29402e0fe87f --- /dev/null +++ b/mmv1/products/cloudrun/go_DomainMapping.yaml @@ -0,0 +1,230 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DomainMapping' +kind: 'DomainMapping' +description: |- + Resource to hold the state and status of a user's domain mapping. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/run/docs/mapping-custom-domains' + api: 'https://cloud.google.com/run/docs/reference/rest/v1/projects.locations.domainmappings' +docs: +id_format: 'locations/{{location}}/namespaces/{{project}}/domainmappings/{{name}}' +base_url: 'apis/domains.cloudrun.com/v1/namespaces/{{project}}/domainmappings' +cai_base_url: 'projects/{{project}}/locations/{{location}}/DomainMappings' +immutable: true +import_format: + - 'locations/{{location}}/namespaces/{{project}}/domainmappings/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + type: 'PollAsync' + check_response_func_existence: 'PollCheckKnativeStatusFunc(res)' + check_response_func_absence: 'transport_tpg.PollCheckForAbsence' + suppress_error: false + target_occurrences: 1 + actions: ['create', 'update'] +custom_code: + constants: 'templates/terraform/constants/go/cloud_run_domain_mapping.go.tmpl' + encoder: 'templates/terraform/encoders/go/cloud_run_domain_mapping.go.tmpl' + decoder: 'templates/terraform/decoders/go/cloud_run.go.tmpl' +custom_diff: + - 'hasMetadata' +error_retry_predicates: + + - 'transport_tpg.IsCloudRunCreationConflict' +schema_version: 1 +state_upgraders: true +examples: + - name: 'cloud_run_domain_mapping_basic' + primary_resource_id: 'default' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + namespace: 'PROJECT_NAME' +parameters: + - name: 'location' + type: String + description: The location of the cloud run instance. eg us-central1 + url_param_only: true + required: true +properties: + - name: 'name' + type: String + description: |- + Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain + url_param_only: true + required: true + immutable: true + - name: 'status' + type: NestedObject + description: The current status of the DomainMapping. + output: true + properties: + - name: 'conditions' + type: Array + description: |- + Array of observed DomainMappingConditions, indicating the current state + of the DomainMapping. + output: true + item_type: + type: NestedObject + properties: + - name: 'message' + type: String + description: |- + Human readable message indicating details about the current status. + output: true + - name: 'status' + type: String + description: Status of the condition, one of True, False, Unknown. + output: true + - name: 'reason' + type: String + description: |- + One-word CamelCase reason for the condition's current status. + output: true + - name: 'type' + type: String + description: Type of domain mapping condition. + output: true + - name: 'observedGeneration' + type: Integer + description: |- + ObservedGeneration is the 'Generation' of the DomainMapping that + was last processed by the controller. + output: true + - name: 'resourceRecords' + type: Array + description: |- + The resource records required to configure this domain mapping. These + records must be added to the domain's DNS configuration in order to + serve the application via this domain mapping. + item_type: + type: NestedObject + properties: + - name: 'type' + type: Enum + description: 'Resource record type. Example: `AAAA`.' + enum_values: + - 'A' + - 'AAAA' + - 'CNAME' + - name: 'rrdata' + type: String + description: |- + Data for this record. Values vary by record type, as defined in RFC 1035 + (section 5) and RFC 1034 (section 3.6.1). + output: true + - name: 'name' + type: String + description: |- + Relative name of the object affected by this record. Only applicable for + `CNAME` records. Example: 'www'. + output: true + - name: 'mappedRouteName' + type: String + description: The name of the route that the mapping currently points to. + output: true + - name: 'spec' + type: NestedObject + description: The spec for this DomainMapping. + required: true + properties: + - name: 'forceOverride' + type: Boolean + description: |- + If set, the mapping will override any mapping set before this spec was set. + It is recommended that the user leaves this empty to receive an error + warning about a potential conflict and only set it once the respective UI + has given such a warning. + custom_flatten: 'templates/terraform/custom_flatten/go/cloudrun_ignore_force_override.go.tmpl' + - name: 'routeName' + type: String + description: |- + The name of the Cloud Run Service that this DomainMapping applies to. + The route must exist. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + - name: 'certificateMode' + type: Enum + description: The mode of the certificate. + default_value: "AUTOMATIC" + enum_values: + - 'NONE' + - 'AUTOMATIC' + - name: 'metadata' + type: NestedObject + description: Metadata associated with this DomainMapping. + default_from_api: true + properties: + - name: 'labels' + type: KeyValueLabels + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and routes. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + - name: 'generation' + type: Integer + description: |- + A sequence number representing a specific generation of the desired state. + output: true + - name: 'resourceVersion' + type: String + description: |- + An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be used + for optimistic concurrency, change detection, and the watch operation on a + resource or set of resources. They may only be valid for a + particular resource or set of resources. + + More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + output: true + - name: 'selfLink' + type: String + description: |- + SelfLink is a URL representing this object. + output: true + - name: 'uid' + type: String + description: |- + UID is a unique id generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. + + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + output: true + - name: 'namespace' + type: String + description: |- + In Cloud Run the namespace must be equal to either the + project ID or project number. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/set_to_project.go.tmpl' + - name: 'annotations' + type: KeyValueAnnotations + description: |- + Annotations is a key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + + **Note**: The Cloud Run API may add additional annotations that were not provided in your config. + If terraform plan shows a diff where a server-side annotation is added, you can add it to your config + or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. diff --git a/mmv1/products/cloudrun/go_Service.yaml b/mmv1/products/cloudrun/go_Service.yaml new file mode 100644 index 000000000000..4f36bbd0580d --- /dev/null +++ b/mmv1/products/cloudrun/go_Service.yaml @@ -0,0 +1,1077 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Service' +kind: 'Service' +description: |- + A Cloud Run service has a unique endpoint and autoscales containers. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/run/docs/' + api: 'https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services' +docs: + warning: | + We recommend using the `google_cloud_run_v2_service` resource which offers a better + developer experience and broader support of Cloud Run features. +id_format: 'locations/{{location}}/namespaces/{{project}}/services/{{name}}' +base_url: 'apis/serving.knative.dev/v1/namespaces/{{project}}/services' +cai_base_url: 'projects/{{project}}/locations/{{location}}/services' +import_format: + - 'locations/{{location}}/namespaces/{{project}}/services/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + type: 'PollAsync' + check_response_func_existence: 'PollCheckKnativeStatusFunc(res)' + check_response_func_absence: 'transport_tpg.PollCheckForAbsence' + suppress_error: false + target_occurrences: 1 + actions: ['create', 'update'] +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'service' + base_url: 'v1/projects/{{project}}/locations/{{location}}/services/{{service}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/services/{{service}}' + - '{{service}}' +custom_code: + constants: 'templates/terraform/constants/go/cloud_run_service.go.tmpl' + encoder: 'templates/terraform/encoders/go/cloud_run_service.go.tmpl' + decoder: 'templates/terraform/decoders/go/cloud_run.go.tmpl' +custom_diff: + - 'revisionNameCustomizeDiff' +error_retry_predicates: + + - 'transport_tpg.IsCloudRunCreationConflict' +schema_version: 2 +state_upgrade_base_schema_version: 1 +state_upgraders: true +examples: + - name: 'cloud_run_service_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + project: 'PROJECT_NAME' + - name: 'cloud_run_service_sql' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-srv' + cloud_run_sql_name: 'cloudrun-sql' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'autogenerate_revision_name' + - name: 'cloud_run_service_noauth' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + project: 'PROJECT_NAME' + - name: 'cloud_run_service_multiple_environment_variables' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'autogenerate_revision_name' + skip_docs: true + - name: 'cloud_run_service_secret_environment_variables' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-srv' + secret_id: 'secret' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'autogenerate_revision_name' + skip_docs: true + - name: 'cloud_run_service_secret_volumes' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-srv' + secret_id: 'secret' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'autogenerate_revision_name' + skip_docs: true + - name: 'cloud_run_service_probes' + primary_resource_id: 'default' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + project: 'PROJECT_NAME' + - name: 'cloud_run_service_multicontainer' + primary_resource_id: 'default' + min_version: 'beta' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + project: 'PROJECT_NAME' +virtual_fields: + - name: 'autogenerate_revision_name' + description: | + If set to `true`, the revision name (template.metadata.name) will be omitted and + autogenerated by Cloud Run. This cannot be set to `true` while `template.metadata.name` + is also set. + (For legacy support, if `template.metadata.name` is unset in state while + this field is set to false, the revision name will still autogenerate.) + type: Boolean + default_value: false +parameters: + - name: 'location' + type: String + description: The location of the cloud run instance. eg us-central1 + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: |- + Name must be unique within a Google Cloud project and region. + Is required when creating resources. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + url_param_only: true + required: true + immutable: true + - name: 'spec' + type: NestedObject + description: Spec holds the desired state of the Service (from the client). + required: true + flatten_object: true + properties: + - name: 'traffic' + type: Array + description: |- + Traffic specifies how to distribute traffic over a collection of Knative Revisions + and Configurations + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'revisionName' + type: String + description: |- + RevisionName of a specific revision to which to send this portion of traffic. + - name: 'percent' + type: Integer + description: |- + Percent specifies percent of the traffic to this Revision or Configuration. + required: true + - name: 'tag' + type: String + description: |- + Tag is optionally used to expose a dedicated url for referencing this target exclusively. + - name: 'latestRevision' + type: Boolean + description: |- + LatestRevision may be optionally provided to indicate that the latest ready + Revision of the Configuration should be used for this traffic target. When + provided LatestRevision must be true if RevisionName is empty; it must be + false when RevisionName is non-empty. + - name: 'url' + type: String + description: |- + URL displays the URL for accessing tagged traffic targets. URL is displayed in status, + and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, + but may not contain anything else (e.g. basic auth, url path, etc.) + output: true + - name: 'template' + type: NestedObject + description: |- + template holds the latest specification for the Revision to + be stamped out. The template references the container image, and may also + include labels and annotations that should be attached to the Revision. + To correlate a Revision, and/or to force a Revision to be created when the + spec doesn't otherwise change, a nonce label may be provided in the + template metadata. For more details, see: + https://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions + + Cloud Run does not currently support referencing a build that is + responsible for materializing the container image from source. + properties: + - name: 'metadata' + type: NestedObject + description: |- + Optional metadata for this Revision, including labels and annotations. + Name will be generated by the Configuration. To set minimum instances + for this revision, use the "autoscaling.knative.dev/minScale" annotation + key. To set maximum instances for this revision, use the + "autoscaling.knative.dev/maxScale" annotation key. To set Cloud SQL + connections for the revision, use the "run.googleapis.com/cloudsql-instances" + annotation key. + default_from_api: true + properties: + - name: 'labels' + type: KeyValuePairs + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + default_from_api: true + diff_suppress_func: 'cloudrunTemplateLabelDiffSuppress' + - name: 'generation' + type: Integer + description: |- + A sequence number representing a specific generation of the desired state. + output: true + - name: 'resourceVersion' + type: String + description: |- + An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be used + for optimistic concurrency, change detection, and the watch operation on a + resource or set of resources. They may only be valid for a + particular resource or set of resources. + output: true + - name: 'selfLink' + type: String + description: |- + SelfLink is a URL representing this object. + output: true + - name: 'uid' + type: String + description: |- + UID is a unique id generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. + output: true + - name: 'namespace' + type: String + description: |- + In Cloud Run the namespace must be equal to either the + project ID or project number. It will default to the resource's project. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/default_to_project.go.tmpl' + - name: 'annotations' + type: KeyValuePairs + description: |- + Annotations is a key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + + **Note**: The Cloud Run API may add additional annotations that were not provided in your config. + If terraform plan shows a diff where a server-side annotation is added, you can add it to your config + or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. + + Annotations with `run.googleapis.com/` and `autoscaling.knative.dev` are restricted. Use the following annotation + keys to configure features on a Revision template: + + - `autoscaling.knative.dev/maxScale` sets the [maximum number of container + instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run. + - `autoscaling.knative.dev/minScale` sets the [minimum number of container + instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run. + - `run.googleapis.com/client-name` sets the client name calling the Cloud Run API. + - `run.googleapis.com/cloudsql-instances` sets the [Cloud SQL + instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to. + - `run.googleapis.com/cpu-throttling` sets whether to throttle the CPU when the container is not actively serving + requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling. + - `run.googleapis.com/encryption-key-shutdown-hours` sets the number of hours to wait before an automatic shutdown + server after CMEK key revocation is detected. + - `run.googleapis.com/encryption-key` sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek) + reference to encrypt the container with. + - `run.googleapis.com/execution-environment` sets the [execution + environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment) + where the application will run. + - `run.googleapis.com/post-key-revocation-action-type` sets the + [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type) + after CMEK key revocation. + - `run.googleapis.com/secrets` sets a list of key-value pairs to set as + [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml). + - `run.googleapis.com/sessionAffinity` sets whether to enable + [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity) + for connections to the Revision. + - `run.googleapis.com/startup-cpu-boost` sets whether to allocate extra CPU to containers on startup. + See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost. + - `run.googleapis.com/vpc-access-connector` sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1) + for the Revision. + - `run.googleapis.com/vpc-access-egress` sets the outbound traffic to send through the VPC connector for this resource. + See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress. + default_from_api: true + diff_suppress_func: 'cloudrunTemplateAnnotationDiffSuppress' + - name: 'name' + type: String + description: |- + Name must be unique within a Google Cloud project and region. + Is required when creating resources. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/cloud_run_service_revision_name.tmpl' + - name: 'spec' + type: NestedObject + description: + RevisionSpec holds the desired state of the Revision (from the + client). + required: true + default_from_api: true + properties: + - name: 'containers' + type: Array + description: |- + Containers defines the unit of execution for this Revision. + required: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: Name of the container + default_from_api: true + - name: 'workingDir' + type: String + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + immutable: true + deprecation_message: '`working_dir` is deprecated and will be removed in a future major release. This field is not supported by the Cloud Run API.' + - name: 'args' + type: Array + description: |- + Arguments to the entrypoint. + The docker image's CMD is used if this is not provided. + item_type: + type: String + - name: 'envFrom' + type: Array + description: |- + List of sources to populate environment variables in the container. + All invalid keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with the last source will + take precedence. Values defined by an Env with a duplicate key will take + precedence. + immutable: true + deprecation_message: '`env_from` is deprecated and will be removed in a future major release. This field is not supported by the Cloud Run API.' + item_type: + type: NestedObject + properties: + - name: 'prefix' + type: String + description: |- + An optional identifier to prepend to each key in the ConfigMap. + - name: 'configMapRef' + type: NestedObject + description: |- + The ConfigMap to select from. + properties: + - name: 'optional' + type: Boolean + description: |- + Specify whether the ConfigMap must be defined + - name: 'localObjectReference' + type: NestedObject + description: The ConfigMap to select from. + properties: + - name: 'name' + type: String + description: |- + Name of the referent. + required: true + - name: 'secretRef' + type: NestedObject + description: |- + The Secret to select from. + properties: + - name: 'localObjectReference' + type: NestedObject + description: The Secret to select from. + properties: + - name: 'name' + type: String + description: |- + Name of the referent. + required: true + - name: 'optional' + type: Boolean + description: |- + Specify whether the Secret must be defined + - name: 'image' + type: String + description: |- + Docker image name. This is most often a reference to a container located + in the container registry, such as gcr.io/cloudrun/hello + required: true + - name: 'command' + type: Array + description: |- + Entrypoint array. Not executed within a shell. + The docker image's ENTRYPOINT is used if this is not provided. + item_type: + type: String + - name: 'env' + type: Array + description: |- + List of environment variables to set in the container. + is_set: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: Name of the environment variable. + - name: 'value' + type: String + description: |- + Defaults to "". + - name: 'valueFrom' + type: NestedObject + description: |- + Source for the environment variable's value. Only supports secret_key_ref. + properties: + - name: 'secretKeyRef' + type: NestedObject + description: |- + Selects a key (version) of a secret in Secret Manager. + required: true + properties: + - name: 'key' + type: String + description: |- + A Cloud Secret Manager secret version. Must be 'latest' for the latest + version or an integer for a specific version. + required: true + - name: 'name' + type: String + description: |- + The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. + If the secret is in another project, you must define an alias. + An alias definition has the form: :projects/{project-id|project-number}/secrets/. + If multiple alias definitions are needed, they must be separated by commas. + The alias definitions must be set on the run.googleapis.com/secrets annotation. + required: true + - name: 'ports' + type: Array + description: |- + List of open ports in the container. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: + If specified, used to specify which protocol to + use. Allowed values are "http1" (HTTP/1) and "h2c" + (HTTP/2 end-to-end). Defaults to "http1". + default_from_api: true + - name: 'protocol' + type: String + description: + Protocol for port. Must be "TCP". Defaults to + "TCP". + - name: 'containerPort' + type: Integer + description: + Port number the container listens on. This must be + a valid port number (between 1 and 65535). + Defaults to "8080". + - name: 'resources' + type: NestedObject + description: |- + Compute Resources required by this container. Used to set values such as max memory + default_from_api: true + properties: + - name: 'limits' + type: KeyValuePairs + description: |- + Limits describes the maximum amount of compute resources allowed. + The values of the map is string form of the 'quantity' k8s type: + https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + default_from_api: true + - name: 'requests' + type: KeyValuePairs + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined value. + The values of the map is string form of the 'quantity' k8s type: + https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + - name: 'volumeMounts' + type: Array + description: |- + Volume to mount into the container's filesystem. + Only supports SecretVolumeSources. + item_type: + type: NestedObject + properties: + - name: 'mountPath' + type: String + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + required: true + - name: 'name' + type: String + description: |- + This must match the Name of a Volume. + required: true + - name: 'startupProbe' + type: NestedObject + description: |- + Startup probe of application within the container. + All other probes are disabled if a startup probe is provided, until it + succeeds. Container will not be added to service endpoints if the probe fails. + default_from_api: true + properties: + - name: 'initialDelaySeconds' + type: Integer + description: |- + Number of seconds after the container has started before the probe is + initiated. + Defaults to 0 seconds. Minimum value is 0. Maximum value is 240. + default_value: 0 + - name: 'timeoutSeconds' + type: Integer + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. Maximum value is 3600. + Must be smaller than periodSeconds. + default_value: 1 + - name: 'periodSeconds' + type: Integer + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum value is 240. + default_value: 10 + - name: 'failureThreshold' + type: Integer + description: |- + Minimum consecutive failures for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - name: 'tcpSocket' + type: NestedObject + description: |- + TcpSocket specifies an action involving a TCP port. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'template.0.spec.0.containers.0.startup_probe.0.tcp_socket' + - 'template.0.spec.0.containers.0.startup_probe.0.http_get' + - 'template.0.spec.0.containers.0.startup_probe.0.grpc' + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'httpGet' + type: NestedObject + description: |- + HttpGet specifies the http request to perform. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'template.0.spec.0.containers.0.startup_probe.0.tcp_socket' + - 'template.0.spec.0.containers.0.startup_probe.0.http_get' + - 'template.0.spec.0.containers.0.startup_probe.0.grpc' + properties: + - name: 'path' + type: String + description: |- + Path to access on the HTTP server. If set, it should not be empty string. + default_value: "/" + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'httpHeaders' + type: Array + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + The header field name. + required: true + - name: 'value' + type: String + description: |- + The header field value. + send_empty_value: true + default_value: "" + - name: 'grpc' + type: NestedObject + description: |- + GRPC specifies an action involving a GRPC port. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'template.0.spec.0.containers.0.startup_probe.0.tcp_socket' + - 'template.0.spec.0.containers.0.startup_probe.0.http_get' + - 'template.0.spec.0.containers.0.startup_probe.0.grpc' + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'service' + type: String + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + - name: 'livenessProbe' + type: NestedObject + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. + properties: + - name: 'initialDelaySeconds' + type: Integer + description: |- + Number of seconds after the container has started before the probe is + initiated. + Defaults to 0 seconds. Minimum value is 0. Maximum value is 3600. + default_value: 0 + - name: 'timeoutSeconds' + type: Integer + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. Maximum value is 3600. + Must be smaller than period_seconds. + default_value: 1 + - name: 'periodSeconds' + type: Integer + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum value is 3600. + default_value: 10 + - name: 'failureThreshold' + type: Integer + description: |- + Minimum consecutive failures for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - name: 'httpGet' + type: NestedObject + description: |- + HttpGet specifies the http request to perform. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'template.0.spec.0.containers.0.liveness_probe.0.http_get' + - 'template.0.spec.0.containers.0.liveness_probe.0.grpc' + properties: + - name: 'path' + type: String + description: |- + Path to access on the HTTP server. If set, it should not be empty string. + default_value: "/" + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'httpHeaders' + type: Array + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + The header field name. + required: true + - name: 'value' + type: String + description: |- + The header field value. + send_empty_value: true + default_value: "" + - name: 'grpc' + type: NestedObject + description: |- + GRPC specifies an action involving a GRPC port. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'template.0.spec.0.containers.0.liveness_probe.0.http_get' + - 'template.0.spec.0.containers.0.liveness_probe.0.grpc' + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'service' + type: String + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + + - name: 'containerConcurrency' + type: Integer + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. If not specified or 0, defaults to 80 when + requested CPU >= 1 and defaults to 1 when requested CPU < 1. + default_from_api: true + - name: 'timeoutSeconds' + type: Integer + description: |- + TimeoutSeconds holds the max duration the instance is allowed for responding to a request. + default_from_api: true + - name: 'serviceAccountName' + type: String + description: |- + Email address of the IAM service account associated with the revision of the + service. The service account represents the identity of the running revision, + and determines what permissions the revision has. If not provided, the revision + will use the project's default service account. + default_from_api: true + - name: 'volumes' + type: Array + description: |- + Volume represents a named volume in a container. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Volume's name. + required: true + - name: 'secret' + type: NestedObject + description: |- + The secret's value will be presented as the content of a file whose + name is defined in the item path. If no items are defined, the name of + the file is the secret_name. + properties: + - name: 'secretName' + type: String + description: |- + The name of the secret in Cloud Secret Manager. By default, the secret + is assumed to be in the same project. + If the secret is in another project, you must define an alias. + An alias definition has the form: + {alias}:projects/{project-id|project-number}/secrets/{secret-name}. + If multiple alias definitions are needed, they must be separated by + commas. + The alias definitions must be set on the run.googleapis.com/secrets + annotation. + required: true + - name: 'defaultMode' + type: Integer + description: |- + Mode bits to use on created files by default. Must be a value between 0000 + and 0777. Defaults to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other mode bits set. + - name: 'items' + type: Array + description: |- + If unspecified, the volume will expose a file whose name is the + secret_name. + If specified, the key will be used as the version to fetch from Cloud + Secret Manager and the path will be the name of the file exposed in the + volume. When items are defined, they must specify a key and a path. + item_type: + type: NestedObject + properties: + - name: 'key' + type: String + description: |- + The Cloud Secret Manager secret version. + Can be 'latest' for the latest value or an integer for a specific version. + required: true + - name: 'path' + type: String + description: |- + The relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + required: true + - name: 'mode' + type: Integer + description: |- + Mode bits to use on this file, must be a value between 0000 and 0777. If + not specified, the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, like fsGroup, and + the result can be other mode bits set. + - name: 'emptyDir' + type: NestedObject + description: |- + Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + min_version: 'beta' + properties: + - name: 'medium' + type: String + description: |- + The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. + - name: 'sizeLimit' + type: String + description: |- + Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + - name: 'csi' + type: NestedObject + description: |- + A filesystem specified by the Container Storage Interface (CSI). + min_version: 'beta' + properties: + - name: 'driver' + type: String + description: |- + Unique name representing the type of file system to be created. Cloud Run supports the following values: + * gcsfuse.run.googleapis.com: Mount a Google Cloud Storage bucket using GCSFuse. This driver requires the + run.googleapis.com/execution-environment annotation to be set to "gen2" and + run.googleapis.com/launch-stage set to "BETA" or "ALPHA". + required: true + - name: 'readOnly' + type: Boolean + description: |- + If true, all mounts created from this volume will be read-only. + default_from_api: true + - name: 'volumeAttributes' + type: KeyValuePairs + description: |- + Driver-specific attributes. The following options are supported for available drivers: + * gcsfuse.run.googleapis.com + * bucketName: The name of the Cloud Storage Bucket that backs this volume. The Cloud Run Service identity must have access to this bucket. + - name: 'nfs' + type: NestedObject + description: |- + A filesystem backed by a Network File System share. This filesystem requires the + run.googleapis.com/execution-environment annotation to be set to "gen2" and + run.googleapis.com/launch-stage set to "BETA" or "ALPHA". + min_version: 'beta' + properties: + - name: 'server' + type: String + description: |- + IP address or hostname of the NFS server + required: true + - name: 'path' + type: String + description: |- + Path exported by the NFS server + required: true + - name: 'readOnly' + type: Boolean + description: |- + If true, mount the NFS volume as read only in all mounts. Defaults to false. + - name: 'servingState' + type: Enum + description: |- + ServingState holds a value describing the state the resources + are in for this Revision. + It is expected + that the system will manipulate this based on routability and load. + output: true + deprecation_message: '`serving_state` is deprecated and will be removed in a future major release. This field is not supported by the Cloud Run API.' + enum_values: + - 'ACTIVE' + - 'RESERVE' + - 'RETIRED' + - name: 'status' + type: NestedObject + description: The current status of the Service. + output: true + properties: + - name: 'conditions' + type: Array + description: |- + Array of observed Service Conditions, indicating the current ready state of the service. + output: true + item_type: + type: NestedObject + properties: + - name: 'message' + type: String + description: |- + Human readable message indicating details about the current status. + output: true + - name: 'status' + type: String + description: Status of the condition, one of True, False, Unknown. + output: true + - name: 'reason' + type: String + description: |- + One-word CamelCase reason for the condition's current status. + output: true + - name: 'type' + type: String + description: Type of domain mapping condition. + output: true + - name: 'url' + type: String + description: |- + From RouteStatus. URL holds the url that will distribute traffic over the provided traffic + targets. It generally has the form + https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app + output: true + - name: 'observedGeneration' + type: Integer + description: |- + ObservedGeneration is the 'Generation' of the Route that was last processed by the + controller. + + Clients polling for completed reconciliation should poll until observedGeneration = + metadata.generation and the Ready condition's status is True or False. + output: true + - name: 'latestCreatedRevisionName' + type: String + description: |- + From ConfigurationStatus. LatestCreatedRevisionName is the last revision that was created + from this Service's Configuration. It might not be ready yet, for that use + LatestReadyRevisionName. + output: true + - name: 'latestReadyRevisionName' + type: String + description: |- + From ConfigurationStatus. LatestReadyRevisionName holds the name of the latest Revision + stamped out from this Service's Configuration that has had its "Ready" condition become + "True". + output: true + - name: 'traffic' + type: Array + description: |- + Traffic specifies how to distribute traffic over a collection of Knative Revisions + and Configurations + output: true + item_type: + type: NestedObject + properties: + - name: 'revisionName' + type: String + description: |- + RevisionName of a specific revision to which to send this portion of traffic. + output: true + - name: 'percent' + type: Integer + description: |- + Percent specifies percent of the traffic to this Revision or Configuration. + output: true + - name: 'tag' + type: String + description: |- + Tag is optionally used to expose a dedicated url for referencing this target exclusively. + output: true + - name: 'latestRevision' + type: Boolean + description: |- + LatestRevision may be optionally provided to indicate that the latest ready + Revision of the Configuration should be used for this traffic target. When + provided LatestRevision must be true if RevisionName is empty; it must be + false when RevisionName is non-empty. + output: true + - name: 'url' + type: String + description: |- + URL displays the URL for accessing tagged traffic targets. URL is displayed in status, + and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, + but may not contain anything else (e.g. basic auth, url path, etc.) + + output: true + - name: 'metadata' + type: NestedObject + description: |- + Metadata associated with this Service, including name, namespace, labels, + and annotations. + required: false + default_from_api: true + properties: + - name: 'labels' + type: KeyValueLabels + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and routes. + - name: 'generation' + type: Integer + description: |- + A sequence number representing a specific generation of the desired state. + output: true + - name: 'resourceVersion' + type: String + description: |- + An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be used + for optimistic concurrency, change detection, and the watch operation on a + resource or set of resources. They may only be valid for a + particular resource or set of resources. + output: true + - name: 'selfLink' + type: String + description: |- + SelfLink is a URL representing this object. + output: true + - name: 'uid' + type: String + description: |- + UID is a unique id generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. + output: true + - name: 'namespace' + type: String + description: |- + In Cloud Run the namespace must be equal to either the + project ID or project number. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/set_to_project.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/default_to_project.go.tmpl' + - name: 'annotations' + type: KeyValueAnnotations + description: |- + Annotations is a key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + + **Note**: The Cloud Run API may add additional annotations that were not provided in your config. + If terraform plan shows a diff where a server-side annotation is added, you can add it to your config + or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. + + Annotations with `run.googleapis.com/` and `autoscaling.knative.dev` are restricted. Use the following annotation + keys to configure features on a Service: + + - `run.googleapis.com/binary-authorization-breakglass` sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass). + - `run.googleapis.com/binary-authorization` sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization). + - `run.googleapis.com/client-name` sets the client name calling the Cloud Run API. + - `run.googleapis.com/custom-audiences` sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences) + that can be used in the audience field of ID token for authenticated requests. + - `run.googleapis.com/description` sets a user defined description for the Service. + - `run.googleapis.com/ingress` sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress) + for the Service. For example, `"run.googleapis.com/ingress" = "all"`. + - `run.googleapis.com/launch-stage` sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation) + when a preview feature is used. For example, `"run.googleapis.com/launch-stage": "BETA"` diff --git a/mmv1/products/cloudrun/go_product.yaml b/mmv1/products/cloudrun/go_product.yaml new file mode 100644 index 000000000000..70f12763b4f3 --- /dev/null +++ b/mmv1/products/cloudrun/go_product.yaml @@ -0,0 +1,26 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudRun' +display_name: 'Cloud Run' +versions: + - name: 'ga' + base_url: 'https://{{location}}-run.googleapis.com/' + cai_base_url: 'https://run.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://{{location}}-run.googleapis.com/' + cai_base_url: 'https://run.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudrunv2/Job.yaml b/mmv1/products/cloudrunv2/Job.yaml index c8e58edf624d..12fb755344ff 100644 --- a/mmv1/products/cloudrunv2/Job.yaml +++ b/mmv1/products/cloudrunv2/Job.yaml @@ -114,6 +114,14 @@ examples: ])" vars: cloud_run_job_name: 'cloudrun-job' + - !ruby/object:Provider::Terraform::Examples + name: 'cloudrunv2_job_run_job' + min_version: beta + primary_resource_id: 'default' + primary_resource_name: "fmt.Sprintf(\"tf-test-cloudrun-job%s\", context[\"random_suffix\"\ + ])" + vars: + cloud_run_job_name: 'cloudrun-job' parameters: - !ruby/object:Api::Type::String name: 'location' @@ -226,6 +234,22 @@ properties: name: 'useDefault' description: | If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. + - !ruby/object:Api::Type::String + name: 'startExecutionToken' + description: |- + A unique string used as a suffix creating a new execution upon job create or update. The Job will become ready when the execution is successfully started. + The sum of job name and token length must be fewer than 63 characters. + conflicts: + - run_execution_token + min_version: beta + - !ruby/object:Api::Type::String + name: 'runExecutionToken' + description: |- + A unique string used as a suffix creating a new execution upon job create or update. The Job will become ready when the execution is successfully completed. + The sum of job name and token length must be fewer than 63 characters. + conflicts: + - start_execution_token + min_version: beta - !ruby/object:Api::Type::NestedObject name: 'template' required: true @@ -523,6 +547,8 @@ properties: A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". default_from_api: true + validation: !ruby/object:Provider::Terraform::Validation + regex: '^[0-9]+(?:\.[0-9]{1,9})?s$' - !ruby/object:Api::Type::String name: 'serviceAccount' description: |- diff --git a/mmv1/products/cloudrunv2/Service.yaml b/mmv1/products/cloudrunv2/Service.yaml index 88929c429ed7..38346ba9df0f 100644 --- a/mmv1/products/cloudrunv2/Service.yaml +++ b/mmv1/products/cloudrunv2/Service.yaml @@ -361,6 +361,8 @@ properties: A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". default_from_api: true + validation: !ruby/object:Provider::Terraform::Validation + regex: '^[0-9]+(?:\.[0-9]{1,9})?s$' - !ruby/object:Api::Type::String name: 'serviceAccount' description: |- @@ -826,6 +828,7 @@ properties: name: 'maxInstanceRequestConcurrency' description: |- Sets the maximum number of requests that each serving instance can receive. + If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. default_from_api: true - !ruby/object:Api::Type::Boolean name: 'sessionAffinity' diff --git a/mmv1/products/cloudrunv2/go_Job.yaml b/mmv1/products/cloudrunv2/go_Job.yaml new file mode 100644 index 000000000000..ed2b78d7a96f --- /dev/null +++ b/mmv1/products/cloudrunv2/go_Job.yaml @@ -0,0 +1,744 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Job' +description: | + A Cloud Run Job resource that references a container image which is run to completion. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/run/docs/' + api: 'https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.jobs' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/jobs/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/jobs' +self_link: 'projects/{{project}}/locations/{{location}}/jobs/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/jobs?jobId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{location}}/jobs/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/locations/{{location}}/jobs/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/jobs/{{name}}' + - '{{name}}' +custom_code: +taint_resource_on_failed_create: true +examples: + - name: 'cloudrunv2_job_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-job%s", context["random_suffix"])' + vars: + cloud_run_job_name: 'cloudrun-job' + - name: 'cloudrunv2_job_limits' + primary_resource_id: 'default' + vars: + cloud_run_job_name: 'cloudrun-job' + - name: 'cloudrunv2_job_sql' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_job_name: 'cloudrun-job' + secret_id: 'secret' + cloud_run_sql_name: 'cloudrun-sql' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + - name: 'cloudrunv2_job_vpcaccess' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_job_name: 'cloudrun-job' + vpc_access_connector_name: 'run-vpc' + vpc_compute_subnetwork_name: 'run-subnetwork' + compute_network_name: 'run-network' + - name: 'cloudrunv2_job_directvpc' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-job%s", context["random_suffix"])' + vars: + cloud_run_job_name: 'cloudrun-job' + - name: 'cloudrunv2_job_secret' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_job_name: 'cloudrun-job' + secret_id: 'secret' + - name: 'cloudrunv2_job_emptydir' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-job%s", context["random_suffix"])' + min_version: 'beta' + vars: + cloud_run_job_name: 'cloudrun-job' + - name: 'cloudrunv2_job_run_job' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-job%s", context["random_suffix"])' + min_version: 'beta' + vars: + cloud_run_job_name: 'cloudrun-job' +parameters: + - name: 'location' + type: String + description: The location of the cloud run job + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Name of the Job. + url_param_only: true + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + - name: 'uid' + type: String + description: | + Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. + output: true + - name: 'generation' + type: String + description: | + A number that monotonically increases every time the user modifies the desired state. + output: true + - name: 'labels' + type: KeyValueLabels + description: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, + environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + + Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 Job. + immutable: false + - name: 'annotations' + type: KeyValueAnnotations + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected on new resources. + All system annotations in v1 now have a corresponding field in v2 Job. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + - name: 'createTime' + type: Time + description: |- + The creation time. + output: true + - name: 'updateTime' + type: Time + description: |- + The last-modified time. + output: true + - name: 'deleteTime' + type: Time + description: |- + The deletion time. + output: true + - name: 'expireTime' + type: Time + description: |- + For a deleted resource, the time after which it will be permamently deleted. + output: true + - name: 'creator' + type: String + description: |- + Email address of the authenticated creator. + output: true + - name: 'lastModifier' + type: String + description: |- + Email address of the last authenticated modifier. + output: true + - name: 'client' + type: String + description: | + Arbitrary identifier for the API client. + - name: 'clientVersion' + type: String + description: | + Arbitrary version identifier for the API client. + - name: 'launchStage' + type: Enum + description: | + The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. + default_from_api: true + enum_values: + - 'UNIMPLEMENTED' + - 'PRELAUNCH' + - 'EARLY_ACCESS' + - 'ALPHA' + - 'BETA' + - 'GA' + - 'DEPRECATED' + - name: 'binaryAuthorization' + type: NestedObject + description: | + Settings for the Binary Authorization feature. + properties: + - name: 'breakglassJustification' + type: String + description: | + If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + - name: 'useDefault' + type: Boolean + description: | + If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. + - name: 'startExecutionToken' + type: String + description: |- + A unique string used as a suffix creating a new execution upon job create or update. The Job will become ready when the execution is successfully started. + The sum of job name and token length must be fewer than 63 characters. + min_version: 'beta' + conflicts: + - run_execution_token + - name: 'runExecutionToken' + type: String + description: |- + A unique string used as a suffix creating a new execution upon job create or update. The Job will become ready when the execution is successfully completed. + The sum of job name and token length must be fewer than 63 characters. + min_version: 'beta' + conflicts: + - start_execution_token + - name: 'template' + type: NestedObject + description: | + The template used to create executions for this Job. + required: true + properties: + - name: 'labels' + type: KeyValuePairs + description: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, + or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or + https://cloud.google.com/run/docs/configuring/labels. + + Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 ExecutionTemplate. + - name: 'annotations' + type: KeyValuePairs + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + - name: 'parallelism' + type: Integer + description: |- + Specifies the maximum desired number of tasks the execution should run at given time. Must be <= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism. + default_from_api: true + - name: 'taskCount' + type: Integer + description: |- + Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + default_from_api: true + - name: 'template' + type: NestedObject + description: | + Describes the task(s) that will be created when executing an execution + required: true + properties: + - name: 'containers' + type: Array + description: |- + Holds the single container that defines the unit of execution for this task. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Name of the container specified as a DNS_LABEL. + - name: 'image' + type: String + description: |- + URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images + required: true + - name: 'command' + type: Array + description: |- + Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: + type: String + - name: 'args' + type: Array + description: |- + Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: + type: String + - name: 'env' + type: Array + description: |- + List of environment variables to set in the container. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. + required: true + - name: 'value' + type: String + description: |- + Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes + # exactly_one_of: + # - template.0.template.0.containers.0.env.0.value + # - template.0.template.0.containers.0.env.0.valueSource + - name: 'valueSource' + type: NestedObject + description: |- + Source for the environment variable's value. + # exactly_one_of: + # - template.0.template.0.containers.0.env.0.value + # - template.0.template.0.containers.0.env.0.valueSource + properties: + - name: 'secretKeyRef' + type: NestedObject + description: |- + Selects a secret and a specific version from Cloud Secret Manager. + properties: + - name: 'secret' + type: String + description: |- + The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. + required: true + - name: 'version' + type: String + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + required: true + - name: 'resources' + type: NestedObject + description: |- + Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + default_from_api: true + properties: + - name: 'limits' + type: KeyValuePairs + description: |- + Only memory and CPU are supported. Use key `cpu` for CPU limit and `memory` for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + default_from_api: true + - name: 'ports' + type: Array + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". + - name: 'containerPort' + type: Integer + description: |- + Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. + - name: 'volumeMounts' + type: Array + description: |- + Volume to mount into the container's filesystem. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + This must match the Name of a Volume. + required: true + - name: 'mountPath' + type: String + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run + required: true + - name: 'workingDir' + type: String + description: |- + Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. + - name: 'volumes' + type: Array + description: |- + A list of Volumes to make available to containers. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Volume's name. + required: true + - name: 'secret' + type: NestedObject + description: |- + Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + # exactly_one_of: + # - template.0.template.0.volumes.0.secret + # - template.0.template.0.volumes.0.cloudSqlInstance + # - template.0.template.0.volumes.0.emptyDir + # - template.0.volumes.0.gcs + # - template.0.volumes.0.nfs + properties: + - name: 'secret' + type: String + description: |- + The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + required: true + - name: 'defaultMode' + type: Integer + description: |- + Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. + - name: 'items' + type: Array + description: |- + If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. + item_type: + type: NestedObject + properties: + - name: 'path' + type: String + description: |- + The relative path of the secret in the container. + required: true + - name: 'version' + type: String + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version + required: true + - name: 'mode' + type: Integer + description: |- + Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. + - name: 'cloudSqlInstance' + type: NestedObject + description: |- + For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. + # exactly_one_of: + # - template.0.template.0.volumes.0.secret + # - template.0.template.0.volumes.0.cloudSqlInstance + # - template.0.template.0.volumes.0.emptyDir + # - template.0.volumes.0.gcs + # - template.0.volumes.0.nfs + properties: + - name: 'instances' + type: Array + description: |- + The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} + item_type: + type: String + - name: 'emptyDir' + type: NestedObject + description: |- + Ephemeral storage used as a shared volume. + min_version: 'beta' + properties: + - name: 'medium' + type: Enum + description: |- + The different types of medium supported for EmptyDir. + default_value: "MEMORY" + enum_values: + - 'MEMORY' + - name: 'sizeLimit' + type: String + description: |- + Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + - name: 'gcs' + type: NestedObject + description: |- + Cloud Storage bucket mounted as a volume using GCSFuse. This feature requires the launch stage to be set to ALPHA or BETA. + min_version: 'beta' + properties: + - name: 'bucket' + type: String + description: |- + Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket. + required: true + - name: 'readOnly' + type: Boolean + description: |- + If true, mount this volume as read-only in all mounts. If false, mount this volume as read-write. + - name: 'nfs' + type: NestedObject + description: |- + NFS share mounted as a volume. This feature requires the launch stage to be set to ALPHA or BETA. + min_version: 'beta' + properties: + - name: 'server' + type: String + description: |- + Hostname or IP address of the NFS server. + required: true + - name: 'path' + type: String + description: |- + Path that is exported by the NFS server. + - name: 'readOnly' + type: Boolean + description: |- + If true, mount this volume as read-only in all mounts. + - name: 'timeout' + type: String + description: |- + Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + default_from_api: true + validation: + regex: '^[0-9]+(?:\.[0-9]{1,9})?s$' + - name: 'serviceAccount' + type: String + description: |- + Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account. + default_from_api: true + - name: 'executionEnvironment' + type: Enum + description: |- + The execution environment being used to host this Task. + default_from_api: true + enum_values: + - 'EXECUTION_ENVIRONMENT_GEN1' + - 'EXECUTION_ENVIRONMENT_GEN2' + - name: 'encryptionKey' + type: String + description: |- + A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek + - name: 'vpcAccess' + type: NestedObject + description: |- + VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + - name: 'connector' + type: String + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. + - name: 'egress' + type: Enum + description: |- + Traffic VPC egress settings. + default_from_api: true + enum_values: + - 'ALL_TRAFFIC' + - 'PRIVATE_RANGES_ONLY' + - name: 'networkInterfaces' + type: Array + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + item_type: + type: NestedObject + properties: + - name: 'network' + type: String + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + default_from_api: true + - name: 'subnetwork' + type: String + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + default_from_api: true + - name: 'tags' + type: Array + description: |- + Network tags applied to this Cloud Run job. + item_type: + type: String + - name: 'maxRetries' + type: Integer + description: |- + Number of retries allowed per Task, before marking this Task failed. + send_empty_value: true + default_value: 3 + - name: 'observedGeneration' + type: String + description: | + The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + - name: 'terminalCondition' + type: NestedObject + description: | + The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state + output: true + properties: + - name: 'type' + type: String + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + output: true + - name: 'state' + type: String + description: |- + State of the condition. + output: true + - name: 'message' + type: String + description: |- + Human readable message indicating details about the current status. + output: true + - name: 'lastTransitionTime' + type: Time + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'severity' + type: String + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + output: true + - name: 'reason' + type: String + description: |- + A common (service-level) reason for this condition. + output: true + - name: 'revisionReason' + type: String + description: |- + A reason for the revision condition. + output: true + - name: 'executionReason' + type: String + description: |- + A reason for the execution condition. + output: true + - name: 'conditions' + type: Array + description: |- + The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on `reconciliation` process in Cloud Run. + output: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: String + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + output: true + - name: 'state' + type: String + description: |- + State of the condition. + output: true + - name: 'message' + type: String + description: |- + Human readable message indicating details about the current status. + output: true + - name: 'lastTransitionTime' + type: Time + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'severity' + type: String + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + output: true + - name: 'reason' + type: String + description: |- + A common (service-level) reason for this condition. + output: true + - name: 'revisionReason' + type: String + description: |- + A reason for the revision condition. + output: true + - name: 'executionReason' + type: String + description: |- + A reason for the execution condition. + output: true + - name: 'executionCount' + type: Integer + description: | + Number of executions created for this job. + output: true + - name: 'latestCreatedExecution' + type: NestedObject + description: | + Name of the last created execution. + output: true + properties: + - name: 'name' + type: String + description: | + Name of the execution. + output: true + - name: 'createTime' + type: Time + description: | + Creation timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'completionTime' + type: Time + description: | + Completion timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'reconciling' + type: Boolean + description: | + Returns true if the Job is currently being acted upon by the system to bring it into the desired state. + + When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution. + + If reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions + output: true + - name: 'etag' + type: String + description: | + A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. + output: true diff --git a/mmv1/products/cloudrunv2/go_Service.yaml b/mmv1/products/cloudrunv2/go_Service.yaml new file mode 100644 index 000000000000..84222388d0b0 --- /dev/null +++ b/mmv1/products/cloudrunv2/go_Service.yaml @@ -0,0 +1,1019 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Service' +description: | + Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/run/docs/' + api: 'https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/services/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/services' +self_link: 'projects/{{project}}/locations/{{location}}/services/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/services?serviceId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{location}}/services/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/locations/{{location}}/services/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/services/{{name}}' + - '{{name}}' +custom_code: +taint_resource_on_failed_create: true +examples: + - name: 'cloudrunv2_service_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + - name: 'cloudrunv2_service_limits' + primary_resource_id: 'default' + vars: + cloud_run_service_name: 'cloudrun-service' + - name: 'cloudrunv2_service_sql' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + secret_id: 'secret-1' + cloud_run_sql_name: 'cloudrun-sql' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + - name: 'cloudrunv2_service_vpcaccess' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + vpc_access_connector_name: 'run-vpc' + vpc_compute_subnetwork_name: 'run-subnetwork' + compute_network_name: 'run-network' + - name: 'cloudrunv2_service_directvpc' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + - name: 'cloudrunv2_service_probes' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + - name: 'cloudrunv2_service_secret' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + secret_id: 'secret-1' + - name: 'cloudrunv2_service_multicontainer' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service%s", context["random_suffix"])' + min_version: 'beta' + vars: + cloud_run_service_name: 'cloudrun-service' + - name: 'cloudrunv2_service_mount_gcs' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service-%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' + - name: 'cloudrunv2_service_mount_nfs' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service-%s", context["random_suffix"])' + vars: + cloud_run_service_name: 'cloudrun-service' +parameters: + - name: 'location' + type: String + description: The location of the cloud run service + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Name of the Service. + url_param_only: true + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + - name: 'description' + type: String + description: | + User-provided description of the Service. This field currently has a 512-character limit. + - name: 'uid' + type: String + description: | + Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. + output: true + - name: 'generation' + type: String + description: | + A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. + output: true + - name: 'labels' + type: KeyValueLabels + description: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, + environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + + Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 Service. + immutable: false + - name: 'annotations' + type: KeyValueAnnotations + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected in new resources. + All system annotations in v1 now have a corresponding field in v2 Service. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + - name: 'createTime' + type: Time + description: |- + The creation time. + output: true + - name: 'updateTime' + type: Time + description: |- + The last-modified time. + output: true + - name: 'deleteTime' + type: Time + description: |- + The deletion time. + output: true + - name: 'expireTime' + type: Time + description: |- + For a deleted resource, the time after which it will be permamently deleted. + output: true + - name: 'creator' + type: String + description: |- + Email address of the authenticated creator. + output: true + - name: 'lastModifier' + type: String + description: |- + Email address of the last authenticated modifier. + output: true + - name: 'client' + type: String + description: | + Arbitrary identifier for the API client. + - name: 'clientVersion' + type: String + description: | + Arbitrary version identifier for the API client. + - name: 'ingress' + type: Enum + description: | + Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. + default_from_api: true + enum_values: + - 'INGRESS_TRAFFIC_ALL' + - 'INGRESS_TRAFFIC_INTERNAL_ONLY' + - 'INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER' + - name: 'launchStage' + type: Enum + description: | + The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. + default_from_api: true + enum_values: + - 'UNIMPLEMENTED' + - 'PRELAUNCH' + - 'EARLY_ACCESS' + - 'ALPHA' + - 'BETA' + - 'GA' + - 'DEPRECATED' + - name: 'binaryAuthorization' + type: NestedObject + description: | + Settings for the Binary Authorization feature. + properties: + - name: 'breakglassJustification' + type: String + description: | + If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + - name: 'useDefault' + type: Boolean + description: | + If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. + - name: 'customAudiences' + type: Array + description: | + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + item_type: + type: String + - name: 'scaling' + type: NestedObject + description: | + Scaling settings that apply to the whole service + min_version: 'beta' + properties: + - name: 'minInstanceCount' + type: Integer + description: | + Minimum number of instances for the service, to be divided among all revisions receiving traffic. + - name: 'defaultUriDisabled' + type: Boolean + description: |- + Disables public resolution of the default URI of this service. + min_version: 'beta' + - name: 'template' + type: NestedObject + description: | + The template used to create revisions for this Service. + required: true + properties: + - name: 'revision' + type: String + description: |- + The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. + - name: 'labels' + type: KeyValuePairs + description: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. + For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + + Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 RevisionTemplate. + - name: 'annotations' + type: KeyValuePairs + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + - name: 'scaling' + type: NestedObject + description: | + Scaling settings for this Revision. + default_from_api: true + properties: + - name: 'minInstanceCount' + type: Integer + description: |- + Minimum number of serving instances that this resource should have. + - name: 'maxInstanceCount' + type: Integer + description: |- + Maximum number of serving instances that this resource should have. + - name: 'vpcAccess' + type: NestedObject + description: |- + VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + - name: 'connector' + type: String + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. + - name: 'egress' + type: Enum + description: |- + Traffic VPC egress settings. + default_from_api: true + enum_values: + - 'ALL_TRAFFIC' + - 'PRIVATE_RANGES_ONLY' + - name: 'networkInterfaces' + type: Array + description: |- + Direct VPC egress settings. Currently only single network interface is supported. + item_type: + type: NestedObject + properties: + - name: 'network' + type: String + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + default_from_api: true + - name: 'subnetwork' + type: String + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + default_from_api: true + - name: 'tags' + type: Array + description: |- + Network tags applied to this Cloud Run service. + item_type: + type: String + - name: 'timeout' + type: String + description: |- + Max allowed time for an instance to respond to a request. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + default_from_api: true + validation: + regex: '^[0-9]+(?:\.[0-9]{1,9})?s$' + - name: 'serviceAccount' + type: String + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + default_from_api: true + - name: 'containers' + type: Array + description: |- + Holds the containers that define the unit of execution for this Service. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Name of the container specified as a DNS_LABEL. + - name: 'image' + type: String + description: |- + URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images + required: true + - name: 'command' + type: Array + description: |- + Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: + type: String + - name: 'args' + type: Array + description: |- + Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: + type: String + - name: 'env' + type: Array + description: |- + List of environment variables to set in the container. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. + required: true + - name: 'value' + type: String + description: |- + Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes + # exactly_one_of: + # - template.0.containers.0.env.0.value + # - template.0.containers.0.env.0.valueSource + - name: 'valueSource' + type: NestedObject + description: |- + Source for the environment variable's value. + # exactly_one_of: + # - template.0.containers.0.env.0.value + # - template.0.containers.0.env.0.valueSource + properties: + - name: 'secretKeyRef' + type: NestedObject + description: |- + Selects a secret and a specific version from Cloud Secret Manager. + properties: + - name: 'secret' + type: String + description: |- + The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. + required: true + - name: 'version' + type: String + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + - name: 'resources' + type: NestedObject + description: |- + Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + default_from_api: true + properties: + - name: 'limits' + type: KeyValuePairs + description: |- + Only memory and CPU are supported. Use key `cpu` for CPU limit and `memory` for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + default_from_api: true + - name: 'cpuIdle' + type: Boolean + description: |- + Determines whether CPU is only allocated during requests. True by default if the parent `resources` field is not set. However, if + `resources` is set, this field must be explicitly set to true to preserve the default behavior. + - name: 'startupCpuBoost' + type: Boolean + description: |- + Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency. + - name: 'ports' + type: Array + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". + default_from_api: true + - name: 'containerPort' + type: Integer + description: |- + Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. + max_size: 1 + - name: 'volumeMounts' + type: Array + description: |- + Volume to mount into the container's filesystem. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + This must match the Name of a Volume. + required: true + - name: 'mountPath' + type: String + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run + required: true + - name: 'workingDir' + type: String + description: |- + Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. + - name: 'livenessProbe' + type: NestedObject + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_from_api: true + properties: + - name: 'initialDelaySeconds' + type: Integer + description: |- + Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 0 + - name: 'timeoutSeconds' + type: Integer + description: |- + Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 1 + - name: 'periodSeconds' + type: Integer + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + default_value: 10 + - name: 'failureThreshold' + type: Integer + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - name: 'httpGet' + type: NestedObject + description: |- + HTTPGet specifies the http request to perform. + send_empty_value: true + allow_empty_object: true + properties: + - name: 'path' + type: String + description: |- + Path to access on the HTTP server. Defaults to '/'. + default_value: "/" + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'httpHeaders' + type: Array + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + The header field name + required: true + - name: 'value' + type: String + description: |- + The header field value + send_empty_value: true + default_value: "" + - name: 'grpc' + type: NestedObject + description: |- + GRPC specifies an action involving a GRPC port. + send_empty_value: true + allow_empty_object: true + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'service' + type: String + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + - name: 'tcpSocket' + type: NestedObject + description: TCPSocketAction describes an action based on opening a socket + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the exposed port of the container, which + is the value of container.ports[0].containerPort. + required: true + - name: 'startupProbe' + type: NestedObject + description: |- + Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_from_api: true + properties: + - name: 'initialDelaySeconds' + type: Integer + description: |- + Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 0 + - name: 'timeoutSeconds' + type: Integer + description: |- + Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 1 + - name: 'periodSeconds' + type: Integer + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + default_value: 10 + - name: 'failureThreshold' + type: Integer + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - name: 'httpGet' + type: NestedObject + description: |- + HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + properties: + - name: 'path' + type: String + description: |- + Path to access on the HTTP server. Defaults to '/'. + default_value: "/" + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'httpHeaders' + type: Array + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + The header field name + required: true + - name: 'value' + type: String + description: |- + The header field value + send_empty_value: true + default_value: "" + - name: 'tcpSocket' + type: NestedObject + description: |- + TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'grpc' + type: NestedObject + description: |- + GRPC specifies an action involving a GRPC port. + send_empty_value: true + allow_empty_object: true + properties: + - name: 'port' + type: Integer + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + default_from_api: true + - name: 'service' + type: String + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + - name: 'dependsOn' + type: Array + description: |- + Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. + item_type: + type: String + - name: 'volumes' + type: Array + description: |- + A list of Volumes to make available to containers. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: |- + Volume's name. + required: true + - name: 'secret' + type: NestedObject + description: |- + Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + # - template.0.volumes.0.emptyDir + properties: + - name: 'secret' + type: String + description: |- + The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + required: true + - name: 'defaultMode' + type: Integer + description: |- + Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. + - name: 'items' + type: Array + description: |- + If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. + item_type: + type: NestedObject + properties: + - name: 'path' + type: String + description: |- + The relative path of the secret in the container. + required: true + - name: 'version' + type: String + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version + - name: 'mode' + type: Integer + description: |- + Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. + - name: 'cloudSqlInstance' + type: NestedObject + description: |- + For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + # - template.0.volumes.0.emptyDir + # - template.0.volumes.0.gcs + properties: + - name: 'instances' + type: Array + description: |- + The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} + is_set: true + item_type: + type: String + - name: 'emptyDir' + type: NestedObject + description: |- + Ephemeral storage used as a shared volume. + min_version: 'beta' + properties: + - name: 'medium' + type: Enum + description: |- + The different types of medium supported for EmptyDir. + default_value: "MEMORY" + enum_values: + - 'MEMORY' + - name: 'sizeLimit' + type: String + description: |- + Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + - name: 'gcs' + type: NestedObject + description: |- + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + # - template.0.volumes.0.emptyDir + # - template.0.volumes.0.gcs + properties: + - name: 'bucket' + type: String + description: GCS Bucket name + required: true + - name: 'readOnly' + type: Boolean + description: If true, mount the GCS bucket as read-only + required: false + - name: 'nfs' + type: NestedObject + description: Represents an NFS mount. + properties: + - name: 'server' + type: String + description: Hostname or IP address of the NFS server + required: true + - name: 'path' + type: String + description: Path that is exported by the NFS server. + required: true + - name: 'readOnly' + type: Boolean + description: If true, mount the NFS volume as read only + required: false + - name: 'executionEnvironment' + type: Enum + description: |- + The sandbox environment to host this Revision. + enum_values: + - 'EXECUTION_ENVIRONMENT_GEN1' + - 'EXECUTION_ENVIRONMENT_GEN2' + - name: 'encryptionKey' + type: String + description: |- + A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek + - name: 'maxInstanceRequestConcurrency' + type: Integer + description: |- + Sets the maximum number of requests that each serving instance can receive. + If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. + default_from_api: true + - name: 'sessionAffinity' + type: Boolean + description: |- + Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity + - name: 'traffic' + type: Array + description: |- + Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: Enum + description: | + The allocation type for this traffic target. + enum_values: + - 'TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST' + - 'TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + - name: 'revision' + type: String + description: | + Revision to which to send this portion of traffic, if traffic allocation is by revision. + - name: 'percent' + type: Integer + description: | + Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. + default_from_api: true + - name: 'tag' + type: String + description: | + Indicates a string to be part of the URI to exclusively reference this target. + - name: 'observedGeneration' + type: String + description: | + The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. + output: true + - name: 'terminalCondition' + type: NestedObject + description: | + The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + properties: + - name: 'type' + type: String + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + output: true + - name: 'state' + type: String + description: |- + State of the condition. + output: true + - name: 'message' + type: String + description: |- + Human readable message indicating details about the current status. + output: true + - name: 'lastTransitionTime' + type: Time + description: |- + Last time the condition transitioned from one status to another. + output: true + - name: 'severity' + type: String + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + output: true + - name: 'reason' + type: String + description: |- + A common (service-level) reason for this condition. + output: true + - name: 'revisionReason' + type: String + description: |- + A reason for the revision condition. + output: true + - name: 'executionReason' + type: String + description: |- + A reason for the execution condition. + output: true + - name: 'conditions' + type: Array + description: |- + The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: String + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + output: true + - name: 'state' + type: String + description: |- + State of the condition. + output: true + - name: 'message' + type: String + description: |- + Human readable message indicating details about the current status. + output: true + - name: 'lastTransitionTime' + type: Time + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'severity' + type: String + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + output: true + - name: 'reason' + type: String + description: |- + A common (service-level) reason for this condition. + output: true + - name: 'revisionReason' + type: String + description: |- + A reason for the revision condition. + output: true + - name: 'executionReason' + type: String + description: |- + A reason for the execution condition. + output: true + - name: 'latestReadyRevision' + type: String + description: | + Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + - name: 'latestCreatedRevision' + type: String + description: | + Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + - name: 'trafficStatuses' + type: Array + description: |- + Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: String + description: |- + The allocation type for this traffic target. + output: true + - name: 'revision' + type: String + description: |- + Revision to which this traffic is sent. + output: true + - name: 'percent' + type: Integer + description: |- + Specifies percent of the traffic to this Revision. + output: true + - name: 'tag' + type: String + description: |- + Indicates the string used in the URI to exclusively reference this target. + output: true + - name: 'uri' + type: String + description: |- + Displays the target URI. + output: true + - name: 'uri' + type: String + description: | + The main URI in which this Service is serving traffic. + output: true + - name: 'reconciling' + type: Boolean + description: | + Returns true if the Service is currently being acted upon by the system to bring it into the desired state. + + When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. + + If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. + output: true + - name: 'etag' + type: String + description: | + A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. + output: true diff --git a/mmv1/products/cloudrunv2/go_product.yaml b/mmv1/products/cloudrunv2/go_product.yaml new file mode 100644 index 000000000000..f565c2f94e2e --- /dev/null +++ b/mmv1/products/cloudrunv2/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudRunV2' +display_name: 'Cloud Run (v2 API)' +versions: + - name: 'ga' + base_url: 'https://run.googleapis.com/v2/' + - name: 'beta' + base_url: 'https://run.googleapis.com/v2/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudscheduler/Job.yaml b/mmv1/products/cloudscheduler/Job.yaml index f65975609557..bd22c694415c 100644 --- a/mmv1/products/cloudscheduler/Job.yaml +++ b/mmv1/products/cloudscheduler/Job.yaml @@ -343,7 +343,7 @@ properties: description: | The full URI path that the request will be sent to. required: true - diff_suppress_func: 'tpgresource.LastSlashDiffSuppress' + diff_suppress_func: 'LastSlashDiffSuppress' - !ruby/object:Api::Type::String name: httpMethod description: | diff --git a/mmv1/products/cloudscheduler/go_Job.yaml b/mmv1/products/cloudscheduler/go_Job.yaml new file mode 100644 index 000000000000..4644e7ab4b1a --- /dev/null +++ b/mmv1/products/cloudscheduler/go_Job.yaml @@ -0,0 +1,406 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Job' +description: | + A scheduled job that can publish a PubSub message or an HTTP request + every X interval of time, using a crontab format string. + +references: + guides: + 'Official Documentation': 'https://cloud.google.com/scheduler/' + api: 'https://cloud.google.com/scheduler/docs/reference/rest/' +docs: +id_format: 'projects/{{project}}/locations/{{region}}/jobs/{{name}}' +base_url: 'projects/{{project}}/locations/{{region}}/jobs' +self_link: 'projects/{{project}}/locations/{{region}}/jobs/{{name}}' +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/scheduler.tmpl' + encoder: 'templates/terraform/encoders/go/cloud_scheduler.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/cloud_scheduler.go.tmpl' + post_create: 'templates/terraform/post_create/go/cloud_scheduler.go.tmpl' + post_update: 'templates/terraform/post_update/go/cloud_scheduler.go.tmpl' +custom_diff: + - 'validateAuthHeaders' +examples: + - name: 'scheduler_job_pubsub' + primary_resource_id: 'job' + vars: + job_name: 'test-job' + topic_name: 'job-topic' + - name: 'scheduler_job_http' + primary_resource_id: 'job' + vars: + job_name: 'test-job' + - name: 'scheduler_job_paused' + primary_resource_id: 'job' + vars: + job_name: 'test-job' + - name: 'scheduler_job_app_engine' + primary_resource_id: 'job' + vars: + job_name: 'test-job' + - name: 'scheduler_job_oauth' + primary_resource_id: 'job' + vars: + job_name: 'test-job' + test_env_vars: + project_name: 'PROJECT_NAME' + region: 'REGION' + - name: 'scheduler_job_oidc' + primary_resource_id: 'job' + vars: + job_name: 'test-job' +parameters: + - name: 'region' + type: String + description: | + Region where the scheduler job resides. If it is not provided, Terraform will use the provider default. + url_param_only: true + required: false + immutable: true + ignore_read: true + default_from_api: true +properties: + - name: 'name' + type: String + description: | + The name of the job. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'description' + type: String + description: | + A human-readable description for the job. + This string must not contain more than 500 characters. + required: false + - name: 'schedule' + type: String + description: | + Describes the schedule on which the job will be executed. + required: false + - name: 'timeZone' + type: String + description: | + Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the tz database. + required: false + default_value: "Etc/UTC" + - name: 'state' + type: String + description: | + State of the job. + output: true + - name: 'paused' + type: Boolean + description: | + Sets the job to a paused state. Jobs default to being enabled when this property is not set. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/cloud_scheduler_paused.go.tmpl' + - name: 'attemptDeadline' + type: String + description: | + The deadline for job attempts. If the request handler does not respond by this deadline then the request is + cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in + execution logs. Cloud Scheduler will retry the job according to the RetryConfig. + The allowed duration for this deadline is: + * For HTTP targets, between 15 seconds and 30 minutes. + * For App Engine HTTP targets, between 15 seconds and 24 hours. + * **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s" + required: false + diff_suppress_func: 'tpgresource.EmptyOrDefaultStringSuppress("180s")' + default_value: "180s" + - name: 'retryConfig' + type: NestedObject + description: | + By default, if a job does not complete successfully, + meaning that an acknowledgement is not received from the handler, + then it will be retried with exponential backoff according to the settings + required: false + properties: + - name: 'retryCount' + type: Integer + description: | + The number of attempts that the system will make to run a + job using the exponential backoff procedure described by maxDoublings. + Values greater than 5 and negative values are not allowed. + required: false + default_from_api: true + at_least_one_of: + - 'retry_config.0.retry_count' + - 'retry_config.0.max_retry_duration' + - 'retry_config.0.min_backoff_duration' + - 'retry_config.0.max_backoff_duration' + - 'retry_config.0.max_doublings' + - name: 'maxRetryDuration' + type: String + description: | + The time limit for retrying a failed job, measured from time when an execution was first attempted. + If specified with retryCount, the job will be retried until both limits are reached. + A duration in seconds with up to nine fractional digits, terminated by 's'. + required: false + default_from_api: true + at_least_one_of: + - 'retry_config.0.retry_count' + - 'retry_config.0.max_retry_duration' + - 'retry_config.0.min_backoff_duration' + - 'retry_config.0.max_backoff_duration' + - 'retry_config.0.max_doublings' + - name: 'minBackoffDuration' + type: String + description: | + The minimum amount of time to wait before retrying a job after it fails. + A duration in seconds with up to nine fractional digits, terminated by 's'. + required: false + default_from_api: true + at_least_one_of: + - 'retry_config.0.retry_count' + - 'retry_config.0.max_retry_duration' + - 'retry_config.0.min_backoff_duration' + - 'retry_config.0.max_backoff_duration' + - 'retry_config.0.max_doublings' + - name: 'maxBackoffDuration' + type: String + description: | + The maximum amount of time to wait before retrying a job after it fails. + A duration in seconds with up to nine fractional digits, terminated by 's'. + required: false + default_from_api: true + at_least_one_of: + - 'retry_config.0.retry_count' + - 'retry_config.0.max_retry_duration' + - 'retry_config.0.min_backoff_duration' + - 'retry_config.0.max_backoff_duration' + - 'retry_config.0.max_doublings' + - name: 'maxDoublings' + type: Integer + description: | + The time between retries will double maxDoublings times. + A job's retry interval starts at minBackoffDuration, + then doubles maxDoublings times, then increases linearly, + and finally retries retries at intervals of maxBackoffDuration up to retryCount times. + required: false + default_from_api: true + at_least_one_of: + - 'retry_config.0.retry_count' + - 'retry_config.0.max_retry_duration' + - 'retry_config.0.min_backoff_duration' + - 'retry_config.0.max_backoff_duration' + - 'retry_config.0.max_doublings' + - name: 'pubsubTarget' + type: NestedObject + description: | + Pub/Sub target + If the job providers a Pub/Sub target the cron will publish + a message to the provided topic + exactly_one_of: + - 'pubsub_target' + - 'http_target' + - 'app_engine_http_target' + properties: + - name: 'topicName' + type: String + description: | + The full resource name for the Cloud Pub/Sub topic to which + messages will be published when a job is delivered. ~>**NOTE:** + The topic name must be in the same format as required by PubSub's + PublishRequest.name, e.g. `projects/my-project/topics/my-topic`. + required: true + - name: 'data' + type: String + description: | + The message payload for PubsubMessage. + Pubsub message must contain either non-empty data, or at least one attribute. + + A base64-encoded string. + required: false + validation: + function: 'verify.ValidateBase64String' + - name: 'attributes' + type: KeyValuePairs + description: | + Attributes for PubsubMessage. + Pubsub message must contain either non-empty data, or at least one attribute. + required: false + - name: 'appEngineHttpTarget' + type: NestedObject + description: | + App Engine HTTP target. + If the job providers a App Engine HTTP target the cron will + send a request to the service instance + exactly_one_of: + - 'pubsub_target' + - 'http_target' + - 'app_engine_http_target' + properties: + - name: 'httpMethod' + type: String + description: | + Which HTTP method to use for the request. + required: false + - name: 'appEngineRouting' + type: NestedObject + description: | + App Engine Routing setting for the job. + required: false + custom_flatten: 'templates/terraform/custom_flatten/go/cloudscheduler_job_appenginerouting.go.tmpl' + properties: + - name: 'service' + type: String + description: | + App service. + By default, the job is sent to the service which is the default service when the job is attempted. + required: false + at_least_one_of: + - 'app_engine_http_target.0.app_engine_routing.0.service' + - 'app_engine_http_target.0.app_engine_routing.0.version' + - 'app_engine_http_target.0.app_engine_routing.0.instance' + - name: 'version' + type: String + description: | + App version. + By default, the job is sent to the version which is the default version when the job is attempted. + required: false + at_least_one_of: + - 'app_engine_http_target.0.app_engine_routing.0.service' + - 'app_engine_http_target.0.app_engine_routing.0.version' + - 'app_engine_http_target.0.app_engine_routing.0.instance' + - name: 'instance' + type: String + description: | + App instance. + By default, the job is sent to an instance which is available when the job is attempted. + required: false + at_least_one_of: + - 'app_engine_http_target.0.app_engine_routing.0.service' + - 'app_engine_http_target.0.app_engine_routing.0.version' + - 'app_engine_http_target.0.app_engine_routing.0.instance' + - name: 'relativeUri' + type: String + description: | + The relative URI. + The relative URL must begin with "/" and must be a valid HTTP relative URL. + It can contain a path, query string arguments, and \# fragments. + If the relative URL is empty, then the root path "/" will be used. + No spaces are allowed, and the maximum length allowed is 2083 characters + required: true + - name: 'body' + type: String + description: | + HTTP request body. + A request body is allowed only if the HTTP method is POST or PUT. + It will result in invalid argument error to set a body on a job with an incompatible HttpMethod. + + A base64-encoded string. + required: false + validation: + function: 'verify.ValidateBase64String' + - name: 'headers' + type: KeyValuePairs + description: | + HTTP request headers. + This map contains the header field names and values. + Headers can be set when the job is created. + required: false + custom_flatten: 'templates/terraform/custom_flatten/go/http_headers.tmpl' + validation: + function: 'validateHttpHeaders()' + - name: 'httpTarget' + type: NestedObject + description: | + HTTP target. + If the job providers a http_target the cron will + send a request to the targeted url + exactly_one_of: + - 'pubsub_target' + - 'http_target' + - 'app_engine_http_target' + properties: + - name: 'uri' + type: String + description: | + The full URI path that the request will be sent to. + required: true + diff_suppress_func: 'LastSlashDiffSuppress' + - name: 'httpMethod' + type: String + description: | + Which HTTP method to use for the request. + required: false + - name: 'body' + type: String + description: | + HTTP request body. + A request body is allowed only if the HTTP method is POST, PUT, or PATCH. + It is an error to set body on a job with an incompatible HttpMethod. + + A base64-encoded string. + required: false + validation: + function: 'verify.ValidateBase64String' + - name: 'headers' + type: KeyValuePairs + description: | + This map contains the header field names and values. + Repeated headers are not supported, but a header value can contain commas. + required: false + custom_flatten: 'templates/terraform/custom_flatten/go/http_headers.tmpl' + validation: + function: 'validateHttpHeaders()' + - name: 'oauthToken' + type: NestedObject + description: | + Contains information needed for generating an OAuth token. + This type of authorization should be used when sending requests to a GCP endpoint. + diff_suppress_func: 'authHeaderDiffSuppress' + properties: + - name: 'serviceAccountEmail' + type: String + description: | + Service account email to be used for generating OAuth token. + The service account must be within the same project as the job. + required: true + - name: 'scope' + type: String + description: | + OAuth scope to be used for generating OAuth access token. If not specified, + "https://www.googleapis.com/auth/cloud-platform" will be used. + - name: 'oidcToken' + type: NestedObject + description: | + Contains information needed for generating an OpenID Connect token. + This type of authorization should be used when sending requests to third party endpoints or Cloud Run. + diff_suppress_func: 'authHeaderDiffSuppress' + properties: + - name: 'serviceAccountEmail' + type: String + description: | + Service account email to be used for generating OAuth token. + The service account must be within the same project as the job. + required: true + - name: 'audience' + type: String + description: | + Audience to be used when generating OIDC token. If not specified, + the URI specified in target will be used. diff --git a/mmv1/products/cloudscheduler/go_product.yaml b/mmv1/products/cloudscheduler/go_product.yaml new file mode 100644 index 000000000000..7ccc2903ab10 --- /dev/null +++ b/mmv1/products/cloudscheduler/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudScheduler' +display_name: 'Cloud Scheduler' +versions: + - name: 'ga' + base_url: 'https://cloudscheduler.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/cloudtasks/Queue.yaml b/mmv1/products/cloudtasks/Queue.yaml index 008f881cea49..bb79461b9a7e 100644 --- a/mmv1/products/cloudtasks/Queue.yaml +++ b/mmv1/products/cloudtasks/Queue.yaml @@ -26,7 +26,7 @@ iam_policy: !ruby/object:Api::Resource::IamPolicy ['projects/{{project}}/locations/{{location}}/queues/{{name}}', '{{name}}'] id_format: 'projects/{{project}}/locations/{{location}}/queues/{{name}}' custom_code: !ruby/object:Provider::Terraform::CustomCode - constants: 'templates/terraform/constants/cloud_tasks_retry_config_custom_diff.go' + constants: 'templates/terraform/constants/cloud_tasks_retry_config_custom_diff.go.erb' examples: - !ruby/object:Provider::Terraform::Examples name: 'queue_basic' diff --git a/mmv1/products/cloudtasks/go_Queue.yaml b/mmv1/products/cloudtasks/go_Queue.yaml new file mode 100644 index 000000000000..2b2fde3f626e --- /dev/null +++ b/mmv1/products/cloudtasks/go_Queue.yaml @@ -0,0 +1,201 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Queue' +description: | + A named resource to which messages are sent by publishers. +docs: +id_format: 'projects/{{project}}/locations/{{location}}/queues/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/queues' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/queues/{{name}}' + - '{{name}}' +custom_code: + constants: 'templates/terraform/constants/go/cloud_tasks_retry_config_custom_diff.go.tmpl' +examples: + - name: 'queue_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloud-tasks-queue-test%s", context["random_suffix"])' + vars: + name: 'cloud-tasks-queue-test' + - name: 'cloud_tasks_queue_advanced' + primary_resource_id: 'advanced_configuration' + vars: + name: 'instance-name' + ignore_read_extra: + - 'app_engine_routing_override.0.service' + - 'app_engine_routing_override.0.version' + - 'app_engine_routing_override.0.instance' +parameters: + - name: 'location' + type: String + description: The location of the queue + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: The queue name. + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/qualify_queue_name.go.tmpl' + - name: 'appEngineRoutingOverride' + type: NestedObject + description: | + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue + custom_flatten: 'templates/terraform/custom_flatten/go/cloudtasks_queue_appenginerouting.go.tmpl' + properties: + - name: 'service' + type: String + description: | + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + - name: 'version' + type: String + description: | + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + - name: 'instance' + type: String + description: | + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + - name: 'host' + type: String + description: The host that the task is sent to. + output: true + - name: 'rateLimits' + type: NestedObject + description: | + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. + default_from_api: true + properties: + - name: 'maxDispatchesPerSecond' + type: Double + description: | + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + default_from_api: true + - name: 'maxConcurrentDispatches' + type: Integer + description: | + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + default_from_api: true + - name: 'maxBurstSize' + type: Integer + description: | + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + output: true + - name: 'retryConfig' + type: NestedObject + description: Settings that determine the retry behavior. + default_from_api: true + properties: + - name: 'maxAttempts' + type: Integer + description: | + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + default_from_api: true + - name: 'maxRetryDuration' + type: String + description: | + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. + default_from_api: true + diff_suppress_func: 'suppressOmittedMaxDuration' + - name: 'minBackoff' + type: String + description: | + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + default_from_api: true + diff_suppress_func: 'tpgresource.DurationDiffSuppress' + - name: 'maxBackoff' + type: String + description: | + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + default_from_api: true + diff_suppress_func: 'tpgresource.DurationDiffSuppress' + - name: 'maxDoublings' + type: Integer + description: | + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + default_from_api: true + - name: 'stackdriverLoggingConfig' + type: NestedObject + description: | + Configuration options for writing logs to Stackdriver Logging. + properties: + - name: 'samplingRatio' + type: Double + description: | + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + required: true diff --git a/mmv1/products/cloudtasks/go_product.yaml b/mmv1/products/cloudtasks/go_product.yaml new file mode 100644 index 000000000000..a9b433bcb3ab --- /dev/null +++ b/mmv1/products/cloudtasks/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'CloudTasks' +display_name: 'Cloud Tasks' +versions: + - name: 'ga' + base_url: 'https://cloudtasks.googleapis.com/v2/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/composer/UserWorkloadsConfigMap.yaml b/mmv1/products/composer/UserWorkloadsConfigMap.yaml new file mode 100644 index 000000000000..2547f63aca1c --- /dev/null +++ b/mmv1/products/composer/UserWorkloadsConfigMap.yaml @@ -0,0 +1,75 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'UserWorkloadsConfigMap' +description: | + User workloads ConfigMap used by Airflow tasks that run with Kubernetes Executor or KubernetesPodOperator. + Intended for Composer 3 Environments. +references: !ruby/object:Api::Resource::ReferenceLinks + # TODO: add v1 reference when this is moved to ga + api: https://cloud.google.com/composer/docs/reference/rest/v1beta1/projects.locations.environments.userWorkloadsConfigMaps + +min_version: beta + +base_url: projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsConfigMaps +self_link: projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsConfigMaps/{{name}} + +# Overrides one or more timeouts, in minutes. All timeouts default to 20. +timeouts: !ruby/object:Api::Timeouts + insert_minutes: 1 + update_minutes: 1 + delete_minutes: 1 + +examples: + - !ruby/object:Provider::Terraform::Examples + name: "composer_user_workloads_config_map_basic" + primary_resource_id: "config_map" + vars: + environment_name: "test-environment" + config_map_name: "test-config-map" + +parameters: + - !ruby/object:Api::Type::String + name: 'region' + immutable: true + default_from_api: true + url_param_only: true + description: | + The location or Compute Engine region for the environment. + - !ruby/object:Api::Type::String + name: 'environment' + required: true + immutable: true + url_param_only: true + validation: !ruby/object:Provider::Terraform::Validation + function: 'verify.ValidateGCEName' + description: | + Environment where the Kubernetes ConfigMap will be stored and used. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + custom_expand: 'templates/terraform/custom_expand/shortname_to_url.go.erb' + validation: !ruby/object:Provider::Terraform::Validation + function: 'verify.ValidateGCEName' + description: | + Name of the Kubernetes ConfigMap. + - !ruby/object:Api::Type::KeyValuePairs + name: 'data' + immutable: false + description: | + The "data" field of Kubernetes ConfigMap, organized in key-value pairs. + For details see: https://kubernetes.io/docs/concepts/configuration/configmap/ diff --git a/mmv1/products/composer/go_UserWorkloadsConfigMap.yaml b/mmv1/products/composer/go_UserWorkloadsConfigMap.yaml new file mode 100644 index 000000000000..3d1da0e594ff --- /dev/null +++ b/mmv1/products/composer/go_UserWorkloadsConfigMap.yaml @@ -0,0 +1,74 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'UserWorkloadsConfigMap' +description: | + User workloads ConfigMap used by Airflow tasks that run with Kubernetes Executor or KubernetesPodOperator. + Intended for Composer 3 Environments. +min_version: 'beta' +references: + guides: + api: 'https://cloud.google.com/composer/docs/reference/rest/v1beta1/projects.locations.environments.userWorkloadsConfigMaps' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsConfigMaps' +self_link: 'projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsConfigMaps/{{name}}' +timeouts: + insert_minutes: 1 + update_minutes: 1 + delete_minutes: 1 +examples: + - name: 'composer_user_workloads_config_map_basic' + primary_resource_id: 'config_map' + vars: + environment_name: 'test-environment' + config_map_name: 'test-config-map' +parameters: + - name: 'region' + type: String + description: | + The location or Compute Engine region for the environment. + min_version: 'beta' + url_param_only: true + immutable: true + default_from_api: true + - name: 'environment' + type: String + description: | + Environment where the Kubernetes ConfigMap will be stored and used. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' +properties: + - name: 'name' + type: String + description: | + Name of the Kubernetes ConfigMap. + min_version: 'beta' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + validation: + function: 'verify.ValidateGCEName' + - name: 'data' + type: KeyValuePairs + description: | + The "data" field of Kubernetes ConfigMap, organized in key-value pairs. + For details see: https://kubernetes.io/docs/concepts/configuration/configmap/ + min_version: 'beta' + immutable: false diff --git a/mmv1/products/composer/go_product.yaml b/mmv1/products/composer/go_product.yaml new file mode 100644 index 000000000000..b31aa785cd7c --- /dev/null +++ b/mmv1/products/composer/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Composer' +display_name: 'Cloud Composer' +versions: + - name: 'ga' + base_url: 'https://composer.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://composer.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/composer/product.yaml b/mmv1/products/composer/product.yaml new file mode 100644 index 000000000000..d8184e1643c5 --- /dev/null +++ b/mmv1/products/composer/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Composer +display_name: Cloud Composer +scopes: + - https://www.googleapis.com/auth/cloud-platform +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://composer.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://composer.googleapis.com/v1beta1/ diff --git a/mmv1/products/compute/Address.yaml b/mmv1/products/compute/Address.yaml index e137f2286548..de0f0398c124 100644 --- a/mmv1/products/compute/Address.yaml +++ b/mmv1/products/compute/Address.yaml @@ -165,7 +165,6 @@ properties: configure Private Service Connect. Only global internal addresses can use this purpose. - This should only be set when using an Internal address. default_from_api: true - !ruby/object:Api::Type::Enum diff --git a/mmv1/products/compute/Autoscaler.yaml b/mmv1/products/compute/Autoscaler.yaml index f62d4f9a1b99..f2db0fd9d46f 100644 --- a/mmv1/products/compute/Autoscaler.yaml +++ b/mmv1/products/compute/Autoscaler.yaml @@ -137,6 +137,7 @@ properties: to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas. + send_empty_value: true required: true - !ruby/object:Api::Type::Integer name: 'cooldownPeriod' diff --git a/mmv1/products/compute/BackendService.yaml b/mmv1/products/compute/BackendService.yaml index 042f90f8a2a7..e0317c855539 100644 --- a/mmv1/products/compute/BackendService.yaml +++ b/mmv1/products/compute/BackendService.yaml @@ -165,6 +165,8 @@ properties: See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) for an explanation of load balancing modes. + + From version 6.0.0 default value will be UTILIZATION to match default GCP value. - !ruby/object:Api::Type::Double name: 'capacityScaler' send_empty_value: true @@ -832,7 +834,6 @@ properties: UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. - This field is applicable to either: * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, @@ -842,7 +843,6 @@ properties: Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. - If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. @@ -964,6 +964,9 @@ properties: Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. + + From version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value. + Default values are enforce by GCP without providing them. properties: - !ruby/object:Api::Type::NestedObject name: 'baseEjectionTime' @@ -1248,22 +1251,47 @@ properties: properties: - !ruby/object:Api::Type::ResourceRef name: 'clientTlsPolicy' - resource: 'Region' # TODO: 'Region' is incorrect and should be 'ClientTlsPolicy' + resource: 'ClientTlsPolicy' imports: 'name' description: | ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource. - required: true - custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' - !ruby/object:Api::Type::Array name: 'subjectAltNames' description: | A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values. - required: true item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'awsV4Authentication' + description: | + The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. + Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. + properties: + - !ruby/object:Api::Type::String + name: 'accessKeyId' + description: | + The identifier of an access key used for s3 bucket authentication. + - !ruby/object:Api::Type::String + name: 'accessKey' + ignore_read: true + sensitive: true + send_empty_value: true + description: | + The access key used for s3 bucket authentication. + Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. + - !ruby/object:Api::Type::String + name: 'accessKeyVersion' + description: | + The optional version identifier for the access key. You can use this to keep track of different iterations of your access key. + - !ruby/object:Api::Type::String + name: 'originRegion' + description: | + The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. + For example, "us-east-1" for AWS or "us-ashburn-1" for OCI. - !ruby/object:Api::Type::Enum name: 'sessionAffinity' description: | @@ -1281,8 +1309,10 @@ properties: - !ruby/object:Api::Type::Integer name: 'timeoutSec' description: | - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. + The backend service timeout has a different meaning depending on the type of load balancer. + For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). + The default is 30 seconds. + The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. default_from_api: true - !ruby/object:Api::Type::NestedObject name: 'logConfig' @@ -1311,3 +1341,8 @@ properties: The default value is 1.0. default_value: 1.0 diff_suppress_func: 'suppressWhenDisabled' + - !ruby/object:Api::Type::String + name: 'serviceLbPolicy' + description: | + URL to networkservices.ServiceLbPolicy resource. + Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global. diff --git a/mmv1/products/compute/Disk.yaml b/mmv1/products/compute/Disk.yaml index 686bc6fcbd04..2f794dbc11e9 100644 --- a/mmv1/products/compute/Disk.yaml +++ b/mmv1/products/compute/Disk.yaml @@ -362,7 +362,7 @@ properties: disk interfaces are automatically determined on attachment. description: | Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. - diff_suppress_func: 'tpgresource.AlwaysDiffSuppress' + diff_suppress_func: AlwaysDiffSuppress - !ruby/object:Api::Type::String name: 'sourceDisk' description: | @@ -484,24 +484,11 @@ properties: is_set: true item_type: !ruby/object:Api::Type::NestedObject properties: - - !ruby/object:Api::Type::Enum + - !ruby/object:Api::Type::String name: 'type' required: true description: | The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. - values: - - :MULTI_IP_SUBNET - - :SECURE_BOOT - - :SEV_CAPABLE - - :UEFI_COMPATIBLE - - :VIRTIO_SCSI_MULTIQUEUE - - :WINDOWS - - :GVNIC - - :SEV_LIVE_MIGRATABLE - - :SEV_SNP_CAPABLE - - :SUSPEND_RESUME_COMPATIBLE - - :TDX_CAPABLE - - :SEV_LIVE_MIGRATABLE_V2 - !ruby/object:Api::Type::Array name: 'licenses' description: Any applicable license URI. @@ -513,3 +500,14 @@ properties: resource: 'License' imports: 'selfLink' custom_expand: 'templates/terraform/custom_expand/array_resourceref_with_validation.go.erb' + - !ruby/object:Api::Type::String + name: 'storagePool' + required: false + immutable: true + description: | + The URL of the storage pool in which the new disk is created. + For example: + * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/storagePools/{storagePool} + * /projects/{project}/zones/{zone}/storagePools/{storagePool} + diff_suppress_func: 'tpgresource.CompareResourceNames' + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' diff --git a/mmv1/products/compute/Firewall.yaml b/mmv1/products/compute/Firewall.yaml index ffab94521dab..b549b9f09edb 100644 --- a/mmv1/products/compute/Firewall.yaml +++ b/mmv1/products/compute/Firewall.yaml @@ -167,6 +167,7 @@ properties: description: | An optional description of this resource. Provide this property when you create the resource. + send_empty_value: true - !ruby/object:Api::Type::Array name: 'destinationRanges' description: | diff --git a/mmv1/products/compute/ForwardingRule.yaml b/mmv1/products/compute/ForwardingRule.yaml index d0258cfdf70a..e3877f30bdb7 100644 --- a/mmv1/products/compute/ForwardingRule.yaml +++ b/mmv1/products/compute/ForwardingRule.yaml @@ -220,6 +220,12 @@ custom_code: !ruby/object:Provider::Terraform::CustomCode custom_diff: [ 'forwardingRuleCustomizeDiff', ] +virtual_fields: + - !ruby/object:Api::Type::Boolean + name: recreate_closed_psc + description: + This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed + default_value: false parameters: - !ruby/object:Api::Type::ResourceRef name: 'region' @@ -280,7 +286,6 @@ properties: * When the `target` is a Private Service Connect Google APIs bundle, you must specify an `IPAddress`. - Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. @@ -298,7 +303,6 @@ properties: * `global/addresses/address-name` * `address-name` - The forwarding rule's `target` or `backendService`, and in most cases, also the `loadBalancingScheme`, determine the type of IP address that you can use. For detailed information, see @@ -308,7 +312,7 @@ properties: When reading an `IPAddress`, the API always returns the IP address number. default_from_api: true - diff_suppress_func: 'tpgresource.InternalIpDiffSuppress' + diff_suppress_func: InternalIpDiffSuppress - !ruby/object:Api::Type::Enum name: 'IPProtocol' description: | @@ -426,7 +430,7 @@ properties: cannot have overlapping `portRange`s. @pattern: \d+(?:-\d+)? - diff_suppress_func: 'tpgresource.PortRangeDiffSuppress' + diff_suppress_func: PortRangeDiffSuppress default_from_api: true - !ruby/object:Api::Type::Array name: 'ports' @@ -488,12 +492,18 @@ properties: * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). - For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. update_verb: :POST update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setTarget' diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' custom_expand: 'templates/terraform/custom_expand/self_link_from_name.erb' + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' + update_verb: :POST - !ruby/object:Api::Type::Boolean name: 'allowGlobalAccess' description: | @@ -515,13 +525,6 @@ properties: Labels to apply to this forwarding rule. A list of key->value pairs. update_verb: :POST update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' - update_verb: :POST - !ruby/object:Api::Type::Boolean name: 'allPorts' description: | @@ -656,9 +659,3 @@ properties: - :IPV6 immutable: true default_from_api: true -virtual_fields: - - !ruby/object:Api::Type::Boolean - name: recreate_closed_psc - description: - This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed - default_value: false diff --git a/mmv1/products/compute/GlobalAddress.yaml b/mmv1/products/compute/GlobalAddress.yaml index de7ef1a6bd01..c268004792ac 100644 --- a/mmv1/products/compute/GlobalAddress.yaml +++ b/mmv1/products/compute/GlobalAddress.yaml @@ -93,7 +93,6 @@ properties: Labels to apply to this address. A list of key->value pairs. update_verb: :POST update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' - min_version: beta - !ruby/object:Api::Type::Fingerprint name: 'labelFingerprint' description: | diff --git a/mmv1/products/compute/GlobalForwardingRule.yaml b/mmv1/products/compute/GlobalForwardingRule.yaml index b287c5445545..a8c365e59bb6 100644 --- a/mmv1/products/compute/GlobalForwardingRule.yaml +++ b/mmv1/products/compute/GlobalForwardingRule.yaml @@ -25,8 +25,7 @@ description: | balancing. Global forwarding rules can only be used for HTTP load balancing. - For more information, see - https://cloud.google.com/compute/docs/load-balancing/http/ + For more information, see https://cloud.google.com/compute/docs/load-balancing/http/ async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation kind: 'compute#operation' @@ -238,7 +237,6 @@ properties: * When the `target` is a Private Service Connect Google APIs bundle, you must specify an `IPAddress`. - Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. @@ -256,7 +254,6 @@ properties: * `global/addresses/address-name` * `address-name` - The forwarding rule's `target`, and in most cases, also the `loadBalancingScheme`, determine the type of IP address that you can use. For detailed information, see @@ -266,7 +263,7 @@ properties: When reading an `IPAddress`, the API always returns the IP address number. default_from_api: true - diff_suppress_func: 'tpgresource.InternalIpDiffSuppress' + diff_suppress_func: InternalIpDiffSuppress - !ruby/object:Api::Type::Enum name: 'IPProtocol' description: | @@ -443,7 +440,7 @@ properties: cannot have overlapping `portRange`s. @pattern: \d+(?:-\d+)? - diff_suppress_func: 'tpgresource.PortRangeDiffSuppress' + diff_suppress_func: PortRangeDiffSuppress # This is a multi-resource resource reference (TargetHttp(s)Proxy, # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, # TargetInstance) @@ -479,7 +476,6 @@ properties: * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). - For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. update_verb: :POST update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setTarget' diff --git a/mmv1/products/compute/HaVpnGateway.yaml b/mmv1/products/compute/HaVpnGateway.yaml new file mode 100644 index 000000000000..a0435e33e39f --- /dev/null +++ b/mmv1/products/compute/HaVpnGateway.yaml @@ -0,0 +1,167 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'HaVpnGateway' +kind: 'compute#vpnGateway' +base_url: projects/{{project}}/regions/{{region}}/vpnGateways +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a VPN gateway running in GCP. This virtual device is managed + by Google, but used only by you. This type of VPN Gateway allows for the creation + of VPN solutions with higher availability than classic Target VPN Gateways. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Choosing a VPN': https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn + 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' + api: https://cloud.google.com/compute/docs/reference/rest/v1/vpnGateways +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'ha_vpn_gateway_basic' + primary_resource_id: 'ha_gateway1' + vars: + ha_vpn_gateway1_name: 'ha-vpn-1' + network1_name: 'network1' + - !ruby/object:Provider::Terraform::Examples + name: 'ha_vpn_gateway_ipv6' + primary_resource_id: 'ha_gateway1' + vars: + ha_vpn_gateway1_name: 'ha-vpn-1' + network1_name: 'network1' + - !ruby/object:Provider::Terraform::Examples + name: 'ha_vpn_gateway_gcp_to_gcp' + primary_resource_id: + 'ha_gateway1' + # Multiple fine-grained resources + skip_vcr: true + skip_test: true + skip_docs: true + vars: + ha_vpn_gateway1_name: 'ha-vpn-1' + network1_name: 'network1' + router1_name: 'ha-vpn-router1' + ha_vpn_gateway2_name: 'ha-vpn-2' + network2_name: 'network2' + router2_name: 'ha-vpn-router2' + - !ruby/object:Provider::Terraform::Examples + name: 'compute_ha_vpn_gateway_encrypted_interconnect' + primary_resource_id: + 'vpn-gateway' + # TODO: https://github.com/hashicorp/terraform-provider-google/issues/11504 + skip_test: true + vars: + ha_vpn_gateway_name: 'test-ha-vpngw' + interconnect_attachment1_name: 'test-interconnect-attachment1' + interconnect_attachment2_name: 'test-interconnect-attachment2' + address1_name: 'test-address1' + address2_name: 'test-address2' + router_name: 'test-router' + network_name: 'test-network' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + The region this gateway should sit in. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + validation: !ruby/object:Provider::Terraform::Validation + function: 'verify.ValidateGCEName' + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The network this VPN gateway is accepting traffic for. + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' + - !ruby/object:Api::Type::Enum + name: 'stackType' + description: | + The stack type for this VPN gateway to identify the IP protocols that are enabled. + If not specified, IPV4_ONLY will be used. + default_value: :IPV4_ONLY + values: + - :IPV4_ONLY + - :IPV4_IPV6 + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb' + - !ruby/object:Api::Type::Array + name: 'vpnInterfaces' + description: | + A list of interfaces on this VPN gateway. + default_from_api: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The numeric ID of this VPN gateway interface.' + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: 'The external IP address for this VPN gateway interface.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'interconnectAttachment' + resource: 'InterconnectAttachment' + imports: 'selfLink' + description: | + URL of the interconnect attachment resource. When the value + of this field is present, the VPN Gateway will be used for + IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the + specified interconnect attachment resource. + + Not currently available publicly. + custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' + immutable: true diff --git a/mmv1/products/compute/HealthCheck.yaml b/mmv1/products/compute/HealthCheck.yaml index f0e233c595a2..4f5b45c9b6b0 100644 --- a/mmv1/products/compute/HealthCheck.yaml +++ b/mmv1/products/compute/HealthCheck.yaml @@ -170,6 +170,30 @@ properties: The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec. default_value: 5 + - !ruby/object:Api::Type::Array + name: 'sourceRegions' + item_type: Api::Type::String + min_size: 3 + max_size: 3 + min_version: beta + description: | + The list of cloud regions from which health checks are performed. If + any regions are specified, then exactly 3 regions should be specified. + The region names must be valid names of Google Cloud regions. This can + only be set for global health check. If this list is non-empty, then + there are restrictions on what other health check fields are supported + and what other resources can use this health check: + + * SSL, HTTP2, and GRPC protocols are not supported. + + * The TCP request field is not supported. + + * The proxyHeader field for HTTP, HTTPS, and TCP is not supported. + + * The checkIntervalSec field must be at least 30. + + * The health check cannot be used with BackendService nor with managed + instance group auto-healing. - !ruby/object:Api::Type::Integer name: 'unhealthyThreshold' description: | diff --git a/mmv1/products/compute/HttpHealthCheck.yaml b/mmv1/products/compute/HttpHealthCheck.yaml index a49f63feb4bc..e826da96bf2b 100644 --- a/mmv1/products/compute/HttpHealthCheck.yaml +++ b/mmv1/products/compute/HttpHealthCheck.yaml @@ -21,7 +21,6 @@ description: | An HttpHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTP. - ~> **Note:** google_compute_http_health_check is a legacy health check. The newer [google_compute_health_check](/docs/providers/google/r/compute_health_check.html) should be preferred for all uses except diff --git a/mmv1/products/compute/HttpsHealthCheck.yaml b/mmv1/products/compute/HttpsHealthCheck.yaml index c8ca925f0989..aeb352b1f5f8 100644 --- a/mmv1/products/compute/HttpsHealthCheck.yaml +++ b/mmv1/products/compute/HttpsHealthCheck.yaml @@ -21,7 +21,6 @@ description: | An HttpsHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTPS. - ~> **Note:** google_compute_https_health_check is a legacy health check. The newer [google_compute_health_check](/docs/providers/google/r/compute_health_check.html) should be preferred for all uses except diff --git a/mmv1/products/compute/Instance.yaml b/mmv1/products/compute/Instance.yaml index e3912dac2c84..72d208dcab1e 100644 --- a/mmv1/products/compute/Instance.yaml +++ b/mmv1/products/compute/Instance.yaml @@ -526,7 +526,6 @@ properties: - !ruby/object:Api::Type::ResourceRef name: 'networkAttachment' resource: 'networkAttachment' - min_version: beta imports: 'selfLink' description: | The URL of the network attachment that this interface should connect to in the following format: @@ -610,9 +609,9 @@ properties: at_least_one_of: - confidential_instance_config.0.enable_confidential_compute - confidential_instance_config.0.confidential_instance_type + deprecation_message: "`enableConfidentialCompute` is deprecated and will be removed in a future major release. Use `confidentialInstanceType: SEV` instead." - !ruby/object:Api::Type::Enum name: 'confidentialInstanceType' - min_version: beta description: | The confidential computing technology the instance uses. SEV is an AMD feature. One of the following values: SEV, SEV_SNP. diff --git a/mmv1/products/compute/InstanceGroup.yaml b/mmv1/products/compute/InstanceGroup.yaml index 933fc5894f6d..e0f5cd7f1126 100644 --- a/mmv1/products/compute/InstanceGroup.yaml +++ b/mmv1/products/compute/InstanceGroup.yaml @@ -50,26 +50,6 @@ parameters: description: 'A reference to the zone where the instance group resides.' required: true custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' - - !ruby/object:Api::Type::Array - name: 'instances' - description: | - The list of instances associated with this InstanceGroup. - All instances must be created before being added to an InstanceGroup. - All instances not in this list will be removed from the InstanceGroup - and will not be deleted. - Only the full identifier of the instance will be returned. - - !> **WARNING** If a user will be recreating instances under the same name - (eg. via `terraform taint`), please consider adding instances to an instance - group via the `instance_group_membership` resource, along side the - `replace_triggered_by` lifecycle method with an instance's ID. - exclude: true - item_type: !ruby/object:Api::Type::ResourceRef - name: 'instance' - description: 'An instance being added to the InstanceGroup' - resource: 'Instance' - imports: 'selfLink' - custom_expand: 'templates/terraform/custom_expand/array_resourceref_with_validation.go.erb' properties: - !ruby/object:Api::Type::Time name: 'creationTimestamp' diff --git a/mmv1/products/compute/Interconnect.yaml b/mmv1/products/compute/Interconnect.yaml index 4ccbbf8062d3..4fd70f35d235 100644 --- a/mmv1/products/compute/Interconnect.yaml +++ b/mmv1/products/compute/Interconnect.yaml @@ -59,6 +59,8 @@ examples: primary_resource_id: 'example-interconnect' vars: interconnect_name: 'example-interconnect' +custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/interconnect.go.erb properties: - !ruby/object:Api::Type::String name: 'description' @@ -120,6 +122,7 @@ properties: - :IT_PRIVATE required: true immutable: true + diff_suppress_func: InterconnectTypeDiffSuppress - !ruby/object:Api::Type::Boolean name: 'adminEnabled' send_empty_value: true @@ -146,7 +149,7 @@ properties: - !ruby/object:Api::Type::Enum name: 'operationalStatus' description: | - The current status of this Interconnect's functionality, which can take one of the following values: + The current status of this Interconnect's functionality, which can take one of the following: - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may be provisioned on this Interconnect. - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be diff --git a/mmv1/products/compute/ManagedSslCertificate.yaml b/mmv1/products/compute/ManagedSslCertificate.yaml index 106e07944520..030079063920 100644 --- a/mmv1/products/compute/ManagedSslCertificate.yaml +++ b/mmv1/products/compute/ManagedSslCertificate.yaml @@ -74,6 +74,8 @@ docs: !ruby/object:Provider::Terraform::Docs certificates may entail some downtime while the certificate provisions. In conclusion: Be extremely cautious. +custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/compute_managed_ssl_certificate.go.erb examples: - !ruby/object:Provider::Terraform::Examples name: 'managed_ssl_certificate_basic' @@ -117,7 +119,6 @@ properties: characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - These are in the same namespace as the managed SSL certificates. - !ruby/object:Api::Type::NestedObject name: 'managed' @@ -132,7 +133,7 @@ properties: there can be up to 100 domains in this list. max_size: 100 required: true - diff_suppress_func: 'tpgresource.AbsoluteDomainSuppress' + diff_suppress_func: 'AbsoluteDomainSuppress' item_type: Api::Type::String - !ruby/object:Api::Type::Enum name: 'type' diff --git a/mmv1/products/compute/NetworkAttachment.yaml b/mmv1/products/compute/NetworkAttachment.yaml index 95eb9d46418a..dbe41ddb2572 100644 --- a/mmv1/products/compute/NetworkAttachment.yaml +++ b/mmv1/products/compute/NetworkAttachment.yaml @@ -13,7 +13,6 @@ --- !ruby/object:Api::Resource name: 'NetworkAttachment' -min_version: beta kind: 'compute#networkAttachment' description: | A network attachment is a resource that lets a producer Virtual Private Cloud (VPC) network initiate connections to a consumer VPC network through a Private Service Connect interface. @@ -57,6 +56,7 @@ examples: billing_account: :BILLING_ACCT - !ruby/object:Provider::Terraform::Examples name: 'network_attachment_instance_usage' + min_version: beta primary_resource_id: 'default' vars: resource_name: 'basic-network-attachment' diff --git a/mmv1/products/compute/NetworkEdgeSecurityService.yaml b/mmv1/products/compute/NetworkEdgeSecurityService.yaml index a5008336f155..7241dfd28fdb 100644 --- a/mmv1/products/compute/NetworkEdgeSecurityService.yaml +++ b/mmv1/products/compute/NetworkEdgeSecurityService.yaml @@ -25,7 +25,7 @@ update_mask: true skip_sweeper: true references: !ruby/object:Api::Resource::ReferenceLinks guides: - 'Official Documentation': 'https://cloud.google.com/armor/docs/advanced-network-ddos?hl=pt-br#activate_advanced_network_ddos_protection' + 'Official Documentation': 'https://cloud.google.com/armor/docs/advanced-network-ddos' api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networkEdgeSecurityServices' description: | Google Cloud Armor network edge security service resource. diff --git a/mmv1/products/compute/NetworkEndpointGroup.yaml b/mmv1/products/compute/NetworkEndpointGroup.yaml index f37a3365d013..dfda899db1d6 100644 --- a/mmv1/products/compute/NetworkEndpointGroup.yaml +++ b/mmv1/products/compute/NetworkEndpointGroup.yaml @@ -55,6 +55,8 @@ async: !ruby/object:Api::OpAsync error: !ruby/object:Api::OpAsync::Error path: 'error/errors' message: 'message' +custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/compute_network_endpoint_group.go.erb examples: - !ruby/object:Provider::Terraform::Examples name: 'network_endpoint_group' @@ -139,7 +141,7 @@ properties: imports: 'selfLink' description: | Optional subnetwork to which all network endpoints in the NEG belong. - diff_suppress_func: 'tpgresource.CompareOptionalSubnet' + diff_suppress_func: 'compareOptionalSubnet' custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' - !ruby/object:Api::Type::Integer name: 'defaultPort' diff --git a/mmv1/products/compute/ProjectCloudArmorTier.yaml b/mmv1/products/compute/ProjectCloudArmorTier.yaml new file mode 100644 index 000000000000..b68e13b09890 --- /dev/null +++ b/mmv1/products/compute/ProjectCloudArmorTier.yaml @@ -0,0 +1,73 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ProjectCloudArmorTier' +base_url: 'projects/{{project}}' +create_url: 'projects/{{project}}/setCloudArmorTier' +update_url: 'projects/{{project}}/setCloudArmorTier' +read_query_params: '?fields=cloudArmorTier' +create_verb: :POST +update_verb: :POST +description: | + Sets the Cloud Armor tier of the project. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Subscribing to Cloud Armor Enterprise': 'https://cloud.google.com/armor/docs/managed-protection-overview#subscribing_to_plus' + api: + 'https://cloud.google.com/compute/docs/reference/rest/v1/projects/setCloudArmorTier' +id_format: 'projects/{{project}}' +import_format: ['projects/{{project}}'] +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'compute_project_cloud_armor_tier_basic' + skip_test: true + primary_resource_id: 'cloud_armor_tier_config' + - !ruby/object:Provider::Terraform::Examples + name: 'compute_project_cloud_armor_tier_project_set' + skip_test: true + primary_resource_id: 'cloud_armor_tier_config' + vars: + project_id: 'your_project_id' + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +custom_code: !ruby/object:Provider::Terraform::CustomCode + custom_delete: templates/terraform/custom_delete/only_remove_from_state.go.erb +properties: + - !ruby/object:Api::Type::Enum + name: 'cloudArmorTier' + required: true + description: | + Managed protection tier to be set. + values: + - :CA_STANDARD + - :CA_ENTERPRISE_PAYGO diff --git a/mmv1/products/compute/PublicAdvertisedPrefix.yaml b/mmv1/products/compute/PublicAdvertisedPrefix.yaml index f7a0ad456ddd..7394c1646dbf 100644 --- a/mmv1/products/compute/PublicAdvertisedPrefix.yaml +++ b/mmv1/products/compute/PublicAdvertisedPrefix.yaml @@ -50,7 +50,7 @@ examples: vars: prefixes_name: 'my-prefix' test_env_vars: - description: :PAP_DESCRIPTION + desc: :PAP_DESCRIPTION properties: - !ruby/object:Api::Type::String name: 'description' @@ -75,3 +75,8 @@ properties: The IPv4 address range, in CIDR format, represented by this public advertised prefix. required: true + - !ruby/object:Api::Type::String + name: 'sharedSecret' + output: true + description: | + Output Only. The shared secret to be used for reverse DNS verification. diff --git a/mmv1/products/compute/PublicDelegatedPrefix.yaml b/mmv1/products/compute/PublicDelegatedPrefix.yaml index acc9de931b7d..7c29df155474 100644 --- a/mmv1/products/compute/PublicDelegatedPrefix.yaml +++ b/mmv1/products/compute/PublicDelegatedPrefix.yaml @@ -50,7 +50,7 @@ examples: vars: prefixes_name: 'my-prefix' test_env_vars: - description: :PAP_DESCRIPTION + desc: :PAP_DESCRIPTION properties: - !ruby/object:Api::Type::String name: 'region' diff --git a/mmv1/products/compute/RegionAutoscaler.yaml b/mmv1/products/compute/RegionAutoscaler.yaml index fa9991ee61aa..9156b1970aa1 100644 --- a/mmv1/products/compute/RegionAutoscaler.yaml +++ b/mmv1/products/compute/RegionAutoscaler.yaml @@ -117,6 +117,7 @@ properties: to. This is required when creating or updating an autoscaler. The maximum number of replicas should not be lower than minimal number of replicas. + send_empty_value: true required: true - !ruby/object:Api::Type::Integer name: 'cooldownPeriod' diff --git a/mmv1/products/compute/RegionBackendService.yaml b/mmv1/products/compute/RegionBackendService.yaml index 681687d2cd76..9b62faaad6f8 100644 --- a/mmv1/products/compute/RegionBackendService.yaml +++ b/mmv1/products/compute/RegionBackendService.yaml @@ -164,6 +164,8 @@ properties: See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) for an explanation of load balancing modes. + + From version 6.0.0 default value will be UTILIZATION to match default GCP value. - !ruby/object:Api::Type::Double name: 'capacityScaler' description: | @@ -658,6 +660,8 @@ properties: description: | Time for which instance will be drained (not accept new connections, but still work to finish started). + + From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. - !ruby/object:Api::Type::Time name: 'creationTimestamp' description: | @@ -838,7 +842,6 @@ properties: UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. - This field is applicable to either: * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, @@ -848,7 +851,6 @@ properties: Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. - If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. @@ -873,6 +875,9 @@ properties: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. + + From version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value. + Default values are enforce by GCP without providing them. properties: - !ruby/object:Api::Type::NestedObject name: 'baseEjectionTime' @@ -1225,8 +1230,10 @@ properties: - !ruby/object:Api::Type::Integer name: 'timeoutSec' description: | - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. + The backend service timeout has a different meaning depending on the type of load balancer. + For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). + The default is 30 seconds. + The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. default_from_api: true - !ruby/object:Api::Type::NestedObject name: 'logConfig' diff --git a/mmv1/products/compute/RegionDisk.yaml b/mmv1/products/compute/RegionDisk.yaml index d421a950923f..e03aad8c4431 100644 --- a/mmv1/products/compute/RegionDisk.yaml +++ b/mmv1/products/compute/RegionDisk.yaml @@ -308,7 +308,7 @@ properties: disk interfaces are automatically determined on attachment. description: | Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. - diff_suppress_func: 'tpgresource.AlwaysDiffSuppress' + diff_suppress_func: AlwaysDiffSuppress - !ruby/object:Api::Type::String name: 'sourceDisk' description: | diff --git a/mmv1/products/compute/RegionGroupInstanceManager.yaml b/mmv1/products/compute/RegionInstanceGroupManager.yaml similarity index 100% rename from mmv1/products/compute/RegionGroupInstanceManager.yaml rename to mmv1/products/compute/RegionInstanceGroupManager.yaml diff --git a/mmv1/products/compute/RegionNetworkEndpoint.yaml b/mmv1/products/compute/RegionNetworkEndpoint.yaml index 81d31f7e1f6e..9350e1fa0437 100644 --- a/mmv1/products/compute/RegionNetworkEndpoint.yaml +++ b/mmv1/products/compute/RegionNetworkEndpoint.yaml @@ -73,6 +73,20 @@ examples: vars: neg_name: 'fqdn-port-neg' network_name: 'network' + - !ruby/object:Provider::Terraform::Examples + name: 'region_network_endpoint_portmap' + primary_resource_id: 'region_network_endpoint_portmap' + min_version: 'beta' + # Fine-grained resource need different autogenerated tests, as + # we need to check destroy during a test step where the parent resource + # still exists, rather than during CheckDestroy (when read returns + # nothing because the parent resource has then also been destroyed) + skip_test: true + vars: + network_name: 'network' + subnetwork_name: 'subnetwork' + instance_name: 'instance' + neg_name: 'portmap-neg' custom_code: !ruby/object:Provider::Terraform::CustomCode pre_delete: templates/terraform/pre_delete/compute_region_network_endpoint.go.erb custom_import: templates/terraform/custom_import/compute_region_network_endpoint.go.erb @@ -123,3 +137,17 @@ properties: Fully qualified domain name of network endpoint. This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + - !ruby/object:Api::Type::Integer + name: 'clientDestinationPort' + custom_flatten: templates/terraform/custom_flatten/float64_to_int.go.erb + description: | + Client destination port for the `GCE_VM_IP_PORTMAP` NEG. + min_version: 'beta' + - !ruby/object:Api::Type::ResourceRef + name: 'instance' + resource: 'Instance' + imports: 'name' + min_version: 'beta' + description: | + The name for a specific VM instance that the IP address belongs to. + This is required for network endpoints of type GCE_VM_IP_PORTMAP. diff --git a/mmv1/products/compute/RegionNetworkEndpointGroup.yaml b/mmv1/products/compute/RegionNetworkEndpointGroup.yaml index 177ce9001bf1..7a9ac6a9376b 100644 --- a/mmv1/products/compute/RegionNetworkEndpointGroup.yaml +++ b/mmv1/products/compute/RegionNetworkEndpointGroup.yaml @@ -24,7 +24,8 @@ references: !ruby/object:Api::Resource::ReferenceLinks 'Internet NEGs Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts' api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups' description: | - A regional NEG that can support Serverless Products and proxying traffic to external backends. + A regional NEG that can support Serverless Products, proxying traffic to + external backends and providing traffic to the PSC port mapping endpoints. Recreating a region network endpoint group that's in use by another resource will give a `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` @@ -102,6 +103,14 @@ examples: vars: neg_name: 'ip-port-neg' network_name: 'network' + - !ruby/object:Provider::Terraform::Examples + name: 'region_network_endpoint_group_portmap' + primary_resource_id: 'region_network_endpoint_group_portmap' + min_version: 'beta' + vars: + network_name: 'network' + subnetwork_name: 'subnetwork' + neg_name: 'portmap-neg' parameters: - !ruby/object:Api::Type::ResourceRef name: 'region' @@ -139,6 +148,7 @@ properties: - :PRIVATE_SERVICE_CONNECT - :INTERNET_IP_PORT - :INTERNET_FQDN_PORT + - :GCE_VM_IP_PORTMAP default_value: :SERVERLESS - !ruby/object:Api::Type::String name: 'pscTargetService' diff --git a/mmv1/products/compute/RegionSslCertificate.yaml b/mmv1/products/compute/RegionSslCertificate.yaml index 0dd28ac101af..c81793ce98ca 100644 --- a/mmv1/products/compute/RegionSslCertificate.yaml +++ b/mmv1/products/compute/RegionSslCertificate.yaml @@ -53,7 +53,7 @@ examples: name: 'region_ssl_certificate_basic' primary_resource_id: 'default' - # Uses resource.UniqueId + # Uses id.UniqueId skip_vcr: true ignore_read_extra: - 'name_prefix' @@ -62,13 +62,13 @@ examples: external_providers: ["random", "time"] primary_resource_id: 'default' - # Uses resource.UniqueId + # Uses id.UniqueId skip_vcr: true - !ruby/object:Provider::Terraform::Examples name: 'region_ssl_certificate_target_https_proxies' primary_resource_id: 'default' - # Uses resource.UniqueId + # Uses id.UniqueId skip_vcr: true vars: region_target_https_proxy_name: 'test-proxy' @@ -78,6 +78,7 @@ examples: ignore_read_extra: - 'name_prefix' custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/compute_certificate.go.erb extra_schema_entry: templates/terraform/extra_schema_entry/ssl_certificate.erb parameters: - !ruby/object:Api::Type::ResourceRef @@ -128,7 +129,6 @@ properties: characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - These are in the same namespace as the managed SSL certificates. default_from_api: true custom_expand: 'templates/terraform/custom_expand/name_or_name_prefix.go.erb' @@ -142,4 +142,4 @@ properties: sensitive: true ignore_read: true custom_flatten: 'templates/terraform/custom_flatten/sha256.erb' - diff_suppress_func: 'tpgresource.Sha256DiffSuppress' + diff_suppress_func: 'sha256DiffSuppress' diff --git a/mmv1/products/compute/RegionTargetHttpsProxy.yaml b/mmv1/products/compute/RegionTargetHttpsProxy.yaml index 94cc7c0aa635..00be3b0e6129 100644 --- a/mmv1/products/compute/RegionTargetHttpsProxy.yaml +++ b/mmv1/products/compute/RegionTargetHttpsProxy.yaml @@ -140,8 +140,7 @@ properties: name: 'certificateManagerCertificates' description: | URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. - Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. - sslCertificates and certificateManagerCertificates fields can not be defined together. + sslCertificates and certificateManagerCertificates can't be defined together. Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the self_link `projects/{project}/locations/{location}/certificates/{resourceName}` update_verb: :POST update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' @@ -174,11 +173,11 @@ properties: A reference to the Region SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured. - # 2022 May 28 - setSslPolicy method not yet listed - # https://cloud.google.com/compute/docs/reference/rest/beta/regionTargetHttpsProxies - # update_verb: :POST - # update_url: - # 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslPolicy' + update_id: 'sslPolicy' + fingerprint_name: 'fingerprint' + update_verb: :PATCH + update_url: + 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}' custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' - !ruby/object:Api::Type::ResourceRef name: 'urlMap' diff --git a/mmv1/products/compute/RegionUrlMap.yaml b/mmv1/products/compute/RegionUrlMap.yaml index 2d2645f08398..2e31eea20ab9 100644 --- a/mmv1/products/compute/RegionUrlMap.yaml +++ b/mmv1/products/compute/RegionUrlMap.yaml @@ -749,7 +749,7 @@ properties: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused + for example: disconnects, reset, read timeout, connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. @@ -1197,7 +1197,7 @@ properties: - 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused + for example: disconnects, reset, read timeout, connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. diff --git a/mmv1/products/compute/Reservation.yaml b/mmv1/products/compute/Reservation.yaml index 55285cfcbe91..eee584be87b5 100644 --- a/mmv1/products/compute/Reservation.yaml +++ b/mmv1/products/compute/Reservation.yaml @@ -141,6 +141,7 @@ properties: description: | Type of sharing for this shared-reservation default_from_api: true + immutable: true - !ruby/object:Api::Type::Map name: 'projectMap' description: | diff --git a/mmv1/products/compute/ResizeRequest.yaml b/mmv1/products/compute/ResizeRequest.yaml new file mode 100644 index 000000000000..e5785f150ad1 --- /dev/null +++ b/mmv1/products/compute/ResizeRequest.yaml @@ -0,0 +1,424 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +!ruby/object:Api::Resource +name: "ResizeRequest" +kind: "compute#instanceGroupManagerResizeRequest" +description: | + Represents a Managed Instance Group Resize Request + + Resize Requests are the Managed Instance Group implementation of Dynamic Workload Scheduler Flex Start. + + With Dynamic Workload Scheduler in Flex Start mode, you submit a GPU capacity request for your AI/ML jobs by indicating how many you need, a duration, and your preferred region. Dynamic Workload Scheduler intelligently persists the request; once the capacity becomes available, it automatically provisions your VMs enabling your workloads to run continuously for the entire duration of the capacity allocation. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + # Link to quickstart in the API's Guides section. For example: + # 'Create and connect to a database': 'https://cloud.google.com/alloydb/docs/quickstart/create-and-connect' + "QUICKSTART_TITLE": "https://cloud.google.com/compute/docs/instance-groups/create-resize-requests-mig" + # Link to the REST API reference for the resource. For example, + # https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.backups + api: "https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagerResizeRequests" + +immutable: true + +### List Method ### +base_url: "projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/resizeRequests" + +### Get Method +self_link: "projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/resizeRequests/{{name}}" + +### Create Method ### +# Get method with a post +create_verb: :POST + +### Update method ### +# Resize requests are currently not update-able + +### Delete Method ### +# Custom delete method to handle resize request cancellations vs. deletions. +# If a resize request is in the ACCEPTED state, it must be canceled before it can be +# deleted. If a resize request is NOT in the ACCEPTED state, it can be directly deleted. +custom_code: !ruby/object:Provider::Terraform::CustomCode + custom_delete: templates/terraform/custom_delete/compute_mig_resize_request_delete.go.erb + +# Sets parameters for handling operations returned by the API. +async: !ruby/object:Api::OpAsync + # Overrides which API calls return operations. Default: ['create', + # 'update', 'delete'] + # actions: ['create', 'update', 'delete'] + operation: !ruby/object:Api::OpAsync::Operation + kind: "compute#operation" + path: "name" + base_url: "projects/{{project}}/zones/{{zone}}/operations/{{op_id}}" + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: "targetLink" + status: !ruby/object:Api::OpAsync::Status + path: "status" + complete: "DONE" + allowed: + - "PENDING" + - "RUNNING" + - "DONE" + error: !ruby/object:Api::OpAsync::Error + path: "error/errors" + message: "message" + +# Resize request parameters injected via URL +parameters: + - !ruby/object:Api::Type::ResourceRef + name: "zone" + resource: "Zone" + imports: "name" + description: | + Name of the compute zone scoping this request. Name should conform to RFC1035. + required: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: "instanceGroupManager" + resource: "InstanceGroupManager" + imports: "name" + description: | + The name of the managed instance group. The name should conform to RFC1035 or be a resource ID. + Authorization requires the following IAM permission on the specified resource instanceGroupManager: + *compute.instanceGroupManagers.update + required: true + url_param_only: true + +# Non-URL parameters including input and output parameters +properties: + - !ruby/object:Api::Type::Time + name: "creationTimestamp" + description: | + The creation timestamp for this resize request in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Enum + name: "state" + description: | + [Output only] Current state of the request. + values: + - :CREATING + - :ACCEPTED + - :FAILED + - :SUCCEEDED + - :CANCELLED + output: true + - !ruby/object:Api::Type::String + name: "name" + description: | + The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035. + required: true + - !ruby/object:Api::Type::String + name: "description" + description: | + An optional description of this resize-request. + - !ruby/object:Api::Type::Integer + name: "resizeBy" + description: | + The number of instances to be created by this resize request. The group's target size will be increased by this number. + required: true + - !ruby/object:Api::Type::NestedObject + name: "requestedRunDuration" + description: | + Requested run duration for instances that will be created by this request. At the end of the run duration instance will be deleted. + properties: + - !ruby/object:Api::Type::String + name: "seconds" + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + required: true + - !ruby/object:Api::Type::Integer + name: "nanos" + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::NestedObject + name: "status" + description: | + [Output only] Status of the request. + output: true + properties: + # Status.error + - !ruby/object:Api::Type::NestedObject + name: "error" + output: true + description: | + [Output only] Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + properties: + - !ruby/object:Api::Type::NestedObject + name: "errors" + output: true + description: | + [Output Only] The array of errors encountered while processing this operation. + properties: + - !ruby/object:Api::Type::String + name: "code" + output: true + description: | + [Output Only] The error type identifier for this error. + - !ruby/object:Api::Type::String + name: "location" + output: true + description: | + Output Only] Indicates the field in the request that caused the error. This property is optional. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: | + [Output Only] An optional, human-readable error message. + - !ruby/object:Api::Type::NestedObject + name: "errorDetails" + output: true + description: | + [Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + properties: + - !ruby/object:Api::Type::NestedObject + name: "errorInfo" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "reason" + output: true + description: | + The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE. + - !ruby/object:Api::Type::String + name: "domain" + output: true + description: | + The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com". + - !ruby/object:Api::Type::KeyValuePairs + name: "metadatas" + output: true + description: | + Additional structured details about this error. + Keys must match /[a-z][a-zA-Z0-9-_]+/ but should ideally be lowerCamelCase. Also they must be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request. + - !ruby/object:Api::Type::NestedObject + name: "quotaInfo" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "metricName" + output: true + description: | + The Compute Engine quota metric name. + - !ruby/object:Api::Type::String + name: "limitName" + output: true + description: | + The name of the quota limit. + - !ruby/object:Api::Type::KeyValuePairs + name: "dimensions" + output: true + description: | + The map holding related quota dimensions + - !ruby/object:Api::Type::Integer + name: "limit" + output: true + description: | + Current effective quota limit. The limit's unit depends on the quota type or metric. + - !ruby/object:Api::Type::Integer + name: "futureLimit" + output: true + description: | + Future quota limit being rolled out. The limit's unit depends on the quota type or metric. + - !ruby/object:Api::Type::String + name: "rolloutStatus" + output: true + description: | + Rollout status of the future quota limit. + - !ruby/object:Api::Type::NestedObject + name: "help" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::NestedObject + name: "links" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "description" + output: true + description: | + Describes what the link offers. + - !ruby/object:Api::Type::String + name: "url" + output: true + description: | + The URL of the link. + - !ruby/object:Api::Type::NestedObject + name: "localizedMessage" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "locale" + output: true + description: | + The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX" + - !ruby/object:Api::Type::String + name: "message" + output: true + description: | + The localized error message in the above locale. + # Status.lastAttempt + - !ruby/object:Api::Type::NestedObject + name: "lastAttempt" + output: true + description: | + [Output only] Information about the last attempt to fulfill the request. The value is temporary since the ResizeRequest can retry, as long as it's still active and the last attempt value can either be cleared or replaced with a different error. Since ResizeRequest retries infrequently, the value may be stale and no longer show an active problem. The value is cleared when ResizeRequest transitions to the final state (becomes inactive). If the final state is FAILED the error describing it will be storred in the "error" field only. + properties: + - !ruby/object:Api::Type::NestedObject + name: "error" + output: true + description: | + [Output only] Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + properties: + - !ruby/object:Api::Type::NestedObject + name: "errors" + output: true + description: | + [Output Only] The array of errors encountered while processing this operation. + properties: + - !ruby/object:Api::Type::String + name: "code" + output: true + description: | + [Output Only] The error type identifier for this error. + - !ruby/object:Api::Type::String + name: "location" + output: true + description: | + Output Only] Indicates the field in the request that caused the error. This property is optional. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: | + [Output Only] An optional, human-readable error message. + - !ruby/object:Api::Type::NestedObject + name: "errorDetails" + output: true + description: | + [Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + properties: + - !ruby/object:Api::Type::NestedObject + name: "errorInfo" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "reason" + output: true + description: | + The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE. + - !ruby/object:Api::Type::String + name: "domain" + output: true + description: | + The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com". + - !ruby/object:Api::Type::KeyValuePairs + name: "metadatas" + output: true + description: | + Additional structured details about this error. + Keys must match /[a-z][a-zA-Z0-9-_]+/ but should ideally be lowerCamelCase. Also they must be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request. + - !ruby/object:Api::Type::NestedObject + name: "quotaInfo" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "metricName" + output: true + description: | + The Compute Engine quota metric name. + - !ruby/object:Api::Type::String + name: "limitName" + output: true + description: | + The name of the quota limit. + - !ruby/object:Api::Type::KeyValuePairs + name: "dimensions" + output: true + description: | + The map holding related quota dimensions + - !ruby/object:Api::Type::Integer + name: "limit" + output: true + description: | + Current effective quota limit. The limit's unit depends on the quota type or metric. + - !ruby/object:Api::Type::Integer + name: "futureLimit" + output: true + description: | + Future quota limit being rolled out. The limit's unit depends on the quota type or metric. + - !ruby/object:Api::Type::String + name: "rolloutStatus" + output: true + description: | + Rollout status of the future quota limit. + - !ruby/object:Api::Type::NestedObject + name: "help" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::NestedObject + name: "links" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "description" + output: true + description: | + Describes what the link offers. + - !ruby/object:Api::Type::String + name: "url" + output: true + description: | + The URL of the link. + - !ruby/object:Api::Type::NestedObject + name: "localizedMessage" + output: true + description: | + [Output Only] + properties: + - !ruby/object:Api::Type::String + name: "locale" + output: true + description: | + The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX" + - !ruby/object:Api::Type::String + name: "message" + output: true + description: | + The localized error message in the above locale. + +#Examples for testing +examples: + - !ruby/object:Provider::Terraform::Examples + name: "compute_mig_resize_request" + primary_resource_id: "a3_resize_request" + vars: + resize_request_name: a3-dws diff --git a/mmv1/products/compute/ResourcePolicy.yaml b/mmv1/products/compute/ResourcePolicy.yaml index 8e645187a41e..f74e86817f6a 100644 --- a/mmv1/products/compute/ResourcePolicy.yaml +++ b/mmv1/products/compute/ResourcePolicy.yaml @@ -15,8 +15,9 @@ name: 'ResourcePolicy' kind: 'compute#resourcePolicy' base_url: projects/{{project}}/regions/{{region}}/resourcePolicies -immutable: true has_self_link: true +update_verb: :PATCH +update_url: projects/{{project}}/regions/{{region}}/resourcePolicies/{{name}} collection_url_key: 'items' description: | A policy that can be attached to a resource to specify or schedule actions on that resource. @@ -138,8 +139,7 @@ properties: description: | Time within the window to start the operations. It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00 + where HH : [00-23] and MM : [00] GMT. eg: 21:00 required: true validation: !ruby/object:Provider::Terraform::Validation function: 'verify.ValidateHourlyOnly' diff --git a/mmv1/products/compute/Route.yaml b/mmv1/products/compute/Route.yaml index 9b6b70de1f4d..3c54de91e78f 100644 --- a/mmv1/products/compute/Route.yaml +++ b/mmv1/products/compute/Route.yaml @@ -95,6 +95,7 @@ examples: backend_name: 'compute-backend' route_name: 'route-ilb' custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/compute_route.go.erb decoder: templates/terraform/decoders/route.erb extra_schema_entry: templates/terraform/extra_schema_entry/route.erb docs: !ruby/object:Provider::Terraform::Docs @@ -252,4 +253,4 @@ properties: - next_hop_ip - next_hop_vpn_tunnel - next_hop_ilb - diff_suppress_func: 'tpgresource.CompareIpAddressOrSelfLinkOrResourceName' + diff_suppress_func: 'CompareIpAddressOrSelfLinkOrResourceName' diff --git a/mmv1/products/compute/RouterRoutePolicy.yaml b/mmv1/products/compute/RouterRoutePolicy.yaml new file mode 100644 index 000000000000..12558591a06f --- /dev/null +++ b/mmv1/products/compute/RouterRoutePolicy.yaml @@ -0,0 +1,172 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RouterRoutePolicy' +base_url: projects/{{project}}/regions/{{region}}/routers/{{router}} +self_link: projects/{{project}}/regions/{{region}}/routers/{{router}}/getRoutePolicy?policy={{name}} +create_url: projects/{{project}}/regions/{{region}}/routers/{{router}}/updateRoutePolicy +update_url: projects/{{project}}/regions/{{region}}/routers/{{router}}/updateRoutePolicy +delete_url: projects/{{project}}/regions/{{region}}/routers/{{router}}/deleteRoutePolicy?policy={{name}} +create_verb: :POST +update_verb: :POST +update_mask: true +delete_verb: :POST +description: A route policy created in a router +min_version: 'beta' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +id_format: '{{project}}/{{region}}/{{router}}/routePolicies/{{name}}' +import_format: ['{{project}}/{{region}}/{{router}}/routePolicies/{{name}}'] +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'router_route_policy_export' + primary_resource_id: 'rp-export' + vars: + router_name: 'my-router' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + route_policy_name: 'my-rp1' + - !ruby/object:Provider::Terraform::Examples + name: 'router_route_policy_import' + primary_resource_id: 'rp-import' + vars: + router_name: 'my-router' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + route_policy_name: 'my-rp2' +custom_code: !ruby/object:Provider::Terraform::CustomCode + decoder: templates/terraform/decoders/unwrap_route_policy_resource.go.erb +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'router' + resource: 'Router' + imports: name + description: | + The name of the Cloud Router in which this route policy will be configured. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: region + resource: Region + imports: name + description: Region where the router and NAT reside. + immutable: true + required: false + url_param_only: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + - !ruby/object:Api::Type::String + name: name + description: | + Name of the route policy. This policy's name, which must be a resource ID segment and unique within all policies owned by the Router + required: true + immutable: true +properties: + - !ruby/object:Api::Type::Enum + name: type + description: | + This is policy's type, which is one of IMPORT or EXPORT + values: + - :ROUTE_POLICY_TYPE_IMPORT + - :ROUTE_POLICY_TYPE_EXPORT + - !ruby/object:Api::Type::Array + name: terms + description: | + List of terms (the order in the list is not important, they are evaluated in order of priority). + required: true + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: priority + description: | + The evaluation priority for this term, which must be between 0 (inclusive) and 231 (exclusive), and unique within the list. + required: true + - !ruby/object:Api::Type::NestedObject + name: match + description: | + CEL expression evaluated against a route to determine if this term applies (see Policy Language). When not set, the term applies to all routes. + properties: + - !ruby/object:Api::Type::String + name: 'expression' + required: true + description: + Textual representation of an expression in Common Expression + Language syntax. + - !ruby/object:Api::Type::String + name: 'title' + description: + Title for the expression, i.e. a short string describing its + purpose. + - !ruby/object:Api::Type::String + name: 'description' + description: Description of the expression + - !ruby/object:Api::Type::String + name: 'location' + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + - !ruby/object:Api::Type::Array + name: actions + description: | + 'CEL expressions to evaluate to modify a route when this term matches.'\ + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'expression' + required: true + description: | + Textual representation of an expression in Common Expression + Language syntax. + - !ruby/object:Api::Type::String + name: 'title' + description: | + Title for the expression, i.e. a short string describing its + purpose. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the expression + - !ruby/object:Api::Type::String + name: 'location' + description: | + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true diff --git a/mmv1/products/compute/SecurityPolicyRule.yaml b/mmv1/products/compute/SecurityPolicyRule.yaml index 2ec41e82d35f..7a82d63cbaea 100644 --- a/mmv1/products/compute/SecurityPolicyRule.yaml +++ b/mmv1/products/compute/SecurityPolicyRule.yaml @@ -123,6 +123,27 @@ properties: # name: 'location' # description: | # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + - !ruby/object:Api::Type::NestedObject + name: 'exprOptions' + description: | + The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr'). + properties: + - !ruby/object:Api::Type::NestedObject + name: 'recaptchaOptions' + required: true + description: | + reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect. + properties: + - !ruby/object:Api::Type::Array + name: 'actionTokenSiteKeys' + description: | + A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'sessionTokenSiteKeys' + description: | + A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. + item_type: Api::Type::String - !ruby/object:Api::Type::NestedObject name: 'config' description: | diff --git a/mmv1/products/compute/ServiceAttachment.yaml b/mmv1/products/compute/ServiceAttachment.yaml index a7609767f815..2cb0b513988b 100644 --- a/mmv1/products/compute/ServiceAttachment.yaml +++ b/mmv1/products/compute/ServiceAttachment.yaml @@ -156,16 +156,13 @@ properties: description: | The status of the connection from the consumer forwarding rule to this service attachment. - - !ruby/object:Api::Type::ResourceRef + - !ruby/object:Api::Type::String name: targetService required: true immutable: true - resource: 'ForwardingRule' - imports: 'selfLink' + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' description: | - The URL of a forwarding rule that represents the service identified by - this service attachment. - custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' + The URL of a service serving the endpoint identified by this service attachment. - !ruby/object:Api::Type::Array name: 'natSubnets' required: true diff --git a/mmv1/products/compute/SslCertificate.yaml b/mmv1/products/compute/SslCertificate.yaml index 423602b771b9..dc9e40dc16ed 100644 --- a/mmv1/products/compute/SslCertificate.yaml +++ b/mmv1/products/compute/SslCertificate.yaml @@ -53,7 +53,7 @@ examples: name: 'ssl_certificate_basic' primary_resource_id: 'default' - # Uses resource.UniqueId + # Uses id.UniqueId skip_vcr: true ignore_read_extra: - 'name_prefix' @@ -62,13 +62,13 @@ examples: external_providers: ["random", "time"] primary_resource_id: 'default' - # Uses resource.UniqueId + # Uses id.UniqueId skip_vcr: true - !ruby/object:Provider::Terraform::Examples name: 'ssl_certificate_target_https_proxies' primary_resource_id: 'default' - # Uses resource.UniqueId + # Uses id.UniqueId skip_vcr: true vars: target_https_proxy_name: 'test-proxy' @@ -115,7 +115,6 @@ properties: characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - These are in the same namespace as the managed SSL certificates. default_from_api: true custom_expand: 'templates/terraform/custom_expand/name_or_name_prefix.go.erb' @@ -129,4 +128,4 @@ properties: sensitive: true ignore_read: true custom_flatten: 'templates/terraform/custom_flatten/sha256.erb' - diff_suppress_func: 'tpgresource.Sha256DiffSuppress' + diff_suppress_func: 'sha256DiffSuppress' diff --git a/mmv1/products/compute/TargetHttpsProxy.yaml b/mmv1/products/compute/TargetHttpsProxy.yaml index 5356091825d0..a22e5c8cc870 100644 --- a/mmv1/products/compute/TargetHttpsProxy.yaml +++ b/mmv1/products/compute/TargetHttpsProxy.yaml @@ -130,11 +130,24 @@ properties: update_url: 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setQuicOverride' default_value: :NONE custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb' + - !ruby/object:Api::Type::Enum + name: 'tlsEarlyData' + description: | + Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. + Early Data allows a TLS resumption handshake to include the initial application payload + (a HTTP request) alongside the handshake, reducing the effective round trips to “zero”. + This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). + values: + - :STRICT + - :PERMISSIVE + - :DISABLED + default_from_api: true - !ruby/object:Api::Type::Array name: 'certificateManagerCertificates' description: | URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. - Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED. + For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead. sslCertificates and certificateManagerCertificates fields can not be defined together. Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the self_link `projects/{project}/locations/{location}/certificates/{resourceName}` update_verb: :POST @@ -164,7 +177,8 @@ properties: name: 'certificateMap' description: | A reference to the CertificateMap resource uri that identifies a certificate map - associated with the given target proxy. This field can only be set for global target proxies. + associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. + For INTERNAL_MANAGED, use certificate_manager_certificates instead. Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. update_verb: :POST update_url: 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setCertificateMap' diff --git a/mmv1/products/compute/UrlMap.yaml b/mmv1/products/compute/UrlMap.yaml index d3dad5414195..054b6427feb1 100644 --- a/mmv1/products/compute/UrlMap.yaml +++ b/mmv1/products/compute/UrlMap.yaml @@ -124,6 +124,16 @@ examples: http_health_check_name: "health-check" backend_bucket_name: "static-asset-backend-bucket" storage_bucket_name: "static-asset-bucket" + - !ruby/object:Provider::Terraform::Examples + name: "url_map_custom_error_response_policy" + primary_resource_id: "urlmap" + min_version: beta + vars: + url_map_name: "urlmap" + backend_service_name: "login" + http_health_check_name: "health-check" + storage_bucket_name: "static-asset-bucket" + error_backend_bucket_name: "error-backend-bucket" properties: - !ruby/object:Api::Type::Time name: 'creationTimestamp' @@ -304,6 +314,66 @@ properties: description: | An optional description of this resource. Provide this property when you create the resource. + - !ruby/object:Api::Type::NestedObject + name: 'defaultCustomErrorResponsePolicy' + min_version: beta + description: | + defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + + This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. + + For example, consider a UrlMap with the following configuration: + + UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors + A RouteRule for /coming_soon/ is configured for the error code 404. + If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. + + When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. + + defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers. + properties: + - !ruby/object:Api::Type::Array + name: 'errorResponseRule' + api_name: errorResponseRules + description: | + Specifies rules for returning error responses. + In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. + For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). + If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'matchResponseCodes' + description: | + Valid values include: + - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. + - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. + - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. + Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'path' + description: | + The full path to a file within backendBucket . For example: /errors/defaultError.html + path must start with a leading slash. path cannot have trailing slashes. + If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. + The value must be from 1 to 1024 characters + - !ruby/object:Api::Type::Integer + name: 'overrideResponseCode' + description: | + The HTTP status code returned with the response containing the custom error content. + If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. + - !ruby/object:Api::Type::ResourceRef + name: 'errorService' + resource: 'BackendBucket' + imports: 'selfLink' + description: | + The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: + https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket + compute/v1/projects/project/global/backendBuckets/myBackendBucket + global/backendBuckets/myBackendBucket + If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. + If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). - !ruby/object:Api::Type::NestedObject name: 'headerAction' description: | @@ -403,6 +473,64 @@ properties: \* is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here. + - !ruby/object:Api::Type::NestedObject + name: 'customErrorResponsePolicy' + min_version: beta + description: | + customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. + For example, consider a UrlMap with the following configuration: + UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors + A PathRule for /coming_soon/ is configured for the error code 404. + If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. + customErrorResponsePolicy is supported only for global external Application Load Balancers. + properties: + - !ruby/object:Api::Type::Array + name: 'errorResponseRule' + api_name: errorResponseRules + description: | + Specifies rules for returning error responses. + In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. + For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). + If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'matchResponseCodes' + description: | + Valid values include: + + - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. + - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. + - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. + + Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'path' + description: | + The full path to a file within backendBucket . For example: /errors/defaultError.html + path must start with a leading slash. path cannot have trailing slashes. + If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. + The value must be from 1 to 1024 characters + - !ruby/object:Api::Type::Integer + name: 'overrideResponseCode' + description: | + The HTTP status code returned with the response containing the custom error content. + If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. + - !ruby/object:Api::Type::ResourceRef + name: "errorService" + resource: "BackendBucket" + imports: 'selfLink' + description: | + The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: + + https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket + compute/v1/projects/project/global/backendBuckets/myBackendBucket + global/backendBuckets/myBackendBucket + + If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. + If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). - !ruby/object:Api::Type::NestedObject name: 'routeAction' description: | @@ -575,7 +703,7 @@ properties: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused + for example: disconnects, reset, read timeout, connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. @@ -1287,7 +1415,7 @@ properties: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused + for example: disconnects, reset, read timeout, connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. @@ -1915,6 +2043,68 @@ properties: The value must be between 0.0 and 100.0 inclusive. validation: !ruby/object:Provider::Terraform::Validation function: 'validation.FloatBetween(0, 100)' + - !ruby/object:Api::Type::NestedObject + name: 'defaultCustomErrorResponsePolicy' + min_version: beta + description: | + defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + + This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. + + For example, consider a UrlMap with the following configuration: + + UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors + A RouteRule for /coming_soon/ is configured for the error code 404. + If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. + + When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. + + defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers. + properties: + - !ruby/object:Api::Type::Array + name: 'errorResponseRule' + api_name: errorResponseRules + description: | + Specifies rules for returning error responses. + In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. + For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). + If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'matchResponseCodes' + description: | + Valid values include: + - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. + - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. + - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. + Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'path' + description: | + The full path to a file within backendBucket. For example: /errors/defaultError.html + path must start with a leading slash. path cannot have trailing slashes. + If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. + The value must be from 1 to 1024 characters. + - !ruby/object:Api::Type::Integer + name: 'overrideResponseCode' + description: | + The HTTP status code returned with the response containing the custom error content. + If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. + - !ruby/object:Api::Type::ResourceRef + name: "errorService" + resource: "BackendBucket" + imports: 'selfLink' + description: | + The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: + + https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket + compute/v1/projects/project/global/backendBuckets/myBackendBucket + global/backendBuckets/myBackendBucket + + If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. + If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). - !ruby/object:Api::Type::Array name: "test" api_name: tests diff --git a/mmv1/products/compute/VpnGateway.yaml b/mmv1/products/compute/VpnGateway.yaml index a0435e33e39f..7087bb6be486 100644 --- a/mmv1/products/compute/VpnGateway.yaml +++ b/mmv1/products/compute/VpnGateway.yaml @@ -12,21 +12,17 @@ # limitations under the License. --- !ruby/object:Api::Resource -name: 'HaVpnGateway' -kind: 'compute#vpnGateway' -base_url: projects/{{project}}/regions/{{region}}/vpnGateways +name: 'VpnGateway' +kind: 'compute#targetVpnGateway' +base_url: projects/{{project}}/regions/{{region}}/targetVpnGateways collection_url_key: 'items' immutable: true has_self_link: true description: | Represents a VPN gateway running in GCP. This virtual device is managed - by Google, but used only by you. This type of VPN Gateway allows for the creation - of VPN solutions with higher availability than classic Target VPN Gateways. + by Google, but used only by you. references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Choosing a VPN': https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn - 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' - api: https://cloud.google.com/compute/docs/reference/rest/v1/vpnGateways + api: https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation kind: 'compute#operation' @@ -45,48 +41,23 @@ async: !ruby/object:Api::OpAsync error: !ruby/object:Api::OpAsync::Error path: 'error/errors' message: 'message' +docs: !ruby/object:Provider::Terraform::Docs + warning: | + Classic VPN is deprecating certain functionality on October 31, 2021. For more information, + see the [Classic VPN partial deprecation page](https://cloud.google.com/network-connectivity/docs/vpn/deprecations/classic-vpn-deprecation). examples: - !ruby/object:Provider::Terraform::Examples - name: 'ha_vpn_gateway_basic' - primary_resource_id: 'ha_gateway1' + name: 'target_vpn_gateway_basic' + primary_resource_id: 'target_gateway' vars: - ha_vpn_gateway1_name: 'ha-vpn-1' - network1_name: 'network1' - - !ruby/object:Provider::Terraform::Examples - name: 'ha_vpn_gateway_ipv6' - primary_resource_id: 'ha_gateway1' - vars: - ha_vpn_gateway1_name: 'ha-vpn-1' - network1_name: 'network1' - - !ruby/object:Provider::Terraform::Examples - name: 'ha_vpn_gateway_gcp_to_gcp' - primary_resource_id: - 'ha_gateway1' - # Multiple fine-grained resources - skip_vcr: true - skip_test: true - skip_docs: true - vars: - ha_vpn_gateway1_name: 'ha-vpn-1' - network1_name: 'network1' - router1_name: 'ha-vpn-router1' - ha_vpn_gateway2_name: 'ha-vpn-2' - network2_name: 'network2' - router2_name: 'ha-vpn-router2' - - !ruby/object:Provider::Terraform::Examples - name: 'compute_ha_vpn_gateway_encrypted_interconnect' - primary_resource_id: - 'vpn-gateway' - # TODO: https://github.com/hashicorp/terraform-provider-google/issues/11504 - skip_test: true - vars: - ha_vpn_gateway_name: 'test-ha-vpngw' - interconnect_attachment1_name: 'test-interconnect-attachment1' - interconnect_attachment2_name: 'test-interconnect-attachment2' - address1_name: 'test-address1' - address2_name: 'test-address2' - router_name: 'test-router' - network_name: 'test-network' + target_vpn_gateway_name: 'vpn-1' + network_name: 'network-1' + address_name: 'vpn-static-ip' + esp_forwarding_rule_name: 'fr-esp' + udp500_forwarding_rule_name: 'fr-udp500' + udp4500_forwarding_rule_name: 'fr-udp4500' + vpn_tunnel_name: 'tunnel1' + route_name: 'route1' parameters: - !ruby/object:Api::Type::ResourceRef name: 'region' @@ -99,6 +70,10 @@ parameters: custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true - !ruby/object:Api::Type::String name: 'description' description: 'An optional description of this resource.' @@ -115,8 +90,11 @@ properties: character, which cannot be a dash. required: true immutable: true - validation: !ruby/object:Provider::Terraform::Validation - function: 'verify.ValidateGCEName' + - !ruby/object:Api::Type::Integer + name: 'gateway_id' + api_name: 'id' + description: 'The unique identifier for the resource.' + output: true - !ruby/object:Api::Type::ResourceRef name: 'network' resource: 'Network' @@ -124,44 +102,5 @@ properties: description: | The network this VPN gateway is accepting traffic for. required: true - immutable: true custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' - - !ruby/object:Api::Type::Enum - name: 'stackType' - description: | - The stack type for this VPN gateway to identify the IP protocols that are enabled. - If not specified, IPV4_ONLY will be used. - default_value: :IPV4_ONLY - values: - - :IPV4_ONLY - - :IPV4_IPV6 immutable: true - custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb' - - !ruby/object:Api::Type::Array - name: 'vpnInterfaces' - description: | - A list of interfaces on this VPN gateway. - default_from_api: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The numeric ID of this VPN gateway interface.' - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: 'The external IP address for this VPN gateway interface.' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'interconnectAttachment' - resource: 'InterconnectAttachment' - imports: 'selfLink' - description: | - URL of the interconnect attachment resource. When the value - of this field is present, the VPN Gateway will be used for - IPsec-encrypted Cloud Interconnect; all Egress or Ingress - traffic for this VPN Gateway interface will go through the - specified interconnect attachment resource. - - Not currently available publicly. - custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' - immutable: true diff --git a/mmv1/products/compute/go_Address.yaml b/mmv1/products/compute/go_Address.yaml new file mode 100644 index 000000000000..a83a22d3ad4e --- /dev/null +++ b/mmv1/products/compute/go_Address.yaml @@ -0,0 +1,237 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Address' +kind: 'compute#address' +description: | + Represents an Address resource. + + Each virtual machine instance has an ephemeral internal IP address and, + optionally, an external IP address. To communicate between instances on + the same network, you can use an instance's internal IP address. To + communicate with the Internet and instances outside of the same network, + you must specify the instance's external IP address. + + Internal IP addresses are ephemeral and only belong to an instance for + the lifetime of the instance; if the instance is deleted and recreated, + the instance is assigned a new internal IP address, either by Compute + Engine or by you. External IP addresses can be either ephemeral or + static. +references: + guides: + 'Reserving a Static External IP Address': 'https://cloud.google.com/compute/docs/instances-and-network' + 'Reserving a Static Internal IP Address': 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address' + api: 'https://cloud.google.com/compute/docs/reference/beta/addresses' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/addresses' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + post_create: 'templates/terraform/post_create/go/labels.tmpl' +examples: + - name: 'address_basic' + primary_resource_id: 'ip_address' + vars: + address_name: 'my-address' + - name: 'address_with_subnetwork' + primary_resource_id: 'internal_with_subnet_and_address' + vars: + address_name: 'my-internal-address' + network_name: 'my-network' + subnetwork_name: 'my-subnet' + - name: 'address_with_gce_endpoint' + primary_resource_id: 'internal_with_gce_endpoint' + vars: + address_name: 'my-internal-address-' + - name: 'address_with_shared_loadbalancer_vip' + primary_resource_id: 'internal_with_shared_loadbalancer_vip' + vars: + address_name: 'my-internal-address' + skip_docs: true + - name: 'instance_with_ip' + primary_resource_id: 'static' + vars: + address_name: 'ipv4-address' + instance_name: 'vm-instance' + - name: 'compute_address_ipsec_interconnect' + primary_resource_id: 'ipsec-interconnect-address' + vars: + address_name: 'test-address' + network_name: 'test-network' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created address should reside. + If it is not provided, the provider region is used. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'address' + type: String + description: | + The static external IP address represented by this resource. + The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + default_from_api: true + - name: 'addressType' + type: Enum + description: | + The type of address to reserve. + Note: if you set this argument's value as `INTERNAL` you need to leave the `network_tier` argument unset in that resource block. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "EXTERNAL" + enum_values: + - 'INTERNAL' + - 'EXTERNAL' + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + validation: + regex: '^(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)$' + - name: 'purpose' + type: String + description: | + The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + This should only be set when using an Internal address. + default_from_api: true + - name: 'networkTier' + type: Enum + description: | + The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). + default_from_api: true + enum_values: + - 'PREMIUM' + - 'STANDARD' + - name: 'subnetwork' + type: ResourceRef + description: | + The URL of the subnetwork in which to reserve the address. If an IP + address is specified, it must be within the subnetwork's IP range. + This field can only be used with INTERNAL type with + GCE_ENDPOINT/DNS_RESOLVER purposes. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'users' + type: Array + description: 'The URLs of the resources that are using this address.' + output: true + item_type: + type: String + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this address. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/regions/{{region}}/addresses/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/regions/{{region}}/addresses/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'network' + type: ResourceRef + description: | + The URL of the network in which to reserve the address. This field + can only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'prefixLength' + type: Integer + description: | + The prefix length if the resource represents an IP range. + default_from_api: true + - name: 'ipVersion' + type: Enum + description: | + The IP Version that will be used by this address. The default value is `IPV4`. + diff_suppress_func: 'tpgresource.EmptyOrDefaultStringSuppress("IPV4")' + enum_values: + - 'IPV4' + - 'IPV6' + - name: 'ipv6EndpointType' + type: Enum + description: | + The endpoint type of this address, which should be VM or NETLB. This is + used for deciding which type of endpoint this address can be used after + the external IPv6 address reservation. + enum_values: + - 'VM' + - 'NETLB' diff --git a/mmv1/products/compute/go_Autoscaler.yaml b/mmv1/products/compute/go_Autoscaler.yaml new file mode 100644 index 000000000000..58af3f1aae8b --- /dev/null +++ b/mmv1/products/compute/go_Autoscaler.yaml @@ -0,0 +1,426 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Autoscaler' +kind: 'compute#autoscaler' +description: | + Represents an Autoscaler resource. + + Autoscalers allow you to automatically scale virtual machine instances in + managed instance groups according to an autoscaling policy that you + define. +references: + guides: + 'Autoscaling Groups of Instances': 'https://cloud.google.com/compute/docs/autoscaler/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/autoscalers' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/autoscalers' +has_self_link: true +update_url: 'projects/{{project}}/zones/{{zone}}/autoscalers?autoscaler={{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'autoscaler_single_instance' + primary_resource_id: 'default' + min_version: 'beta' + vars: + autoscaler_name: 'my-autoscaler' + instance_template_name: 'my-instance-template' + target_pool_name: 'my-target-pool' + igm_name: 'my-igm' + provider_name: 'google-beta' + provider_alias: '' + test_vars_overrides: + 'provider_name': '"google-beta.us-central1"' + 'provider_alias': '"alias = \"us-central1\""' + - name: 'autoscaler_basic' + primary_resource_id: 'foobar' + vars: + autoscaler_name: 'my-autoscaler' + instance_template_name: 'my-instance-template' + target_pool_name: 'my-target-pool' + igm_name: 'my-igm' +parameters: + - name: 'zone' + type: ResourceRef + description: | + URL of the zone where the instance group resides. + required: false + immutable: true + ignore_read: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'autoscalingPolicy' + type: NestedObject + description: | + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + required: true + properties: + - name: 'minReplicas' + type: Integer + description: | + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + api_name: minNumReplicas + required: true + send_empty_value: true + - name: 'maxReplicas' + type: Integer + description: | + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + api_name: maxNumReplicas + required: true + send_empty_value: true + - name: 'cooldownPeriod' + type: Integer + description: | + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + api_name: coolDownPeriodSec + default_value: 60 + - name: 'mode' + type: String + description: | + Defines operating mode for this policy. + default_value: "ON" + - name: 'scaleDownControl' + type: NestedObject + description: | + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events + min_version: 'beta' + required: false + default_from_api: true + properties: + - name: 'maxScaledDownReplicas' + type: NestedObject + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas' + - 'autoscaling_policy.0.scale_down_control.0.time_window_sec' + properties: + - name: 'fixed' + type: Integer + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed' + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent' + - name: 'percent' + type: Integer + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed' + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent' + - name: 'timeWindowSec' + type: Integer + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas' + - 'autoscaling_policy.0.scale_down_control.0.time_window_sec' + - name: 'scaleInControl' + type: NestedObject + description: | + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - name: 'maxScaledInReplicas' + type: NestedObject + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas' + - 'autoscaling_policy.0.scale_in_control.0.time_window_sec' + properties: + - name: 'fixed' + type: Integer + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed' + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent' + - name: 'percent' + type: Integer + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed' + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent' + - name: 'timeWindowSec' + type: Integer + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas' + - 'autoscaling_policy.0.scale_in_control.0.time_window_sec' + - name: 'cpuUtilization' + type: NestedObject + description: | + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + default_from_api: true + properties: + - name: 'target' + type: Double + description: | + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + api_name: utilizationTarget + required: true + - name: 'predictiveMethod' + type: String + description: | + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "NONE" + - name: 'metric' + type: Array + description: | + Configuration parameters of autoscaling based on a custom metric. + api_name: customMetricUtilizations + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + api_name: metric + required: true + - name: 'singleInstanceAssignment' + type: Double + description: | + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + `pubsub.googleapis.com/subscription/num_undelivered_messages` + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + min_version: 'beta' + - name: 'target' + type: Double + description: | + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + api_name: utilizationTarget + - name: 'type' + type: Enum + description: | + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. + api_name: utilizationTargetType + enum_values: + - 'GAUGE' + - 'DELTA_PER_SECOND' + - 'DELTA_PER_MINUTE' + - name: 'filter' + type: String + description: | + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + min_version: 'beta' + default_value: "resource.type = gce_instance" + - name: 'loadBalancingUtilization' + type: NestedObject + description: | + Configuration parameters of autoscaling based on a load balancer. + properties: + - name: 'target' + type: Double + description: | + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + api_name: utilizationTarget + required: true + - name: 'scalingSchedules' + type: Map + description: | + Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. + key_name: 'name' + key_description: | + A name for the schedule. + value_type: + name: scalingSchedule + type: NestedObject + properties: + - name: 'minRequiredReplicas' + type: Integer + description: | + Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. + required: true + send_empty_value: true + - name: 'schedule' + type: String + description: | + The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). + required: true + - name: 'timeZone' + type: String + description: | + The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. + default_value: "UTC" + - name: 'durationSec' + type: Integer + description: | + The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. + required: true + - name: 'disabled' + type: Boolean + description: | + A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. + default_value: false + - name: 'description' + type: String + description: | + A description of a scaling schedule. + - name: 'target' + type: ResourceRef + description: | + URL of the managed instance group that this autoscaler will scale. + required: true + custom_expand: 'templates/terraform/custom_expand/go/compute_full_url.tmpl' + resource: 'InstanceGroupManager' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_BackendBucket.yaml b/mmv1/products/compute/go_BackendBucket.yaml new file mode 100644 index 000000000000..2cd35c63275c --- /dev/null +++ b/mmv1/products/compute/go_BackendBucket.yaml @@ -0,0 +1,283 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BackendBucket' +kind: 'compute#backendBucket' +description: | + Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) + load balancing. + + An HTTP(S) load balancer can direct traffic to specified URLs to a + backend bucket rather than a backend service. It can send requests for + static content to a Cloud Storage bucket and requests for dynamic content + to a virtual machine instance. +references: + guides: + 'Using a Cloud Storage bucket as a load balancer backend': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-bucket' + api: 'https://cloud.google.com/compute/docs/reference/v1/backendBuckets' +docs: +base_url: 'projects/{{project}}/global/backendBuckets' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/global/backendBuckets/{{name}}' + - '{{name}}' + min_version: 'beta' +custom_code: + encoder: 'templates/terraform/encoders/go/compute_backend_bucket.go.tmpl' + post_create: 'templates/terraform/post_create/go/compute_backend_bucket_security_policy.go.tmpl' + post_update: 'templates/terraform/post_create/go/compute_backend_bucket_security_policy.go.tmpl' +examples: + - name: 'backend_bucket_basic' + primary_resource_id: 'image_backend' + primary_resource_name: 'fmt.Sprintf("tf-test-image-backend-bucket%s", context["random_suffix"])' + vars: + backend_bucket_name: 'image-backend-bucket' + bucket_name: 'image-store-bucket' + - name: 'backend_bucket_full' + primary_resource_id: 'image_backend_full' + vars: + backend_bucket_name: 'image-backend-bucket-full' + bucket_name: 'image-store-bucket-full' + skip_docs: true + - name: 'backend_bucket_security_policy' + primary_resource_id: 'image_backend' + vars: + backend_bucket_name: 'image-backend-bucket' + bucket_name: 'image-store-bucket' + - name: 'backend_bucket_query_string_whitelist' + primary_resource_id: 'image_backend' + vars: + backend_bucket_name: 'image-backend-bucket' + - name: 'backend_bucket_include_http_headers' + primary_resource_id: 'image_backend' + vars: + backend_bucket_name: 'image-backend-bucket' + - name: 'external_cdn_lb_with_backend_bucket' + primary_resource_id: 'default' + vars: + my_bucket: 'my-bucket' + index_page: 'index-page' + 404_page: '404-page' + test_object: 'test-object' + example_ip: 'example-ip' + http_lb_forwarding_rule: 'http-lb-forwarding-rule' + http_lb_proxy: 'http-lb-proxy' + http_lb: 'http-lb' + cat_backend_bucket: 'cat-backend-bucket' + skip_docs: true + - name: 'backend_bucket_bypass_cache' + primary_resource_id: 'image_backend' + vars: + backend_bucket_name: 'image-backend-bucket' + bucket_name: 'image-store-bucket' + skip_docs: true + - name: 'backend_bucket_coalescing' + primary_resource_id: 'image_backend' + vars: + backend_bucket_name: 'image-backend-bucket' + bucket_name: 'image-store-bucket' + skip_docs: true +parameters: +properties: + - name: 'bucketName' + type: String + description: 'Cloud Storage bucket name.' + required: true + - name: 'cdnPolicy' + type: NestedObject + description: 'Cloud CDN configuration for this Backend Bucket.' + default_from_api: true + properties: + - name: 'cacheKeyPolicy' + type: NestedObject + description: 'The CacheKeyPolicy for this CdnPolicy.' + properties: + - name: 'queryStringWhitelist' + type: Array + description: | + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + item_type: + type: String + - name: 'includeHttpHeaders' + type: Array + description: | + Allows HTTP request headers (by name) to be used in the + cache key. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + item_type: + type: String + - name: 'signedUrlCacheMaxAgeSec' + type: Integer + description: | + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + send_empty_value: true + - name: 'defaultTtl' + type: Integer + description: | + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + default_from_api: true + send_empty_value: true + - name: 'maxTtl' + type: Integer + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + default_from_api: true + - name: 'clientTtl' + type: Integer + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + default_from_api: true + send_empty_value: true + - name: 'negativeCaching' + type: Boolean + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. + default_from_api: true + send_empty_value: true + - name: 'negativeCachingPolicy' + type: Array + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + item_type: + type: NestedObject + properties: + - name: 'code' + type: Integer + description: | + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + - name: 'ttl' + type: Integer + description: | + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + send_empty_value: true + - name: 'cacheMode' + type: Enum + description: | + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC + default_from_api: true + enum_values: + - 'USE_ORIGIN_HEADERS' + - 'FORCE_CACHE_ALL' + - 'CACHE_ALL_STATIC' + - name: 'serveWhileStale' + type: Integer + description: | + Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. + default_from_api: true + send_empty_value: true + - name: 'requestCoalescing' + type: Boolean + description: | + If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin. + send_empty_value: true + - name: 'bypassCacheOnRequestHeaders' + type: Array + description: | + Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The header field name to match on when bypassing cache. Values are case-insensitive. + max_size: 5 + - name: 'compressionMode' + type: Enum + description: | + Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. + enum_values: + - 'AUTOMATIC' + - 'DISABLED' + - name: 'edgeSecurityPolicy' + type: String + description: | + The security policy associated with this backend bucket. + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'customResponseHeaders' + type: Array + description: | + Headers that the HTTP/S load balancer should add to proxied responses. + item_type: + type: String + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional textual description of the resource; provided by the + client when the resource is created. + - name: 'enableCdn' + type: Boolean + description: 'If true, enable Cloud CDN for this BackendBucket.' + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + validation: + regex: '^(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)$' diff --git a/mmv1/products/compute/go_BackendBucketSignedUrlKey.yaml b/mmv1/products/compute/go_BackendBucketSignedUrlKey.yaml new file mode 100644 index 000000000000..3c98d9c4729e --- /dev/null +++ b/mmv1/products/compute/go_BackendBucketSignedUrlKey.yaml @@ -0,0 +1,99 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BackendBucketSignedUrlKey' +kind: 'compute#BackendBucketSignedUrlKey' +description: | + A key for signing Cloud CDN signed URLs for BackendBuckets. +references: + guides: + 'Using Signed URLs': 'https://cloud.google.com/cdn/docs/using-signed-urls/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/backendBuckets' +docs: +base_url: 'projects/{{project}}/global/backendBuckets/{{backend_bucket}}' +self_link: 'projects/{{project}}/global/backendBuckets/{{backend_bucket}}' +create_url: 'projects/{{project}}/global/backendBuckets/{{backend_bucket}}/addSignedUrlKey' +delete_url: 'projects/{{project}}/global/backendBuckets/{{backend_bucket}}/deleteSignedUrlKey?keyName={{name}}' +delete_verb: 'POST' +immutable: true +mutex: 'signedUrlKey/{{project}}/backendBuckets/{{backend_bucket}}/' +exclude_import: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - name +nested_query: + keys: + - cdnPolicy + - signedUrlKeyNames + is_list_of_ids: true + modify_by_patch: false +custom_code: +exclude_tgc: true +examples: + - name: 'backend_bucket_signed_url_key' + primary_resource_id: 'backend_key' + vars: + key_name: 'test-key' + backend_name: 'test-signed-backend-bucket' + bucket_name: 'test-storage-bucket' + external_providers: ["random", "time"] + skip_test: true +parameters: + - name: 'backendBucket' + type: ResourceRef + description: | + The backend bucket this signed URL key belongs. + required: true + immutable: true + ignore_read: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'BackendBucket' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the signed URL key. + api_name: keyName + required: true + immutable: true + validation: + regex: '^(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)$' + - name: 'keyValue' + type: String + description: | + 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + required: true + immutable: true + ignore_read: true + sensitive: true diff --git a/mmv1/products/compute/go_BackendService.yaml b/mmv1/products/compute/go_BackendService.yaml new file mode 100644 index 000000000000..0ff6dc96a582 --- /dev/null +++ b/mmv1/products/compute/go_BackendService.yaml @@ -0,0 +1,1344 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BackendService' +kind: 'compute#backendService' +description: | + A Backend Service defines a group of virtual machines that will serve + traffic for load balancing. This resource is a global backend service, + appropriate for external load balancing or self-managed internal load balancing. + For managed internal load balancing, use a regional backend service instead. + + Currently self-managed internal load balancing is only available in beta. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-service' + api: 'https://cloud.google.com/compute/docs/reference/v1/backendServices' +docs: +base_url: 'projects/{{project}}/global/backendServices' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + allowed_iam_role: 'roles/compute.admin' + parent_resource_attribute: 'name' + iam_conditions_request_type: 'QUERY_PARAM' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + min_version: 'beta' +custom_code: + constants: 'templates/terraform/constants/go/backend_service.go.tmpl' + encoder: 'templates/terraform/encoders/go/backend_service.go.tmpl' + decoder: 'templates/terraform/decoders/go/backend_service.go.tmpl' + post_create: 'templates/terraform/post_create/go/compute_backend_service_security_policy.go.tmpl' + post_update: 'templates/terraform/post_create/go/compute_backend_service_security_policy.go.tmpl' +schema_version: 1 +examples: + - name: 'backend_service_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-backend-service%s", context["random_suffix"])' + vars: + backend_service_name: 'backend-service' + http_health_check_name: 'health-check' + - name: 'backend_service_external_iap' + primary_resource_id: 'default' + vars: + backend_service_name: 'tf-test-backend-service-external' + - name: 'backend_service_cache_simple' + primary_resource_id: 'default' + vars: + backend_service_name: 'backend-service' + http_health_check_name: 'health-check' + - name: 'backend_service_cache_include_http_headers' + primary_resource_id: 'default' + vars: + backend_service_name: 'backend-service' + - name: 'backend_service_cache_include_named_cookies' + primary_resource_id: 'default' + vars: + backend_service_name: 'backend-service' + - name: 'backend_service_cache' + primary_resource_id: 'default' + vars: + backend_service_name: 'backend-service' + http_health_check_name: 'health-check' + - name: 'backend_service_cache_bypass_cache_on_request_headers' + primary_resource_id: 'default' + vars: + backend_service_name: 'backend-service' + http_health_check_name: 'health-check' + - name: 'backend_service_traffic_director_round_robin' + primary_resource_id: 'default' + min_version: 'beta' + vars: + backend_service_name: 'backend-service' + health_check_name: 'health-check' + - name: 'backend_service_traffic_director_ring_hash' + primary_resource_id: 'default' + min_version: 'beta' + vars: + backend_service_name: 'backend-service' + health_check_name: 'health-check' + - name: 'backend_service_network_endpoint' + primary_resource_id: 'default' + min_version: 'beta' + vars: + backend_service_name: 'backend-service' + neg_name: 'network-endpoint' + - name: 'backend_service_external_managed' + primary_resource_id: 'default' + vars: + backend_service_name: 'backend-service' + health_check_name: 'health-check' +parameters: +properties: + - name: 'affinityCookieTtlSec' + type: Integer + description: | + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + - name: 'backend' + type: Array + description: | + The set of backends that serve this BackendService. + api_name: backends + is_set: true + set_hash_func: 'resourceGoogleComputeBackendServiceBackendHash' + item_type: + type: NestedObject + properties: + - name: 'balancingMode' + type: Enum + description: | + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. + + From version 6.0.0 default value will be UTILIZATION to match default GCP value. + default_value: "UTILIZATION" + enum_values: + - 'UTILIZATION' + - 'RATE' + - 'CONNECTION' + - name: 'capacityScaler' + type: Double + description: | + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + send_empty_value: true + default_value: 1.0 + - name: 'description' + type: String + description: | + An optional description of this resource. + Provide this property when you create the resource. + - name: 'group' + type: String + description: | + The fully-qualified URL of an Instance Group or Network Endpoint + Group resource. In case of instance group this defines the list + of instances that serve traffic. Member virtual machine + instances from each instance group must live in the same zone as + the instance group itself. No two backends in a backend service + are allowed to use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and + Network Endpoint Group backends. + + Note that you must specify an Instance Group or Network Endpoint + Group resource using the fully-qualified URL, rather than a + partial URL. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + custom_flatten: 'templates/terraform/custom_flatten/go/guard_self_link.go.tmpl' + - name: 'maxConnections' + type: Integer + description: | + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + default_from_api: true + - name: 'maxConnectionsPerInstance' + type: Integer + description: | + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + default_from_api: true + - name: 'maxConnectionsPerEndpoint' + type: Integer + description: | + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + default_from_api: true + - name: 'maxRate' + type: Integer + description: | + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + default_from_api: true + - name: 'maxRatePerInstance' + type: Double + description: | + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + default_from_api: true + - name: 'maxRatePerEndpoint' + type: Double + description: | + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + default_from_api: true + - name: 'maxUtilization' + type: Double + description: | + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + default_from_api: true + - name: 'circuitBreakers' + type: NestedObject + description: | + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + - name: 'connectTimeout' + type: NestedObject + description: | + The timeout for new network connections to hosts. + min_version: 'beta' + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - name: 'maxRequestsPerConnection' + type: Integer + description: | + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + - name: 'maxConnections' + type: Integer + description: | + The maximum number of connections to the backend cluster. + Defaults to 1024. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 1024 + - name: 'maxPendingRequests' + type: Integer + description: | + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 1024 + - name: 'maxRequests' + type: Integer + description: | + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 1024 + - name: 'maxRetries' + type: Integer + description: | + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 3 + - name: 'compressionMode' + type: Enum + description: | + Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. + enum_values: + - 'AUTOMATIC' + - 'DISABLED' + - name: 'consistentHash' + type: NestedObject + description: | + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + - name: 'httpCookie' + type: NestedObject + description: | + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + at_least_one_of: + - 'consistent_hash.0.http_cookie' + - 'consistent_hash.0.http_header_name' + - 'consistent_hash.0.minimum_ring_size' + properties: + - name: 'ttl' + type: NestedObject + description: | + Lifetime of the cookie. + at_least_one_of: + - 'consistent_hash.0.http_cookie.0.ttl' + - 'consistent_hash.0.http_cookie.0.name' + - 'consistent_hash.0.http_cookie.0.path' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - name: 'name' + type: String + description: | + Name of the cookie. + at_least_one_of: + - 'consistent_hash.0.http_cookie.0.ttl' + - 'consistent_hash.0.http_cookie.0.name' + - 'consistent_hash.0.http_cookie.0.path' + - name: 'path' + type: String + description: | + Path to set for the cookie. + at_least_one_of: + - 'consistent_hash.0.http_cookie.0.ttl' + - 'consistent_hash.0.http_cookie.0.name' + - 'consistent_hash.0.http_cookie.0.path' + - name: 'httpHeaderName' + type: String + description: | + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + at_least_one_of: + - 'consistent_hash.0.http_cookie' + - 'consistent_hash.0.http_header_name' + - 'consistent_hash.0.minimum_ring_size' + - name: 'minimumRingSize' + type: Integer + description: | + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + at_least_one_of: + - 'consistent_hash.0.http_cookie' + - 'consistent_hash.0.http_header_name' + - 'consistent_hash.0.minimum_ring_size' + default_value: 1024 + - name: 'cdnPolicy' + type: NestedObject + description: 'Cloud CDN configuration for this BackendService.' + default_from_api: true + properties: + - name: 'cacheKeyPolicy' + type: NestedObject + description: 'The CacheKeyPolicy for this CdnPolicy.' + at_least_one_of: + - 'cdn_policy.0.cache_key_policy' + - 'cdn_policy.0.signed_url_cache_max_age_sec' + properties: + - name: 'includeHost' + type: Boolean + description: | + If true requests to different hosts will be cached separately. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + - name: 'includeProtocol' + type: Boolean + description: | + If true, http and https requests will be cached separately. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + - name: 'includeQueryString' + type: Boolean + description: | + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + - name: 'queryStringBlacklist' + type: Array + description: | + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + is_set: true + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'queryStringWhitelist' + type: Array + description: | + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + is_set: true + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'includeHttpHeaders' + type: Array + description: | + Allows HTTP request headers (by name) to be used in the + cache key. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'includeNamedCookies' + type: Array + description: | + Names of cookies to include in cache keys. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_http_headers' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'signedUrlCacheMaxAgeSec' + type: Integer + description: | + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + at_least_one_of: + - 'cdn_policy.0.cache_key_policy' + - 'cdn_policy.0.signed_url_cache_max_age_sec' + default_value: 3600 + - name: 'defaultTtl' + type: Integer + description: | + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + default_from_api: true + - name: 'maxTtl' + type: Integer + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + default_from_api: true + - name: 'clientTtl' + type: Integer + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + default_from_api: true + - name: 'negativeCaching' + type: Boolean + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. + default_from_api: true + send_empty_value: true + - name: 'negativeCachingPolicy' + type: Array + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + item_type: + type: NestedObject + properties: + - name: 'code' + type: Integer + description: | + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + - name: 'ttl' + type: Integer + description: | + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + send_empty_value: true + - name: 'cacheMode' + type: Enum + description: | + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC + default_from_api: true + enum_values: + - 'USE_ORIGIN_HEADERS' + - 'FORCE_CACHE_ALL' + - 'CACHE_ALL_STATIC' + - name: 'serveWhileStale' + type: Integer + description: | + Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. + default_from_api: true + send_empty_value: true + - name: 'bypassCacheOnRequestHeaders' + type: Array + description: | + Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. + The cache is bypassed for all cdnPolicy.cacheMode settings. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The header field name to match on when bypassing cache. Values are case-insensitive. + required: true + - name: 'connectionDraining' + type: NestedObject + description: | + Settings for connection draining + flatten_object: true + properties: + - name: 'connection_draining_timeout_sec' + type: Integer + description: | + Time for which instance will be drained (not accept new + connections, but still work to finish started). + api_name: drainingTimeoutSec + default_value: 300 + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'customRequestHeaders' + type: Array + description: | + Headers that the HTTP/S load balancer should add to proxied + requests. + is_set: true + item_type: + type: String + - name: 'customResponseHeaders' + type: Array + description: | + Headers that the HTTP/S load balancer should add to proxied + responses. + is_set: true + item_type: + type: String + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'enableCDN' + type: Boolean + description: | + If true, enable Cloud CDN for this BackendService. + - name: 'healthChecks' + type: Array + description: | + The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource + for health checking this BackendService. Currently at most one health + check can be specified. + + A health check must be specified unless the backend service uses an internet + or serverless NEG as a backend. + + For internal load balancing, a URL to a HealthCheck resource must be specified instead. + is_set: true + set_hash_func: 'tpgresource.SelfLinkRelativePathHash' + custom_flatten: 'templates/terraform/custom_flatten/go/guard_self_link_array.go.tmpl' + item_type: + type: String + min_size: 1 + max_size: 1 + - name: 'generated_id' + type: Integer + description: + 'The unique identifier for the resource. This identifier is defined by the + server.' + api_name: id + output: true + - name: 'iap' + type: NestedObject + description: Settings for enabling Cloud Identity Aware Proxy + send_empty_value: true + properties: + - name: 'oauth2ClientId' + type: String + description: | + OAuth2 Client ID for IAP + required: true + - name: 'oauth2ClientSecret' + type: String + description: | + OAuth2 Client Secret for IAP + required: true + ignore_read: true + sensitive: true + send_empty_value: true + - name: 'oauth2ClientSecretSha256' + type: String + description: | + OAuth2 Client Secret SHA-256 for IAP + sensitive: true + output: true + - name: 'loadBalancingScheme' + type: Enum + description: | + Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). + immutable: true + default_value: "EXTERNAL" + enum_values: + - 'EXTERNAL' + - 'INTERNAL_SELF_MANAGED' + - 'INTERNAL_MANAGED' + - 'EXTERNAL_MANAGED' + - name: 'localityLbPolicy' + type: Enum + description: | + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * `ROUND_ROBIN`: This is a simple policy in which each healthy backend + is selected in round robin order. + + * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * `RING_HASH`: The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * `RANDOM`: The load balancer selects a random healthy host. + + * `ORIGINAL_DESTINATION`: Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * `WEIGHTED_MAGLEV`: Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. + enum_values: + - 'ROUND_ROBIN' + - 'LEAST_REQUEST' + - 'RING_HASH' + - 'RANDOM' + - 'ORIGINAL_DESTINATION' + - 'MAGLEV' + - 'WEIGHTED_MAGLEV' + - name: 'localityLbPolicies' + type: Array + description: | + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + item_type: + description: | + Container for either a built-in LB policy supported by gRPC or Envoy or + a custom one implemented by the end user. + type: NestedObject + properties: + - name: 'policy' + type: NestedObject + description: | + The configuration for a built-in load balancing policy. + exactly_one_of: + - 'policy' + - 'customPolicy' + properties: + - name: 'name' + type: Enum + description: | + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * `ROUND_ROBIN`: This is a simple policy in which each healthy backend + is selected in round robin order. + + * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * `RING_HASH`: The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * `RANDOM`: The load balancer selects a random healthy host. + + * `ORIGINAL_DESTINATION`: Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + required: true + enum_values: + - 'ROUND_ROBIN' + - 'LEAST_REQUEST' + - 'RING_HASH' + - 'RANDOM' + - 'ORIGINAL_DESTINATION' + - 'MAGLEV' + - name: 'customPolicy' + type: NestedObject + description: | + The configuration for a custom policy implemented by the user and + deployed with the client. + exactly_one_of: + - 'policy' + - 'customPolicy' + properties: + - name: 'name' + type: String + description: | + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + required: true + - name: 'data' + type: String + description: | + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'outlierDetection' + type: NestedObject + description: | + Settings controlling eviction of unhealthy hosts from the load balancing pool. + Applicable backend service types can be a global backend service with the + loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. + + From version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value. + Default values are enforce by GCP without providing them. + properties: + - name: 'baseEjectionTime' + type: NestedObject + description: | + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'consecutiveErrors' + type: Integer + description: | + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 5 + - name: 'consecutiveGatewayFailure' + type: Integer + description: | + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 5 + - name: 'enforcingConsecutiveErrors' + type: Integer + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 100 + - name: 'enforcingConsecutiveGatewayFailure' + type: Integer + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 0 + - name: 'enforcingSuccessRate' + type: Integer + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 100 + - name: 'interval' + type: NestedObject + description: | + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'maxEjectionPercent' + type: Integer + description: | + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 10 + - name: 'successRateMinimumHosts' + type: Integer + description: | + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 5 + - name: 'successRateRequestVolume' + type: Integer + description: | + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 100 + - name: 'successRateStdevFactor' + type: Integer + description: | + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + # 'port' is deprecated + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 1900 + - name: 'portName' + type: String + description: | + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + default_from_api: true + - name: 'protocol' + type: Enum + description: | + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. + default_from_api: true + enum_values: + - 'HTTP' + - 'HTTPS' + - 'HTTP2' + - 'TCP' + - 'SSL' + - 'GRPC' + - 'UNSPECIFIED' + - name: 'securityPolicy' + type: String + description: | + The security policy associated with this backend service. + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'edgeSecurityPolicy' + type: String + description: | + The resource URL for the edge security policy associated with this backend service. + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'securitySettings' + type: NestedObject + description: | + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + - name: 'clientTlsPolicy' + type: ResourceRef + description: | + ClientTlsPolicy is a resource that specifies how a client should authenticate + connections to backends of a service. This resource itself does not affect + configuration unless it is attached to a backend service resource. + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + resource: 'ClientTlsPolicy' + imports: 'name' + - name: 'subjectAltNames' + type: Array + description: | + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + item_type: + type: String + - name: 'awsV4Authentication' + type: NestedObject + description: | + The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. + Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. + properties: + - name: 'accessKeyId' + type: String + description: | + The identifier of an access key used for s3 bucket authentication. + - name: 'accessKey' + type: String + description: | + The access key used for s3 bucket authentication. + Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. + ignore_read: true + sensitive: true + send_empty_value: true + - name: 'accessKeyVersion' + type: String + description: | + The optional version identifier for the access key. You can use this to keep track of different iterations of your access key. + - name: 'originRegion' + type: String + description: | + The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. + For example, "us-east-1" for AWS or "us-ashburn-1" for OCI. + - name: 'sessionAffinity' + type: Enum + description: | + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. + default_from_api: true + enum_values: + - 'NONE' + - 'CLIENT_IP' + - 'CLIENT_IP_PORT_PROTO' + - 'CLIENT_IP_PROTO' + - 'GENERATED_COOKIE' + - 'HEADER_FIELD' + - 'HTTP_COOKIE' + - name: 'timeoutSec' + type: Integer + description: | + The backend service timeout has a different meaning depending on the type of load balancer. + For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). + The default is 30 seconds. + The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. + default_from_api: true + - name: 'logConfig' + type: NestedObject + description: | + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + default_from_api: true + properties: + - name: 'enable' + type: Boolean + description: | + Whether to enable logging for the load balancer traffic served by this backend service. + send_empty_value: true + at_least_one_of: + - 'log_config.0.enable' + - 'log_config.0.sample_rate' + - name: 'sampleRate' + type: Double + description: | + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + at_least_one_of: + - 'log_config.0.enable' + - 'log_config.0.sample_rate' + diff_suppress_func: 'suppressWhenDisabled' + default_value: 1.0 + - name: 'serviceLbPolicy' + type: String + description: | + URL to networkservices.ServiceLbPolicy resource. + Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global. diff --git a/mmv1/products/compute/go_BackendServiceSignedUrlKey.yaml b/mmv1/products/compute/go_BackendServiceSignedUrlKey.yaml new file mode 100644 index 000000000000..6878e0000f40 --- /dev/null +++ b/mmv1/products/compute/go_BackendServiceSignedUrlKey.yaml @@ -0,0 +1,99 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BackendServiceSignedUrlKey' +kind: 'compute#BackendServiceSignedUrlKey' +description: | + A key for signing Cloud CDN signed URLs for Backend Services. +references: + guides: + 'Using Signed URLs': 'https://cloud.google.com/cdn/docs/using-signed-urls/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/backendServices' +docs: +base_url: 'projects/{{project}}/global/backendServices/{{backend_service}}' +self_link: 'projects/{{project}}/global/backendServices/{{backend_service}}' +create_url: 'projects/{{project}}/global/backendServices/{{backend_service}}/addSignedUrlKey' +delete_url: 'projects/{{project}}/global/backendServices/{{backend_service}}/deleteSignedUrlKey?keyName={{name}}' +delete_verb: 'POST' +immutable: true +mutex: 'signedUrlKey/{{project}}/backendServices/{{backend_service}}/' +exclude_import: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - name +nested_query: + keys: + - cdnPolicy + - signedUrlKeyNames + is_list_of_ids: true + modify_by_patch: false +custom_code: +exclude_tgc: true +examples: + - name: 'backend_service_signed_url_key' + primary_resource_id: 'backend_key' + vars: + key_name: 'test-key' + backend_name: 'my-backend-service' + igm_name: 'my-webservers' + external_providers: ["random", "time"] + skip_test: true +parameters: + - name: 'backendService' + type: ResourceRef + description: | + The backend service this signed URL key belongs. + required: true + immutable: true + ignore_read: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'BackendService' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the signed URL key. + api_name: keyName + required: true + immutable: true + validation: + regex: '^(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)$' + - name: 'keyValue' + type: String + description: | + 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + required: true + immutable: true + ignore_read: true + sensitive: true diff --git a/mmv1/products/compute/go_Disk.yaml b/mmv1/products/compute/go_Disk.yaml new file mode 100644 index 000000000000..5ec50f06b5a8 --- /dev/null +++ b/mmv1/products/compute/go_Disk.yaml @@ -0,0 +1,505 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Disk' +kind: 'compute#disk' +description: | + Persistent disks are durable storage devices that function similarly to + the physical disks in a desktop or a server. Compute Engine manages the + hardware behind these devices to ensure data redundancy and optimize + performance for you. Persistent disks are available as either standard + hard disk drives (HDD) or solid-state drives (SSD). + + Persistent disks are located independently from your virtual machine + instances, so you can detach or move persistent disks to keep your data + even after you delete your instances. Persistent disk performance scales + automatically with size, so you can resize your existing persistent disks + or add more persistent disks to an instance to meet your performance and + storage space requirements. + + Add a persistent disk to your instance when you need reliable and + affordable storage with consistent performance characteristics. +references: + guides: + 'Adding a persistent disk': 'https://cloud.google.com/compute/docs/disks/add-persistent-disk' + api: 'https://cloud.google.com/compute/docs/reference/v1/disks' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/disks' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/zones/{{zone}}/disks/{{name}}' + - '{{name}}' +custom_code: + constants: 'templates/terraform/constants/go/disk.tmpl' + encoder: 'templates/terraform/encoders/go/disk.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/hyper_disk.go.tmpl' + decoder: 'templates/terraform/decoders/go/disk.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/detach_disk.tmpl' +custom_diff: + - 'customdiff.ForceNewIfChange("size", IsDiskShrinkage)' + - 'hyperDiskIopsUpdateDiffSupress' +examples: + - name: 'disk_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'test-disk' + - name: 'disk_async' + primary_resource_id: 'primary' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'async-test-disk' + secondary_disk_name: 'async-secondary-test-disk' + - name: 'disk_features' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-test-disk%s", context["random_suffix"])' + vars: + disk_name: 'test-disk-features' +parameters: + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the disk resides.' + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' + - name: 'sourceImageEncryptionKey' + type: NestedObject + description: | + The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + immutable: true + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - name: 'kmsKeySelfLink' + type: String + description: | + The self link of the encryption key used to encrypt the disk. Also called KmsKeyName + in the cloud console. Your project's Compute Engine System service account + (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have + `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + api_name: kmsKeyName + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + - name: 'sourceImageId' + type: String + description: | + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + output: true + - name: 'diskEncryptionKey' + type: NestedObject + description: | + Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + immutable: true + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + sensitive: true + - name: 'rsaEncryptedKey' + type: String + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. + sensitive: true + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - name: 'kmsKeySelfLink' + type: String + description: | + The self link of the encryption key used to encrypt the disk. Also called KmsKeyName + in the cloud console. Your project's Compute Engine System service account + (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have + `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + api_name: kmsKeyName + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + - name: 'snapshot' + type: ResourceRef + description: | + The source snapshot used to create this disk. You can provide this as + a partial or full URL to the resource. If the snapshot is in another + project than this disk, you must supply a full URL. For example, the + following are valid values: + + * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` + * `projects/project/global/snapshots/snapshot` + * `global/snapshots/snapshot` + * `snapshot` + api_name: sourceSnapshot + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Snapshot' + imports: 'selfLink' + - name: 'sourceSnapshotEncryptionKey' + type: NestedObject + description: | + The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + immutable: true + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + - name: 'kmsKeySelfLink' + type: String + description: | + The self link of the encryption key used to encrypt the disk. Also called KmsKeyName + in the cloud console. Your project's Compute Engine System service account + (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have + `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + api_name: kmsKeyName + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + - name: 'sourceSnapshotId' + type: String + description: | + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + output: true +properties: + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'lastAttachTimestamp' + type: Time + description: 'Last attach timestamp in RFC3339 text format.' + output: true + - name: 'lastDetachTimestamp' + type: Time + description: 'Last detach timestamp in RFC3339 text format.' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this disk. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/setLabels' + update_verb: 'POST' + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'size' + type: Integer + description: | + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the `image` or + `snapshot` parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with `image` or `snapshot`, + the value must not be less than the size of the image + or the size of the snapshot. + + ~>**NOTE** If you change the size, Terraform updates the disk size + if upsizing is detected but recreates the disk if downsizing is requested. + You can add `lifecycle.prevent_destroy` in the config to prevent destroying + and recreating. + api_name: sizeGb + default_from_api: true + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/resize' + update_verb: 'POST' + - name: 'users' + type: Array + description: | + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance + output: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'user' + type: ResourceRef + description: 'A reference to a user of this disk' + resource: 'Instance' + imports: 'selfLink' + - name: 'physicalBlockSizeBytes' + type: Integer + description: | + Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + default_from_api: true + - name: 'interface' + type: String + description: | + Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. + min_version: 'beta' + url_param_only: true + diff_suppress_func: 'AlwaysDiffSuppress' + default_value: "SCSI" + deprecation_message: '`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.' + - name: 'sourceDisk' + type: String + description: | + The source disk used to create this disk. You can provide this as a partial or full URL to the resource. + For example, the following are valid values: + + * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk} + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk} + * projects/{project}/zones/{zone}/disks/{disk} + * projects/{project}/regions/{region}/disks/{disk} + * zones/{zone}/disks/{disk} + * regions/{region}/disks/{disk} + diff_suppress_func: 'sourceDiskDiffSupress' + - name: 'sourceDiskId' + type: String + description: | + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + output: true + - name: 'DiskId' + type: String + description: | + The unique identifier for the resource. This identifier is defined by the server. + api_name: id + output: true + - name: 'type' + type: ResourceRef + description: | + URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + diff_suppress_func: 'tpgresource.CompareResourceNames' + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + default_value: "pd-standard" + resource: 'DiskType' + imports: 'selfLink' + - name: 'image' + type: String + description: | + The image from which to initialize this disk. This can be + one of: the image's `self_link`, `projects/{project}/global/images/{image}`, + `projects/{project}/global/images/family/{family}`, `global/images/{image}`, + `global/images/family/{family}`, `family/{family}`, `{project}/{family}`, + `{project}/{image}`, `{family}`, or `{image}`. If referred by family, the + images names must include the family name. If they don't, use the + [google_compute_image data source](/docs/providers/google/d/compute_image.html). + For instance, the image `centos-6-v20180104` includes its family name `centos-6`. + These images can be referred by family name here. + api_name: sourceImage + immutable: true + diff_suppress_func: 'DiskImageDiffSuppress' + - name: 'resourcePolicies' + type: Array + description: | + Resource policies applied to this disk for automatic snapshot creations. + + ~>**NOTE** This value does not support updating the + resource policy, as resource policies can not be updated more than + one at a time. Use + [`google_compute_disk_resource_policy_attachment`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk_resource_policy_attachment) + to allow for updating the resource policy attached to the disk. + min_version: 'beta' + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'resourcePolicy' + type: ResourceRef + description: + 'A resource policy applied to this disk for automatic snapshot + creations.' + resource: 'ResourcePolicy' + imports: 'selfLink' + - name: 'enableConfidentialCompute' + type: Boolean + description: | + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true + required: false + default_from_api: true + - name: 'multiWriter' + type: Boolean + description: | + Indicates whether or not the disk can be read/write attached to more than one instance. + min_version: 'beta' + - name: 'provisionedIops' + type: Integer + description: | + Indicates how many IOPS must be provisioned for the disk. + Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk + allows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it + required: false + default_from_api: true + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}?paths=provisionedIops' + update_verb: 'PATCH' + - name: 'provisionedThroughput' + type: Integer + description: | + Indicates how much Throughput must be provisioned for the disk. + Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk + allows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it + default_from_api: true + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}?paths=provisionedThroughput' + update_verb: 'PATCH' + - name: 'asyncPrimaryDisk' + type: NestedObject + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + properties: + - name: 'disk' + type: String + description: | + Primary disk for asynchronous disk replication. + required: true + - name: 'guestOsFeatures' + type: Array + description: | + A list of features to enable on the guest operating system. + Applicable only for bootable disks. + is_set: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: String + description: | + The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. + required: true + - name: 'licenses' + type: Array + description: Any applicable license URI. + immutable: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'license' + type: ResourceRef + description: 'An applicable license URI' + resource: 'License' + imports: 'selfLink' + - name: 'storagePool' + type: String + description: | + The URL of the storage pool in which the new disk is created. + For example: + * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/storagePools/{storagePool} + * /projects/{project}/zones/{zone}/storagePools/{storagePool} + required: false + immutable: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' diff --git a/mmv1/products/compute/go_DiskResourcePolicyAttachment.yaml b/mmv1/products/compute/go_DiskResourcePolicyAttachment.yaml new file mode 100644 index 000000000000..b5e5fa203277 --- /dev/null +++ b/mmv1/products/compute/go_DiskResourcePolicyAttachment.yaml @@ -0,0 +1,89 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DiskResourcePolicyAttachment' +description: | + Adds existing resource policies to a disk. You can only add one policy + which will be applied to this disk for scheduling snapshot creation. + + ~> **Note:** This resource does not support regional disks (`google_compute_region_disk`). For regional disks, please refer to [`google_compute_region_disk_resource_policy_attachment`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_disk_resource_policy_attachment) +docs: +id_format: '{{project}}/{{zone}}/{{disk}}/{{name}}' +base_url: 'projects/{{project}}/zones/{{zone}}/disks/{{disk}}' +self_link: 'projects/{{project}}/zones/{{zone}}/disks/{{disk}}' +create_url: 'projects/{{project}}/zones/{{zone}}/disks/{{disk}}/addResourcePolicies' +delete_url: 'projects/{{project}}/zones/{{zone}}/disks/{{disk}}/removeResourcePolicies' +delete_verb: 'POST' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - name +nested_query: + keys: + - resourcePolicies + is_list_of_ids: true + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_disk_resource_policies_attachment.go.tmpl' + decoder: 'templates/terraform/decoders/go/compute_disk_resource_policies_attachment.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_disk_resource_policies_attachment.go.tmpl' +examples: + - name: 'disk_resource_policy_attachment_basic' + primary_resource_id: 'attachment' + vars: + disk_name: 'my-disk' + policy_name: 'my-resource-policy' +parameters: + - name: 'disk' + type: ResourceRef + description: | + The name of the disk in which the resource policies are attached to. + url_param_only: true + required: true + resource: 'Disk' + imports: 'name' + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the disk resides.' + url_param_only: true + required: false + ignore_read: true + default_from_api: true + resource: 'Zone' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The resource policy to be attached to the disk for scheduling snapshot + creation. Do not specify the self link. + required: true diff --git a/mmv1/products/compute/go_DiskType.yaml b/mmv1/products/compute/go_DiskType.yaml new file mode 100644 index 000000000000..ca11c8ebb5d0 --- /dev/null +++ b/mmv1/products/compute/go_DiskType.yaml @@ -0,0 +1,114 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DiskType' +kind: 'compute#diskType' +description: | + Represents a DiskType resource. A DiskType resource represents the type + of disk to use, such as a pd-ssd, pd-balanced or pd-standard. To reference a disk + type, use the disk type's full or partial URL. +# TODO(nelsonjr): Temporarily make DiskType virtual so no tests gets +# triggered for create. Implement support for read only objects, and delete +# the virtual tag +# | readonly: true +exclude: true +readonly: true +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/diskTypes' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +custom_code: +parameters: + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the disk type resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'defaultDiskSizeGb' + type: Integer + description: 'Server-defined default disk size in GB.' + output: true + - name: 'deprecated' + type: NestedObject + description: 'The deprecation status associated with this disk type.' + output: true + properties: + - name: 'deleted' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DELETED. + output: true + - name: 'deprecated' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DEPRECATED. + output: true + - name: 'obsolete' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to OBSOLETE. + output: true + - name: 'replacement' + type: String + description: | + The URL of the suggested replacement for a deprecated resource. The + suggested replacement resource must be the same kind of resource as + the deprecated resource. + output: true + - name: 'state' + type: Enum + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource using a + DEPRECATED resource will return successfully, but with a warning + indicating the deprecated resource and recommending its replacement. + Operations which use OBSOLETE or DELETED resources will be rejected + and result in an error. + output: true + enum_values: + - 'DEPRECATED' + - 'OBSOLETE' + - 'DELETED' + - name: 'description' + type: String + description: 'An optional description of this resource.' + output: true + - name: 'id' + type: Integer + description: 'The unique identifier for the resource.' + output: true + - name: 'name' + type: String + description: 'Name of the resource.' + - name: 'validDiskSize' + type: String + description: | + An optional textual description of the valid disk size, such as + "10GB-10TB". + output: true diff --git a/mmv1/products/compute/go_ExternalVpnGateway.yaml b/mmv1/products/compute/go_ExternalVpnGateway.yaml new file mode 100644 index 000000000000..ecf9d2d84dee --- /dev/null +++ b/mmv1/products/compute/go_ExternalVpnGateway.yaml @@ -0,0 +1,124 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ExternalVpnGateway' +kind: 'compute#externalVpnGateway' +description: | + Represents a VPN gateway managed outside of GCP. +references: + guides: + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/externalVpnGateways' +docs: +base_url: 'projects/{{project}}/global/externalVpnGateways' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'external_vpn_gateway' + primary_resource_id: 'external_gateway' + vars: + ha_vpn_gateway_name: 'ha-vpn' + network_name: 'network-1' + external_gateway_name: 'external-gateway' + global_address_name: 'global-address' + router_name: 'ha-vpn-router1' + skip_vcr: true + - name: 'only_external_vpn_gateway_full' + primary_resource_id: 'external_gateway' + vars: + external_gateway_name: 'external-gateway' + skip_docs: true +parameters: +properties: + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'labels' + type: KeyValueLabels + description: 'Labels for the external VPN gateway resource.' + immutable: false + update_url: 'projects/{{project}}/global/externalVpnGateways/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/global/externalVpnGateways/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - name: 'redundancyType' + type: Enum + description: | + Indicates the redundancy type of this external VPN gateway + enum_values: + - 'FOUR_IPS_REDUNDANCY' + - 'SINGLE_IP_INTERNALLY_REDUNDANT' + - 'TWO_IPS_REDUNDANCY' + - name: 'interface' + type: Array + description: | + A list of interfaces on this external VPN gateway. + api_name: interfaces + item_type: + type: NestedObject + properties: + - name: 'id' + type: Integer + description: | + The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * `0 - SINGLE_IP_INTERNALLY_REDUNDANT` + * `0, 1 - TWO_IPS_REDUNDANCY` + * `0, 1, 2, 3 - FOUR_IPS_REDUNDANCY` + send_empty_value: true + - name: 'ipAddress' + type: String + description: | + IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. diff --git a/mmv1/products/compute/go_Firewall.yaml b/mmv1/products/compute/go_Firewall.yaml new file mode 100644 index 000000000000..6deaee15a1ae --- /dev/null +++ b/mmv1/products/compute/go_Firewall.yaml @@ -0,0 +1,333 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Firewall' +kind: 'compute#firewall' +description: | + Each network has its own firewall controlling access to and from the + instances. + + All traffic to instances, even from other instances, is blocked by the + firewall unless firewall rules are created to allow it. + + The default network has automatically created firewall rules that are + shown in default firewall rules. No manually created network has + automatically created firewall rules except for a default "allow" rule for + outgoing traffic and a default "deny" for incoming traffic. For all + networks except the default network, you must create any firewall rules + you need. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/firewalls' + api: 'https://cloud.google.com/compute/docs/reference/v1/firewalls' +docs: + optional_properties: | + * `enable_logging` - (Optional, Deprecated) This field denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. Deprecated in favor of `log_config` +base_url: 'projects/{{project}}/global/firewalls' +has_self_link: true +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/firewall.tmpl' + constants: 'templates/terraform/constants/go/firewall.tmpl' +custom_diff: + - 'resourceComputeFirewallEnableLoggingCustomizeDiff' + - 'resourceComputeFirewallSourceFieldsCustomizeDiff' +schema_version: 1 +migrate_state: 'resourceComputeFirewallMigrateState' +examples: + - name: 'firewall_basic' + primary_resource_id: 'default' + vars: + firewall_name: 'test-firewall' + network_name: 'test-network' + - name: 'firewall_with_target_tags' + primary_resource_id: 'rules' + vars: + firewall_name: 'my-firewall-rule' + test_env_vars: + project: 'PROJECT_NAME' +parameters: +properties: + - name: 'allow' + type: Array + description: | + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + api_name: allowed + is_set: true + exactly_one_of: + - 'allow' + - 'deny' + set_hash_func: 'resourceComputeFirewallRuleHash' + item_type: + type: NestedObject + properties: + - name: 'protocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + api_name: IPProtocol + required: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + item_type: + type: String + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'deny' + type: Array + description: | + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + api_name: denied + is_set: true + exactly_one_of: + - 'allow' + - 'deny' + set_hash_func: 'resourceComputeFirewallRuleHash' + item_type: + type: NestedObject + properties: + - name: 'protocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + api_name: IPProtocol + required: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + item_type: + type: String + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + send_empty_value: true + - name: 'destinationRanges' + type: Array + description: | + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + is_set: true + default_from_api: true + item_type: + type: String + - name: 'direction' + type: Enum + description: | + Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, one of `source_ranges`, + `source_tags` or `source_service_accounts` is required. + immutable: true + default_from_api: true + enum_values: + - 'INGRESS' + - 'EGRESS' + - name: 'disabled' + type: Boolean + description: | + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + send_empty_value: true + - name: 'logConfig' + type: NestedObject + description: | + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + send_empty_value: true + diff_suppress_func: 'diffSuppressEnableLogging' + custom_flatten: 'templates/terraform/custom_flatten/go/firewall_log_config.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/firewall_log_config.go.tmpl' + properties: + - name: 'metadata' + type: Enum + description: | + This field denotes whether to include or exclude metadata for firewall logs. + required: true + enum_values: + - 'EXCLUDE_ALL_METADATA' + - 'INCLUDE_ALL_METADATA' + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' + - name: 'network' + type: ResourceRef + description: | + The name or self_link of the network to attach this firewall to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'priority' + type: Integer + description: | + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + send_empty_value: true + validation: + function: 'validation.IntBetween(0, 65535)' + default_value: 1000 + - name: 'sourceRanges' + type: Array + description: | + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + `source_ranges`, `source_tags` or `source_service_accounts` is required. + is_set: true + diff_suppress_func: 'diffSuppressSourceRanges' + item_type: + type: String + - name: 'sourceServiceAccounts' + type: Array + description: | + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. For INGRESS traffic, + one of `source_ranges`, `source_tags` or `source_service_accounts` is required. + is_set: true + conflicts: + - source_tags + - target_tags + item_type: + type: String + max_size: 10 + - name: 'sourceTags' + type: Array + description: | + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of `source_ranges`, `source_tags` or `source_service_accounts` is required. + is_set: true + conflicts: + - source_service_accounts + - target_service_accounts + item_type: + type: String + - name: 'targetServiceAccounts' + type: Array + description: | + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + is_set: true + conflicts: + - source_tags + - target_tags + item_type: + type: String + max_size: 10 + - name: 'targetTags' + type: Array + description: | + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + is_set: true + conflicts: + - source_service_accounts + - target_service_accounts + item_type: + type: String diff --git a/mmv1/products/compute/go_ForwardingRule.yaml b/mmv1/products/compute/go_ForwardingRule.yaml new file mode 100644 index 000000000000..73f1a57d54f0 --- /dev/null +++ b/mmv1/products/compute/go_ForwardingRule.yaml @@ -0,0 +1,649 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ForwardingRule' +kind: 'compute#forwardingRule' +description: | + A ForwardingRule resource. A ForwardingRule resource specifies which pool + of target virtual machines to forward a packet to if it matches the given + [IPAddress, IPProtocol, portRange] tuple. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules' + api: 'https://cloud.google.com/compute/docs/reference/v1/forwardingRules' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/forwardingRules' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/compute_forwarding_rule.go.tmpl' + post_create: 'templates/terraform/post_create/go/labels.tmpl' +custom_diff: + - 'forwardingRuleCustomizeDiff' +legacy_long_form_project: true +examples: + - name: 'internal_http_lb_with_mig_backend' + primary_resource_id: 'google_compute_forwarding_rule' + min_version: 'beta' + vars: + ilb_network_name: 'l7-ilb-network' + proxy_subnet_name: 'l7-ilb-proxy-subnet' + backend_subnet_name: 'l7-ilb-subnet' + forwarding_rule_name: 'l7-ilb-forwarding-rule' + target_http_proxy_name: 'l7-ilb-target-http-proxy' + regional_url_map_name: 'l7-ilb-regional-url-map' + backend_service_name: 'l7-ilb-backend-subnet' + mig_template_name: 'l7-ilb-mig-template' + hc_name: 'l7-ilb-hc' + mig_name: 'l7-ilb-mig1' + fw_allow_iap_hc_name: 'l7-ilb-fw-allow-iap-hc' + fw_allow_ilb_to_backends_name: 'l7-ilb-fw-allow-ilb-to-backends' + vm_test_name: 'l7-ilb-test-vm' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'internal_tcp_udp_lb_with_mig_backend' + primary_resource_id: 'google_compute_forwarding_rule' + min_version: 'beta' + vars: + ilb_network_name: 'l4-ilb-network' + backend_subnet_name: 'l4-ilb-subnet' + forwarding_rule_name: 'l4-ilb-forwarding-rule' + backend_service_name: 'l4-ilb-backend-subnet' + mig_template_name: 'l4-ilb-mig-template' + hc_name: 'l4-ilb-hc' + mig_name: 'l4-ilb-mig1' + fw_allow_hc_name: 'l4-ilb-fw-allow-hc' + fw_allow_ilb_to_backends_name: 'l4-ilb-fw-allow-ilb-to-backends' + fw_allow_ilb_ssh_name: 'l4-ilb-fw-ssh' + vm_test_name: 'l4-ilb-test-vm' + - name: 'forwarding_rule_externallb' + primary_resource_id: 'default' + min_version: 'beta' + vars: + forwarding_rule_name: 'website-forwarding-rule' + backend_name: 'website-backend' + network_name: 'website-net' + ignore_read_extra: + - 'port_range' + - name: 'forwarding_rule_global_internallb' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'website-forwarding-rule' + backend_name: 'website-backend' + network_name: 'website-net' + - name: 'forwarding_rule_basic' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'website-forwarding-rule' + target_pool_name: 'website-target-pool' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'forwarding_rule_l3_default' + primary_resource_id: 'fwd_rule' + min_version: 'beta' + vars: + forwarding_rule_name: 'l3-forwarding-rule' + service_name: 'service' + health_check_name: 'health-check' + - name: 'forwarding_rule_internallb' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'website-forwarding-rule' + backend_name: 'website-backend' + network_name: 'website-net' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'forwarding_rule_http_lb' + primary_resource_id: 'default' + min_version: 'beta' + vars: + forwarding_rule_name: 'website-forwarding-rule' + region_target_http_proxy_name: 'website-proxy' + region_url_map_name: 'website-map' + region_backend_service_name: 'website-backend' + region_health_check_name: 'website-hc' + rigm_name: 'website-rigm' + network_name: 'website-net' + fw_name: 'website-fw' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'forwarding_rule_regional_http_xlb' + primary_resource_id: 'default' + min_version: 'beta' + vars: + forwarding_rule_name: 'website-forwarding-rule' + region_target_http_proxy_name: 'website-proxy' + region_url_map_name: 'website-map' + region_backend_service_name: 'website-backend' + region_health_check_name: 'website-hc' + rigm_name: 'website-rigm' + network_name: 'website-net' + fw_name: 'website-fw' + ip_name: 'website-ip' + ignore_read_extra: + - 'port_range' + - 'target' + - 'ip_address' + - name: 'forwarding_rule_vpc_psc' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'psc-endpoint' + consumer_network_name: 'consumer-net' + ip_name: 'website-ip' + producer_network_name: 'producer-net' + producer_psc_network_name: 'producer-psc-net' + service_attachment_name: 'producer-service' + producer_forwarding_rule_name: 'producer-forwarding-rule' + producer_backend_name: 'producer-service-backend' + producer_healthcheck_name: 'producer-service-health-check' + ignore_read_extra: + - 'port_range' + - 'target' + - 'ip_address' + - name: 'forwarding_rule_vpc_psc_no_automate_dns' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'psc-endpoint' + consumer_network_name: 'consumer-net' + ip_name: 'website-ip' + producer_network_name: 'producer-net' + producer_psc_network_name: 'producer-psc-net' + service_attachment_name: 'producer-service' + producer_forwarding_rule_name: 'producer-forwarding-rule' + producer_backend_name: 'producer-service-backend' + producer_healthcheck_name: 'producer-service-health-check' + ignore_read_extra: + - 'port_range' + - 'target' + - 'ip_address' + - name: 'forwarding_rule_regional_steering' + primary_resource_id: 'steering' + vars: + forwarding_rule_name: 'steering-rule' + ip_name: 'website-ip' + backend_name: 'service-backend' + external_forwarding_rule_name: 'external-forwarding-rule' + - name: 'forwarding_rule_internallb_ipv6' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'ilb-ipv6-forwarding-rule' + backend_name: 'ilb-ipv6-backend' + network_name: 'net-ipv6' + subnet_name: 'subnet-internal-ipv6' + ignore_read_extra: + - 'port_range' + - 'target' +virtual_fields: + - name: 'recreate_closed_psc' + description: + This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed + type: Boolean + default_value: false +parameters: + - name: 'region' + type: ResourceRef + description: | + A reference to the region where the regional forwarding rule resides. + + This field is not applicable to global forwarding rules. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'isMirroringCollector' + type: Boolean + description: | + Indicates whether or not this load balancer can be used as a collector for + packet mirroring. To prevent mirroring loops, instances behind this + load balancer will not have their traffic mirrored even if a + `PacketMirroring` rule applies to them. + + This can only be set to true for load balancers that have their + `loadBalancingScheme` set to `INTERNAL`. + - name: 'pscConnectionId' + type: String + description: 'The PSC connection id of the PSC Forwarding Rule.' + output: true + - name: 'pscConnectionStatus' + type: String + description: + 'The PSC connection status of the PSC Forwarding Rule. Possible values: + `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED`' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + # This is a multi-resource resource reference (Address, GlobalAddress) + - name: 'IPAddress' + type: String + description: | + IP address for which this forwarding rule accepts traffic. When a client + sends traffic to this IP address, the forwarding rule directs the traffic + to the referenced `target` or `backendService`. + + While creating a forwarding rule, specifying an `IPAddress` is + required under the following circumstances: + + * When the `target` is set to `targetGrpcProxy` and + `validateForProxyless` is set to `true`, the + `IPAddress` should be set to `0.0.0.0`. + * When the `target` is a Private Service Connect Google APIs + bundle, you must specify an `IPAddress`. + + Otherwise, you can optionally specify an IP address that references an + existing static (reserved) IP address resource. When omitted, Google Cloud + assigns an ephemeral IP address. + + Use one of the following formats to specify an IP address while creating a + forwarding rule: + + * IP address number, as in `100.1.2.3` + * IPv6 address range, as in `2600:1234::/96` + * Full resource URL, as in + `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` + * Partial URL or by name, as in: + * `projects/project_id/regions/region/addresses/address-name` + * `regions/region/addresses/address-name` + * `global/addresses/address-name` + * `address-name` + + The forwarding rule's `target` or `backendService`, + and in most cases, also the `loadBalancingScheme`, determine the + type of IP address that you can use. For detailed information, see + [IP address + specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). + + When reading an `IPAddress`, the API always returns the IP + address number. + default_from_api: true + diff_suppress_func: 'InternalIpDiffSuppress' + - name: 'IPProtocol' + type: Enum + description: | + The IP protocol to which this rule applies. + + For protocol forwarding, valid + options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP`, `ICMP` and + `L3_DEFAULT`. + + The valid IP protocols are different for different load balancing products + as described in [Load balancing + features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). + + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. + default_from_api: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + enum_values: + - 'TCP' + - 'UDP' + - 'ESP' + - 'AH' + - 'SCTP' + - 'ICMP' + - 'L3_DEFAULT' + - name: 'backendService' + type: ResourceRef + description: | + Identifies the backend service to which the forwarding rule sends traffic. + + Required for Internal TCP/UDP Load Balancing and Network Load Balancing; + must be omitted for all other load balancer types. + custom_expand: 'templates/terraform/custom_expand/go/self_link_from_name.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'loadBalancingScheme' + type: Enum + description: | + Specifies the forwarding rule type. + + For more information about forwarding rules, refer to + [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). + default_value: "EXTERNAL" + enum_values: + - 'EXTERNAL' + - 'EXTERNAL_MANAGED' + - 'INTERNAL' + - 'INTERNAL_MANAGED' + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-63 characters long, and comply with + [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + + Specifically, the name must be 1-63 characters long and match the regular + expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first + character must be a lowercase letter, and all following characters must + be a dash, lowercase letter, or digit, except the last character, which + cannot be a dash. + + For Private Service Connect forwarding rules that forward traffic to Google + APIs, the forwarding rule name must be a 1-20 characters string with + lowercase letters and numbers and must start with a letter. + required: true + - name: 'network' + type: ResourceRef + description: | + This field is not used for external load balancing. + + For Internal TCP/UDP Load Balancing, this field identifies the network that + the load balanced IP should belong to for this Forwarding Rule. + If the subnetwork is specified, the network of the subnetwork will be used. + If neither subnetwork nor this field is specified, the default network will + be used. + + For Private Service Connect forwarding rules that forward traffic to Google + APIs, a network must be provided. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'portRange' + type: String + description: | + The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + + The `portRange` field has the following limitations: + * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, + and + * It's applicable only to the following products: external passthrough + Network Load Balancers, internal and external proxy Network Load + Balancers, internal and external Application Load Balancers, external + protocol forwarding, and Classic VPN. + * Some products have restrictions on what ports can be used. See + [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) + for details. + + For external forwarding rules, two or more forwarding rules cannot use the + same `[IPAddress, IPProtocol]` pair, and cannot have overlapping + `portRange`s. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and + cannot have overlapping `portRange`s. + + @pattern: \d+(?:-\d+)? + default_from_api: true + diff_suppress_func: 'PortRangeDiffSuppress' + - name: 'ports' + type: Array + description: | + The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + + The `ports` field has the following limitations: + * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, + and + * It's applicable only to the following products: internal passthrough + Network Load Balancers, backend service-based external passthrough Network + Load Balancers, and internal protocol forwarding. + * You can specify a list of up to five ports by number, separated by + commas. The ports can be contiguous or discontiguous. + + For external forwarding rules, two or more forwarding rules cannot use the + same `[IPAddress, IPProtocol]` pair if they share at least one port + number. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair if + they share at least one port number. + + @pattern: \d+(?:-\d+)? + is_set: true + custom_expand: 'templates/terraform/custom_expand/go/set_to_list.tmpl' + item_type: + type: String + max_size: 5 + - name: 'subnetwork' + type: ResourceRef + description: | + This field identifies the subnetwork that the load balanced IP should + belong to for this Forwarding Rule, used in internal load balancing and + network load balancing with IPv6. + + If the network specified is in auto subnet mode, this field is optional. + However, a subnetwork must be specified if the network is in custom subnet + mode or when creating external forwarding rule with IPv6. + # This is a multi-resource resource reference (TargetHttp(s)Proxy, + # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, + # TargetInstance) + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'target' + type: String + description: | + The URL of the target resource to receive the matched traffic. For + regional forwarding rules, this target must be in the same region as the + forwarding rule. For global forwarding rules, this target must be a global + load balancing resource. + + The forwarded traffic must be of a type appropriate to the target object. + * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). + * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: + * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). + * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). + + For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setTarget' + update_verb: 'POST' + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + custom_expand: 'templates/terraform/custom_expand/go/self_link_from_name.tmpl' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'allowGlobalAccess' + type: Boolean + description: | + This field is used along with the `backend_service` field for + internal load balancing or with the `target` field for internal + TargetInstance. + + If the field is set to `TRUE`, clients can access ILB from all + regions. + + Otherwise only allows access from clients in the same region as the + internal load balancer. + send_empty_value: true + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}' + update_verb: 'PATCH' + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this forwarding rule. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' + update_verb: 'POST' + - name: 'allPorts' + type: Boolean + description: | + The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. + Only packets addressed to ports in the specified range will be forwarded + to the backends configured with this forwarding rule. + + The `allPorts` field has the following limitations: + * It requires that the forwarding rule `IPProtocol` be TCP, UDP, SCTP, or + L3_DEFAULT. + * It's applicable only to the following products: internal passthrough + Network Load Balancers, backend service-based external passthrough Network + Load Balancers, and internal and external protocol forwarding. + * Set this field to true to allow packets addressed to any port or packets + lacking destination port information (for example, UDP fragments after the + first fragment) to be forwarded to the backends configured with this + forwarding rule. The L3_DEFAULT protocol requires `allPorts` be set to + true. + - name: 'networkTier' + type: Enum + description: | + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + immutable: true + default_from_api: true + enum_values: + - 'PREMIUM' + - 'STANDARD' + - name: 'serviceDirectoryRegistrations' + type: Array + description: | + Service Directory resources to register this forwarding rule with. + + Currently, only supports a single Service Directory resource. + immutable: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'namespace' + type: String + description: | + Service Directory namespace to register the forwarding rule under. + immutable: true + default_from_api: true + - name: 'service' + type: String + description: | + Service Directory service to register the forwarding rule under. + immutable: true + min_size: 0 + max_size: 1 + - name: 'serviceLabel' + type: String + description: | + An optional prefix to the service name for this Forwarding Rule. + If specified, will be the first label of the fully qualified service + name. + + The label must be 1-63 characters long, and comply with RFC1035. + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first + character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + This field is only used for INTERNAL load balancing. + validation: + function: 'verify.ValidateGCEName' + - name: 'serviceName' + type: String + description: | + The internal fully qualified service name for this Forwarding Rule. + + This field is only used for INTERNAL load balancing. + output: true + - name: 'sourceIpRanges' + type: Array + description: + If not empty, this Forwarding Rule will only forward the traffic when the + source IP address matches one of the IP addresses or CIDR ranges set here. + Note that a Forwarding Rule can only have up to 64 source IP ranges, and + this field can only be used with a regional Forwarding Rule whose scheme + is EXTERNAL. Each sourceIpRange entry should be either an IP address (for + example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). + immutable: true + item_type: + type: String + - name: 'baseForwardingRule' + type: String + description: + '[Output Only] The URL for the corresponding base Forwarding Rule. By base + Forwarding Rule, we mean the Forwarding Rule that has the same IP address, + protocol, and port settings with the current Forwarding Rule, but without + sourceIPRanges specified. Always empty if the current Forwarding Rule does + not have sourceIPRanges specified.' + output: true + - name: 'allowPscGlobalAccess' + type: Boolean + description: + This is used in PSC consumer ForwardingRule to control whether the PSC + endpoint can be accessed from another region. + send_empty_value: true + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}' + update_verb: 'PATCH' + update_id: 'allowPscGlobalAccess' + fingerprint_name: 'fingerprint' + - name: 'noAutomateDnsZone' + type: Boolean + description: + This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. + Non-PSC forwarding rules do not use this field. + immutable: true + ignore_read: true + send_empty_value: true + - name: 'ipVersion' + type: Enum + description: | + The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + + If not set, the IPv4 address will be used by default. + immutable: true + default_from_api: true + enum_values: + - 'IPV4' + - 'IPV6' diff --git a/mmv1/products/compute/go_GlobalAddress.yaml b/mmv1/products/compute/go_GlobalAddress.yaml new file mode 100644 index 000000000000..283f3e10064f --- /dev/null +++ b/mmv1/products/compute/go_GlobalAddress.yaml @@ -0,0 +1,155 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'GlobalAddress' +kind: 'compute#address' +description: | + Represents a Global Address resource. Global addresses are used for + HTTP(S) load balancing. +references: + guides: + 'Reserving a Static External IP Address': 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address' + api: 'https://cloud.google.com/compute/docs/reference/v1/globalAddresses' +docs: +base_url: 'projects/{{project}}/global/addresses' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + pre_create: 'templates/terraform/pre_create/go/compute_global_address.go.tmpl' + post_create: 'templates/terraform/post_create/go/labels.tmpl' +examples: + - name: 'global_address_basic' + primary_resource_id: 'default' + vars: + global_address_name: 'global-appserver-ip' + - name: 'global_address_private_services_connect' + primary_resource_id: 'default' + min_version: 'beta' + vars: + global_address_name: 'global-psconnect-ip' + network_name: 'my-network-name' +parameters: +properties: + - name: 'address' + type: String + description: | + The IP address or beginning of the address range represented by this + resource. This can be supplied as an input to reserve a specific + address or omitted to allow GCP to choose a valid one for you. + default_from_api: true + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this address. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + min_version: 'beta' + output: true + update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'ipVersion' + type: Enum + description: | + The IP Version that will be used by this address. The default value is `IPV4`. + diff_suppress_func: 'tpgresource.EmptyOrDefaultStringSuppress("IPV4")' + enum_values: + - 'IPV4' + - 'IPV6' + - name: 'prefixLength' + type: Integer + description: | + The prefix length of the IP range. If not present, it means the + address field is a single IP address. + + This field is not applicable to addresses with addressType=INTERNAL + when purpose=PRIVATE_SERVICE_CONNECT + default_from_api: true + - name: 'addressType' + type: Enum + description: | + The type of the address to reserve. + + * EXTERNAL indicates public/external single IP address. + * INTERNAL indicates internal IP ranges belonging to some network. + diff_suppress_func: 'tpgresource.EmptyOrDefaultStringSuppress("EXTERNAL")' + default_value: "EXTERNAL" + enum_values: + - 'EXTERNAL' + - 'INTERNAL' + - name: 'purpose' + type: String + description: | + The purpose of the resource. Possible values include: + + * VPC_PEERING - for peer networks + + * PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks + - name: 'network' + type: ResourceRef + description: | + The URL of the network in which to reserve the IP range. The IP range + must be in RFC1918 space. The network cannot be deleted if there are + any reserved IP ranges referring to it. + + This should only be set when using an Internal address. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_GlobalForwardingRule.yaml b/mmv1/products/compute/go_GlobalForwardingRule.yaml new file mode 100644 index 000000000000..901dc9347599 --- /dev/null +++ b/mmv1/products/compute/go_GlobalForwardingRule.yaml @@ -0,0 +1,522 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'GlobalForwardingRule' +kind: 'compute#forwardingRule' +description: | + Represents a GlobalForwardingRule resource. Global forwarding rules are + used to forward traffic to the correct load balancer for HTTP load + balancing. Global forwarding rules can only be used for HTTP load + balancing. + + For more information, see https://cloud.google.com/compute/docs/load-balancing/http/ +docs: +base_url: 'projects/{{project}}/global/forwardingRules' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + post_create: 'templates/terraform/post_create/go/labels.tmpl' +legacy_long_form_project: true +examples: + - name: 'external_ssl_proxy_lb_mig_backend' + primary_resource_id: 'default' + vars: + ssl_proxy_xlb_network: 'ssl-proxy-xlb-network' + ssl_proxy_xlb_subnet: 'ssl-proxy-xlb-subnet' + ssl_proxy_xlb_ip: 'ssl-proxy-xlb-ip' + default_cert: 'default-cert' + test_proxy: 'test-proxy' + ssl_proxy_xlb_forwarding_rule: 'ssl-proxy-xlb-forwarding-rule' + ssl_proxy_xlb_backend_service: 'ssl-proxy-xlb-backend-service' + ssl_proxy_health_check: 'ssl-proxy-health-check' + ssl_proxy_xlb_mig_template: 'ssl-proxy-xlb-mig-template' + ssl_proxy_xlb_mig1: 'ssl-proxy-xlb-mig1' + ssl_proxy_xlb_fw_allow_hc: 'ssl-proxy-xlb-fw-allow-hc' + ignore_read_extra: + - 'port_range' + - 'target' + - 'ip_address' + skip_test: true + - name: 'external_tcp_proxy_lb_mig_backend' + primary_resource_id: 'default' + min_version: 'beta' + vars: + tcp_proxy_xlb_network: 'tcp-proxy-xlb-network' + tcp_proxy_xlb_subnet: 'tcp-proxy-xlb-subnet' + tcp_proxy_xlb_ip: 'tcp-proxy-xlb-ip' + tcp_proxy_xlb_forwarding_rule: 'tcp-proxy-xlb-forwarding-rule' + test_proxy_health_check: 'test-proxy-health-check' + tcp_proxy_xlb_backend_service: 'tcp-proxy-xlb-backend-service' + tcp_proxy_health_check: 'tcp-proxy-health-check' + tcp_proxy_xlb_mig_template: 'tcp-proxy-xlb-mig-template' + tcp_proxy_xlb_mig1: 'tcp-proxy-xlb-mig1' + tcp_proxy_xlb_fw_allow_hc: 'tcp-proxy-xlb-fw-allow-hc' + ignore_read_extra: + - 'port_range' + - 'target' + - 'ip_address' + - name: 'external_http_lb_mig_backend_custom_header' + primary_resource_id: 'default' + min_version: 'beta' + vars: + xlb_network_name: 'l7-xlb-network' + backend_subnet_name: 'l7-xlb-subnet' + address_name: 'l7-xlb-static-ip' + forwarding_rule_name: 'l7-xlb-forwarding-rule' + target_http_proxy_name: 'l7-xlb-target-http-proxy' + url_map_name: 'l7-xlb-url-map' + backend_service_name: 'l7-xlb-backend-service' + mig_template_name: 'l7-xlb-mig-template' + hc_name: 'l7-xlb-hc' + mig_name: 'l7-xlb-mig1' + fw_allow_hc_name: 'l7-xlb-fw-allow-hc' + ignore_read_extra: + - 'port_range' + - 'target' + - 'ip_address' + - name: 'global_forwarding_rule_http' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'global-rule' + http_proxy_name: 'target-proxy' + backend_service_name: 'backend' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'global_forwarding_rule_internal' + primary_resource_id: 'default' + min_version: 'beta' + vars: + forwarding_rule_name: 'global-rule' + http_proxy_name: 'target-proxy' + backend_service_name: 'backend' + igm_name: 'igm-internal' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'global_forwarding_rule_external_managed' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'global-rule' + http_proxy_name: 'target-proxy' + backend_service_name: 'backend' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'global_forwarding_rule_hybrid' + primary_resource_id: 'default' + vars: + forwarding_rule_name: 'global-rule' + http_proxy_name: 'target-proxy' + network_name: 'my-network' + internal_network_name: 'my-internal-network' + subnetwork_name: 'my-subnetwork' + default_backend_service_name: 'backend-default' + hybrid_backend_service_name: 'backend-hybrid' + internal_backend_service_name": 'backend-internal' + default_neg_name: 'default-neg' + hybrid_neg_name: 'hybrid-neg' + internal_neg_name: 'internal-neg' + health_check_name: 'health-check' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'global_internal_http_lb_with_mig_backend' + primary_resource_id: 'google_compute_forwarding_rule' + min_version: 'beta' + vars: + gilb_network_name: 'l7-gilb-network' + proxy_subnet_name: 'l7-gilb-proxy-subnet' + backend_subnet_name: 'l7-gilb-subnet' + forwarding_rule_name: 'l7-gilb-forwarding-rule' + target_http_proxy_name: 'l7-gilb-target-http-proxy' + url_map_name: 'l7-gilb-url-map' + backend_service_name: 'l7-gilb-backend-subnet' + mig_template_name: 'l7-gilb-mig-template' + hc_name: 'l7-gilb-hc' + mig_name: 'l7-gilb-mig1' + fw_allow_iap_hc_name: 'l7-gilb-fw-allow-iap-hc' + fw_allow_gilb_to_backends_name: 'l7-gilb-fw-allow-gilb-to-backends' + vm_test_name: 'l7-gilb-test-vm' + ignore_read_extra: + - 'port_range' + - 'target' + - name: 'private_service_connect_google_apis' + primary_resource_id: 'default' + min_version: 'beta' + vars: + network_name: 'my-network' + subnetwork_name: 'my-subnetwork' + global_address_name: 'global-psconnect-ip' + forwarding_rule_name: 'globalrule' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'ip_address' + - name: 'private_service_connect_google_apis_no_automate_dns' + primary_resource_id: 'default' + min_version: 'beta' + vars: + network_name: 'my-network' + subnetwork_name: 'my-subnetwork' + global_address_name: 'global-psconnect-ip' + forwarding_rule_name: 'globalrule' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'ip_address' +parameters: +properties: + - name: 'pscConnectionId' + type: String + description: 'The PSC connection id of the PSC Forwarding Rule.' + output: true + - name: 'pscConnectionStatus' + type: String + description: + 'The PSC connection status of the PSC Forwarding Rule. Possible values: + `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED`' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + # This is a multi-resource resource reference (Address, GlobalAddress) + - name: 'IPAddress' + type: String + description: | + IP address for which this forwarding rule accepts traffic. When a client + sends traffic to this IP address, the forwarding rule directs the traffic + to the referenced `target`. + + While creating a forwarding rule, specifying an `IPAddress` is + required under the following circumstances: + + * When the `target` is set to `targetGrpcProxy` and + `validateForProxyless` is set to `true`, the + `IPAddress` should be set to `0.0.0.0`. + * When the `target` is a Private Service Connect Google APIs + bundle, you must specify an `IPAddress`. + + Otherwise, you can optionally specify an IP address that references an + existing static (reserved) IP address resource. When omitted, Google Cloud + assigns an ephemeral IP address. + + Use one of the following formats to specify an IP address while creating a + forwarding rule: + + * IP address number, as in `100.1.2.3` + * IPv6 address range, as in `2600:1234::/96` + * Full resource URL, as in + `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` + * Partial URL or by name, as in: + * `projects/project_id/regions/region/addresses/address-name` + * `regions/region/addresses/address-name` + * `global/addresses/address-name` + * `address-name` + + The forwarding rule's `target`, + and in most cases, also the `loadBalancingScheme`, determine the + type of IP address that you can use. For detailed information, see + [IP address + specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). + + When reading an `IPAddress`, the API always returns the IP + address number. + default_from_api: true + diff_suppress_func: 'InternalIpDiffSuppress' + - name: 'IPProtocol' + type: Enum + description: | + The IP protocol to which this rule applies. + + For protocol forwarding, valid + options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP`, `ICMP` and + `L3_DEFAULT`. + + The valid IP protocols are different for different load balancing products + as described in [Load balancing + features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). + default_from_api: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + enum_values: + - 'TCP' + - 'UDP' + - 'ESP' + - 'AH' + - 'SCTP' + - 'ICMP' + - name: 'ipVersion' + type: Enum + description: | + The IP Version that will be used by this global forwarding rule. + enum_values: + - 'IPV4' + - 'IPV6' + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this forwarding rule. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'loadBalancingScheme' + type: Enum + description: | + Specifies the forwarding rule type. + + For more information about forwarding rules, refer to + [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). + default_value: "EXTERNAL" + enum_values: + - 'EXTERNAL' + - 'EXTERNAL_MANAGED' + - 'INTERNAL_MANAGED' + - 'INTERNAL_SELF_MANAGED' + - name: 'metadataFilters' + type: Array + description: | + Opaque filter criteria used by Loadbalancer to restrict routing + configuration to a limited set xDS compliant clients. In their xDS + requests to Loadbalancer, xDS clients present node metadata. If a + match takes place, the relevant routing configuration is made available + to those proxies. + + For each metadataFilter in this list, if its filterMatchCriteria is set + to MATCH_ANY, at least one of the filterLabels must match the + corresponding label provided in the metadata. If its filterMatchCriteria + is set to MATCH_ALL, then all of its filterLabels must match with + corresponding labels in the provided metadata. + + metadataFilters specified here can be overridden by those specified in + the UrlMap that this ForwardingRule references. + + metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + item_type: + type: NestedObject + properties: + - name: 'filterMatchCriteria' + type: Enum + description: | + Specifies how individual filterLabel matches within the list of + filterLabels contribute towards the overall metadataFilter match. + + MATCH_ANY - At least one of the filterLabels must have a matching + label in the provided metadata. + MATCH_ALL - All filterLabels must have matching labels in the + provided metadata. + required: true + enum_values: + - 'MATCH_ANY' + - 'MATCH_ALL' + - name: 'filterLabels' + type: Array + description: | + The list of label value pairs that must match labels in the + provided metadata based on filterMatchCriteria + + This list must not be empty and can have at the most 64 entries. + required: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the metadata label. The length must be between + 1 and 1024 characters, inclusive. + required: true + - name: 'value' + type: String + description: | + The value that the label must match. The value has a maximum + length of 1024 characters. + required: true + min_size: 1 + max_size: 64 + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-63 characters long, and comply with + [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + + Specifically, the name must be 1-63 characters long and match the regular + expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first + character must be a lowercase letter, and all following characters must + be a dash, lowercase letter, or digit, except the last character, which + cannot be a dash. + + For Private Service Connect forwarding rules that forward traffic to Google + APIs, the forwarding rule name must be a 1-20 characters string with + lowercase letters and numbers and must start with a letter. + required: true + - name: 'network' + type: ResourceRef + description: | + This field is not used for external load balancing. + + For Internal TCP/UDP Load Balancing, this field identifies the network that + the load balanced IP should belong to for this Forwarding Rule. + If the subnetwork is specified, the network of the subnetwork will be used. + If neither subnetwork nor this field is specified, the default network will + be used. + + For Private Service Connect forwarding rules that forward traffic to Google + APIs, a network must be provided. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'portRange' + type: String + description: | + The `portRange` field has the following limitations: + * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, + and + * It's applicable only to the following products: external passthrough + Network Load Balancers, internal and external proxy Network Load + Balancers, internal and external Application Load Balancers, external + protocol forwarding, and Classic VPN. + * Some products have restrictions on what ports can be used. See + [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) + for details. + + For external forwarding rules, two or more forwarding rules cannot use the + same `[IPAddress, IPProtocol]` pair, and cannot have overlapping + `portRange`s. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and + cannot have overlapping `portRange`s. + + @pattern: \d+(?:-\d+)? + diff_suppress_func: 'PortRangeDiffSuppress' + - name: 'subnetwork' + type: ResourceRef + description: | + This field identifies the subnetwork that the load balanced IP should + belong to for this Forwarding Rule, used in internal load balancing and + network load balancing with IPv6. + + If the network specified is in auto subnet mode, this field is optional. + However, a subnetwork must be specified if the network is in custom subnet + mode or when creating external forwarding rule with IPv6. + # This is a multi-resource resource reference (TargetHttp(s)Proxy, + # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, + # TargetInstance) + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'target' + type: String + description: | + The URL of the target resource to receive the matched traffic. For + regional forwarding rules, this target must be in the same region as the + forwarding rule. For global forwarding rules, this target must be a global + load balancing resource. + + The forwarded traffic must be of a type appropriate to the target object. + * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). + * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: + * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). + * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). + + For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. + required: true + update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setTarget' + update_verb: 'POST' + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'serviceDirectoryRegistrations' + type: Array + description: | + Service Directory resources to register this forwarding rule with. + + Currently, only supports a single Service Directory resource. + immutable: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'namespace' + type: String + description: | + Service Directory namespace to register the forwarding rule under. + immutable: true + default_from_api: true + - name: 'serviceDirectoryRegion' + type: String + description: | + [Optional] Service Directory region to register this global forwarding rule under. + Default to "us-central1". Only used for PSC for Google APIs. All PSC for + Google APIs Forwarding Rules on the same network should use the same Service + Directory region. + immutable: true + min_size: 0 + max_size: 1 + - name: 'sourceIpRanges' + type: Array + description: If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). + immutable: true + item_type: + type: String + - name: 'baseForwardingRule' + type: String + description: '[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.' + output: true + - name: 'allowPscGlobalAccess' + type: Boolean + description: This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. + min_version: 'beta' + - name: 'noAutomateDnsZone' + type: Boolean + description: + This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. + Non-PSC forwarding rules do not use this field. + immutable: true + ignore_read: true + send_empty_value: true diff --git a/mmv1/products/compute/go_GlobalNetworkEndpoint.yaml b/mmv1/products/compute/go_GlobalNetworkEndpoint.yaml new file mode 100644 index 000000000000..f6b78196a286 --- /dev/null +++ b/mmv1/products/compute/go_GlobalNetworkEndpoint.yaml @@ -0,0 +1,106 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'GlobalNetworkEndpoint' +kind: 'compute#networkEndpoint' +description: | + A Global Network endpoint represents a IP address and port combination that exists outside of GCP. + **NOTE**: Global network endpoints cannot be created outside of a + global network endpoint group. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +docs: +id_format: '{{project}}/{{global_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}' +base_url: 'projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}' +self_link: 'projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/listNetworkEndpoints' +create_url: 'projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/attachNetworkEndpoints' +read_verb: 'POST' +delete_url: 'projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/detachNetworkEndpoints' +delete_verb: 'POST' +immutable: true +mutex: 'networkEndpoint/{{project}}/{{global_network_endpoint_group}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - ipAddress + - fqdn + - port +nested_query: + keys: + - items + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_global_network_endpoint.go.tmpl' + decoder: 'templates/terraform/decoders/go/network_endpoint.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_global_network_endpoint.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/compute_global_network_endpoint.go.tmpl' +exclude_tgc: true +examples: + - name: 'global_network_endpoint' + primary_resource_id: 'default-endpoint' + vars: + neg_name: 'my-lb-neg' + skip_test: true +parameters: + - name: 'globalNetworkEndpointGroup' + type: ResourceRef + description: | + The global network endpoint group this endpoint is part of. + url_param_only: true + required: true + ignore_read: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + resource: 'GlobalNetworkEndpointGroup' + imports: 'name' +properties: + - name: 'port' + type: Integer + description: | + Port number of the external endpoint. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_int.go.tmpl' + validation: + function: 'validation.IntAtLeast(1)' + - name: 'ipAddress' + type: String + description: | + IPv4 address external endpoint. + - name: 'fqdn' + type: String + description: | + Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + at_least_one_of: + - 'fqdn' + - 'ip_address' diff --git a/mmv1/products/compute/go_GlobalNetworkEndpointGroup.yaml b/mmv1/products/compute/go_GlobalNetworkEndpointGroup.yaml new file mode 100644 index 000000000000..cbcc8744fea8 --- /dev/null +++ b/mmv1/products/compute/go_GlobalNetworkEndpointGroup.yaml @@ -0,0 +1,94 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'GlobalNetworkEndpointGroup' +kind: 'compute#networkEndpointGroup' +description: | + A global network endpoint group contains endpoints that reside outside of Google Cloud. + Currently a global network endpoint group can only support a single endpoint. + + Recreating a global network endpoint group that's in use by another resource will give a + `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` + to avoid this type of error. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +docs: +base_url: 'projects/{{project}}/global/networkEndpointGroups' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'global_network_endpoint_group' + primary_resource_id: 'neg' + vars: + neg_name: 'my-lb-neg' + - name: 'global_network_endpoint_group_ip_address' + primary_resource_id: 'neg' + vars: + neg_name: 'my-lb-neg' +parameters: +properties: + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'networkEndpointType' + type: Enum + description: | + Type of network endpoints in this network endpoint group. + required: true + enum_values: + - 'INTERNET_IP_PORT' + - 'INTERNET_FQDN_PORT' + - name: 'defaultPort' + type: Integer + description: | + The default port used if the port number is not specified in the + network endpoint. diff --git a/mmv1/products/compute/go_HaVpnGateway.yaml b/mmv1/products/compute/go_HaVpnGateway.yaml new file mode 100644 index 000000000000..ba5acae6e1a2 --- /dev/null +++ b/mmv1/products/compute/go_HaVpnGateway.yaml @@ -0,0 +1,163 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'HaVpnGateway' +kind: 'compute#vpnGateway' +description: | + Represents a VPN gateway running in GCP. This virtual device is managed + by Google, but used only by you. This type of VPN Gateway allows for the creation + of VPN solutions with higher availability than classic Target VPN Gateways. +references: + guides: + 'Choosing a VPN': 'https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn' + 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/vpnGateways' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/vpnGateways' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'ha_vpn_gateway_basic' + primary_resource_id: 'ha_gateway1' + vars: + ha_vpn_gateway1_name: 'ha-vpn-1' + network1_name: 'network1' + - name: 'ha_vpn_gateway_ipv6' + primary_resource_id: 'ha_gateway1' + vars: + ha_vpn_gateway1_name: 'ha-vpn-1' + network1_name: 'network1' + - name: 'ha_vpn_gateway_gcp_to_gcp' + primary_resource_id: 'ha_gateway1' + vars: + ha_vpn_gateway1_name: 'ha-vpn-1' + network1_name: 'network1' + router1_name: 'ha-vpn-router1' + ha_vpn_gateway2_name: 'ha-vpn-2' + network2_name: 'network2' + router2_name: 'ha-vpn-router2' + skip_test: true + skip_docs: true + skip_vcr: true + - name: 'compute_ha_vpn_gateway_encrypted_interconnect' + primary_resource_id: 'vpn-gateway' + vars: + ha_vpn_gateway_name: 'test-ha-vpngw' + interconnect_attachment1_name: 'test-interconnect-attachment1' + interconnect_attachment2_name: 'test-interconnect-attachment2' + address1_name: 'test-address1' + address2_name: 'test-address2' + router_name: 'test-router' + network_name: 'test-network' + skip_test: true +parameters: + - name: 'region' + type: ResourceRef + description: | + The region this gateway should sit in. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' + - name: 'network' + type: ResourceRef + description: | + The network this VPN gateway is accepting traffic for. + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'stackType' + type: Enum + description: | + The stack type for this VPN gateway to identify the IP protocols that are enabled. + If not specified, IPV4_ONLY will be used. + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "IPV4_ONLY" + enum_values: + - 'IPV4_ONLY' + - 'IPV4_IPV6' + - name: 'vpnInterfaces' + type: Array + description: | + A list of interfaces on this VPN gateway. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'id' + type: Integer + description: 'The numeric ID of this VPN gateway interface.' + - name: 'ipAddress' + type: String + description: 'The external IP address for this VPN gateway interface.' + output: true + - name: 'interconnectAttachment' + type: ResourceRef + description: | + URL of the interconnect attachment resource. When the value + of this field is present, the VPN Gateway will be used for + IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the + specified interconnect attachment resource. + + Not currently available publicly. + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'InterconnectAttachment' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_HealthCheck.yaml b/mmv1/products/compute/go_HealthCheck.yaml new file mode 100644 index 000000000000..f2ea88f02cba --- /dev/null +++ b/mmv1/products/compute/go_HealthCheck.yaml @@ -0,0 +1,874 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'HealthCheck' +kind: 'compute#healthCheck' +description: | + Health Checks determine whether instances are responsive and able to do work. + They are an important part of a comprehensive load balancing configuration, + as they enable monitoring instances behind load balancers. + + Health Checks poll instances at a specified interval. Instances that + do not respond successfully to some number of probes in a row are marked + as unhealthy. No new connections are sent to unhealthy instances, + though existing connections will continue. The health check will + continue to poll unhealthy instances. If an instance later responds + successfully to some number of consecutive probes, it is marked + healthy again and can receive new connections. + + ~>**NOTE**: Legacy HTTP(S) health checks must be used for target pool-based network + load balancers. See the [official guide](https://cloud.google.com/load-balancing/docs/health-check-concepts#selecting_hc) + for choosing a type of health check. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/health-checks' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks' +docs: +base_url: 'projects/{{project}}/global/healthChecks' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/health_check.tmpl' + encoder: 'templates/terraform/encoders/go/health_check_type.tmpl' +custom_diff: + - 'healthCheckCustomizeDiff' +examples: + - name: 'health_check_tcp' + primary_resource_id: 'tcp-health-check' + vars: + health_check_name: 'tcp-health-check' + - name: 'health_check_tcp_full' + primary_resource_id: 'tcp-health-check' + vars: + health_check_name: 'tcp-health-check' + - name: 'health_check_ssl' + primary_resource_id: 'ssl-health-check' + vars: + health_check_name: 'ssl-health-check' + - name: 'health_check_ssl_full' + primary_resource_id: 'ssl-health-check' + vars: + health_check_name: 'ssl-health-check' + - name: 'health_check_http' + primary_resource_id: 'http-health-check' + vars: + health_check_name: 'http-health-check' + - name: 'health_check_http_full' + primary_resource_id: 'http-health-check' + vars: + health_check_name: 'http-health-check' + - name: 'health_check_https' + primary_resource_id: 'https-health-check' + vars: + health_check_name: 'https-health-check' + - name: 'health_check_https_full' + primary_resource_id: 'https-health-check' + vars: + health_check_name: 'https-health-check' + - name: 'health_check_http2' + primary_resource_id: 'http2-health-check' + vars: + health_check_name: 'http2-health-check' + - name: 'health_check_http2_full' + primary_resource_id: 'http2-health-check' + vars: + health_check_name: 'http2-health-check' + - name: 'health_check_grpc' + primary_resource_id: 'grpc-health-check' + vars: + health_check_name: 'grpc-health-check' + - name: 'health_check_grpc_full' + primary_resource_id: 'grpc-health-check' + vars: + health_check_name: 'grpc-health-check' + - name: 'health_check_with_logging' + primary_resource_id: 'health-check-with-logging' + min_version: 'beta' + vars: + health_check_name: 'tcp-health-check' +parameters: +properties: + - name: 'checkIntervalSec' + type: Integer + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + send_empty_value: true + - name: 'healthyThreshold' + type: Integer + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + default_value: 2 + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + - name: 'timeoutSec' + type: Integer + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + default_value: 5 + - name: 'sourceRegions' + type: Array + description: | + The list of cloud regions from which health checks are performed. If + any regions are specified, then exactly 3 regions should be specified. + The region names must be valid names of Google Cloud regions. This can + only be set for global health check. If this list is non-empty, then + there are restrictions on what other health check fields are supported + and what other resources can use this health check: + + * SSL, HTTP2, and GRPC protocols are not supported. + + * The TCP request field is not supported. + + * The proxyHeader field for HTTP, HTTPS, and TCP is not supported. + + * The checkIntervalSec field must be at least 30. + + * The health check cannot be used with BackendService nor with managed + instance group auto-healing. + min_version: 'beta' + item_type: + type: String + min_size: 3 + max_size: 3 + - name: 'unhealthyThreshold' + type: Integer + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + default_value: 2 + - name: 'type' + type: Enum + description: |- + The type of the health check. One of HTTP, HTTPS, TCP, or SSL. + output: true + enum_values: + - 'TCP' + - 'SSL' + - 'HTTP' + - 'HTTPS' + - 'HTTP2' + - name: 'httpHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'host' + type: String + description: | + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'requestPath' + type: String + description: | + The request path of the HTTP health check request. + The default value is /. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + default_value: "/" + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTP health check request. + The default value is 80. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'httpsHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'host' + type: String + description: | + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'requestPath' + type: String + description: | + The request path of the HTTPS health check request. + The default value is /. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + default_value: "/" + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTPS health check request. + The default value is 443. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'tcpHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'request' + type: String + description: | + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the TCP health check request. + The default value is 443. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'sslHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'request' + type: String + description: | + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the SSL health check request. + The default value is 443. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'http2HealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'host' + type: String + description: | + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'requestPath' + type: String + description: | + The request path of the HTTP2 health check request. + The default value is /. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + default_value: "/" + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTP2 health check request. + The default value is 443. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'grpcHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'port' + type: Integer + description: | + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'grpcServiceName' + type: String + description: | + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + - name: 'logConfig' + type: NestedObject + description: | + Configure logging on this health check. + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/health_check_log_config.go.tmpl' + properties: + - name: 'enable' + type: Boolean + description: | + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + default_value: false diff --git a/mmv1/products/compute/go_HttpHealthCheck.yaml b/mmv1/products/compute/go_HttpHealthCheck.yaml new file mode 100644 index 000000000000..7ee7bc77a0d7 --- /dev/null +++ b/mmv1/products/compute/go_HttpHealthCheck.yaml @@ -0,0 +1,124 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'HttpHealthCheck' +kind: 'compute#httpHealthCheck' +description: | + An HttpHealthCheck resource. This resource defines a template for how + individual VMs should be checked for health, via HTTP. + + ~> **Note:** google_compute_http_health_check is a legacy health check. + The newer [google_compute_health_check](/docs/providers/google/r/compute_health_check.html) + should be preferred for all uses except + [Network Load Balancers](https://cloud.google.com/compute/docs/load-balancing/network/) + which still require the legacy version. +references: + guides: + 'Adding Health Checks': 'https://cloud.google.com/compute/docs/load-balancing/health-checks#legacy_health_checks' + api: 'https://cloud.google.com/compute/docs/reference/v1/httpHealthChecks' +docs: +base_url: 'projects/{{project}}/global/httpHealthChecks' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'http_health_check_basic' + primary_resource_id: 'default' + vars: + http_health_check_name: 'authentication-health-check' +parameters: +properties: + - name: 'checkIntervalSec' + type: Integer + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'healthyThreshold' + type: Integer + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + default_value: 2 + - name: 'host' + type: String + description: | + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTP health check request. + The default value is 80. + default_value: 80 + - name: 'requestPath' + type: String + description: | + The request path of the HTTP health check request. + The default value is /. + default_value: "/" + - name: 'timeoutSec' + type: Integer + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + default_value: 5 + - name: 'unhealthyThreshold' + type: Integer + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + default_value: 2 diff --git a/mmv1/products/compute/go_HttpsHealthCheck.yaml b/mmv1/products/compute/go_HttpsHealthCheck.yaml new file mode 100644 index 000000000000..34adda55888c --- /dev/null +++ b/mmv1/products/compute/go_HttpsHealthCheck.yaml @@ -0,0 +1,124 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'HttpsHealthCheck' +kind: 'compute#httpsHealthCheck' +description: | + An HttpsHealthCheck resource. This resource defines a template for how + individual VMs should be checked for health, via HTTPS. + + ~> **Note:** google_compute_https_health_check is a legacy health check. + The newer [google_compute_health_check](/docs/providers/google/r/compute_health_check.html) + should be preferred for all uses except + [Network Load Balancers](https://cloud.google.com/compute/docs/load-balancing/network/) + which still require the legacy version. +references: + guides: + 'Adding Health Checks': 'https://cloud.google.com/compute/docs/load-balancing/health-checks#legacy_health_checks' + api: 'https://cloud.google.com/compute/docs/reference/v1/httpsHealthChecks' +docs: +base_url: 'projects/{{project}}/global/httpsHealthChecks' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'https_health_check_basic' + primary_resource_id: 'default' + vars: + https_health_check_name: 'authentication-health-check' +parameters: +properties: + - name: 'checkIntervalSec' + type: Integer + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'healthyThreshold' + type: Integer + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + default_value: 2 + - name: 'host' + type: String + description: | + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTPS health check request. + The default value is 443. + default_value: 443 + - name: 'requestPath' + type: String + description: | + The request path of the HTTPS health check request. + The default value is /. + default_value: "/" + - name: 'timeoutSec' + type: Integer + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + default_value: 5 + - name: 'unhealthyThreshold' + type: Integer + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + default_value: 2 diff --git a/mmv1/products/compute/go_Image.yaml b/mmv1/products/compute/go_Image.yaml new file mode 100644 index 000000000000..32afc9e70d92 --- /dev/null +++ b/mmv1/products/compute/go_Image.yaml @@ -0,0 +1,277 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Image' +kind: 'compute#image' +description: | + Represents an Image resource. + + Google Compute Engine uses operating system images to create the root + persistent disks for your instances. You specify an image when you create + an instance. Images contain a boot loader, an operating system, and a + root file system. Linux operating system images are also capable of + running containers on Compute Engine. + + Images can be either public or custom. + + Public images are provided and maintained by Google, open-source + communities, and third-party vendors. By default, all projects have + access to these images and can use them to create instances. Custom + images are available only to your project. You can create a custom image + from root persistent disks and other images. Then, use the custom image + to create an instance. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/images' + api: 'https://cloud.google.com/compute/docs/reference/v1/images' +docs: +base_url: 'projects/{{project}}/global/images' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + allowed_iam_role: 'roles/compute.imageUser' + parent_resource_attribute: 'image' + iam_conditions_request_type: 'QUERY_PARAM' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: +examples: + - name: 'image_basic' + primary_resource_id: 'example' + primary_resource_name: 'fmt.Sprintf("tf-test-example-image%s", context["random_suffix"])' + vars: + image_name: 'example-image' + - name: 'image_guest_os' + primary_resource_id: 'example' + vars: + image_name: 'example-image' + - name: 'image_basic_storage_location' + primary_resource_id: 'example' + vars: + image_name: 'example-sl-image' + primary_resource_name: 'fmt.Sprintf("tf-test-sl-example-image%s", context["random_suffix"])' +parameters: +properties: + - name: 'archiveSizeBytes' + type: Integer + description: | + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + output: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'storageLocations' + type: Array + description: | + Cloud Storage bucket storage location of the image + (regional or multi-regional). + Reference link: https://cloud.google.com/compute/docs/reference/rest/v1/images + default_from_api: true + item_type: + type: String + - name: 'diskSizeGb' + type: Integer + description: | + Size of the image when restored onto a persistent disk (in GB). + # TODO(alexstephen): Build family support. + # Families use a different API + default_from_api: true + - name: 'family' + type: String + description: | + The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + - name: 'guestOsFeatures' + type: Array + description: | + A list of features to enable on the guest operating system. + Applicable only for bootable images. + is_set: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: Enum + description: | + The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. + required: true + enum_values: + - 'MULTI_IP_SUBNET' + - 'SECURE_BOOT' + - 'SEV_CAPABLE' + - 'UEFI_COMPATIBLE' + - 'VIRTIO_SCSI_MULTIQUEUE' + - 'WINDOWS' + - 'GVNIC' + - 'SEV_LIVE_MIGRATABLE' + - 'SEV_SNP_CAPABLE' + - 'SUSPEND_RESUME_COMPATIBLE' + - 'TDX_CAPABLE' + - 'SEV_LIVE_MIGRATABLE_V2' + - name: 'imageEncryptionKey' + type: NestedObject + description: | + Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image) + properties: + - name: 'kmsKeySelfLink' + type: String + description: | + The self link of the encryption key that is stored in Google Cloud + KMS. + api_name: kmsKeyName + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + custom_flatten: 'templates/terraform/custom_flatten/go/image_kms_key_name.go.tmpl' + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service + account is used. + - name: 'labels' + type: KeyValueLabels + description: Labels to apply to this Image. + immutable: false + update_url: 'projects/{{project}}/global/images/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/global/images/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'licenses' + type: Array + description: Any applicable license URI. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'license' + type: ResourceRef + description: 'An applicable license URI' + resource: 'License' + imports: 'selfLink' + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + - name: 'rawDisk' + type: NestedObject + description: The parameters of the raw disk image. + ignore_read: true + properties: + - name: 'containerType' + type: Enum + description: | + The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. + default_value: "TAR" + enum_values: + - 'TAR' + - name: 'sha1' + type: String + description: | + An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + # TODO(alexstephen): Figure out cross-module ResourceRefs + api_name: sha1Checksum + - name: 'source' + type: String + description: | + The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + required: true + - name: 'sourceDisk' + type: ResourceRef + description: | + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Disk' + imports: 'selfLink' + - name: 'sourceImage' + type: ResourceRef + description: | + URL of the source image used to create this image. In order to create an image, you must provide the full or partial + URL of one of the following: + + * The selfLink URL + * This property + * The rawDisk.source URL + * The sourceDisk URL + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Image' + imports: 'selfLink' + - name: 'sourceSnapshot' + type: ResourceRef + description: | + URL of the source snapshot used to create this image. + + In order to create an image, you must provide the full or partial URL of one of the following: + + * The selfLink URL + * This property + * The sourceImage URL + * The rawDisk.source URL + * The sourceDisk URL + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Snapshot' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_Instance.yaml b/mmv1/products/compute/go_Instance.yaml new file mode 100644 index 000000000000..4ffbf5911cfc --- /dev/null +++ b/mmv1/products/compute/go_Instance.yaml @@ -0,0 +1,660 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Instance' +kind: 'compute#instance' +description: | + An instance is a virtual machine (VM) hosted on Google's infrastructure. +exclude_resource: true +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/instances' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + allowed_iam_role: 'roles/compute.osLogin' + parent_resource_attribute: 'instance_name' + iam_conditions_request_type: 'QUERY_PARAM' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: +examples: + - name: 'instance_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' + vars: + instance_name: 'my-instance' +parameters: + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the machine resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'canIpForward' + type: Boolean + description: | + Allows this instance to send and receive packets with non-matching + destination or source IPs. This is required if you plan to use this + instance to forward routes. + - name: 'cpuPlatform' + type: String + description: The CPU platform used by this instance. + output: true + - name: 'creationTimestamp' + type: String + description: Creation timestamp in RFC3339 text format. + output: true + - name: 'deletionProtection' + type: Boolean + description: Whether the resource should be protected against deletion. + # The code for this update is custom because MM doesn't support + # sending empty bodies + the new option as a request parameter. + update_url: '/projects/{{project}}/zones/{{zone}}/instances/{resourceId}/setDeletionProtection' + update_verb: 'POST' + - name: 'disks' + type: Array + description: | + An array of disks that are associated with the instances that are + created from this template. + immutable: true + item_type: + type: NestedObject + properties: + - name: 'autoDelete' + type: Boolean + description: | + Specifies whether the disk will be auto-deleted when the + instance is deleted (but not when the disk is detached from + the instance). + + Tip: Disks should be set to autoDelete=true + so that leftover disks are not left behind on machine + deletion. + - name: 'boot' + type: Boolean + description: | + Indicates that this is a boot disk. The virtual machine will + use the first partition of the disk for its root filesystem. + - name: 'deviceName' + type: String + description: | + Specifies a unique device name of your choice that is + reflected into the /dev/disk/by-id/google-* tree of a Linux + operating system running within the instance. This name can + be used to reference the device for mounting, resizing, and + so on, from within the instance. + - name: 'diskEncryptionKey' + type: NestedObject + description: | + Encrypts or decrypts a disk using a customer-supplied + encryption key. + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, + encoded in RFC 4648 base64 to either encrypt or decrypt + this resource. + - name: 'rsaEncryptedKey' + type: String + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped + 2048-bit customer-supplied encryption key to either + encrypt or decrypt this resource. + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this + resource. + output: true + - name: 'index' + type: Integer + description: | + Assigns a zero-based index to this disk, where 0 is + reserved for the boot disk. For example, if you have many + disks attached to an instance, each disk would have a + unique index number. If not specified, the server will + choose an appropriate value. + - name: 'initializeParams' + type: NestedObject + description: | + Specifies the parameters for a new disk that will be + created alongside the new instance. Use initialization + parameters to create boot disks or local SSDs attached to + the new instance. + immutable: true + properties: + - name: 'diskName' + type: String + description: | + Specifies the disk name. If not specified, the default + is to use the name of the instance. + - name: 'diskSizeGb' + type: Integer + description: Specifies the size of the disk in base-2 GB. + # diskStorageType - deprecated + - name: 'diskType' + type: ResourceRef + description: | + Reference to a disk type. + Specifies the disk type to use to create the instance. + If not specified, the default is pd-standard. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'DiskType' + imports: 'selfLink' + - name: 'sourceImage' + type: String + description: | + The source image to create this disk. When creating a + new instance, one of initializeParams.sourceImage or + disks.source is required. To create a disk with one of + the public operating system images, specify the image + by its family name. + - name: 'provisionedIops' + type: Integer + description: | + Indicates how many IOPS to provision for the disk. This + sets the number of I/O operations per second that the + disk can handle. Note: Updating currently is only supported for + hyperdisk skus via disk update api/gcloud without the need to + delete and recreate the disk, hyperdisk allows for an update of + IOPS every 4 hours. To update your hyperdisk more frequently, + you'll need to manually delete and recreate it. + - name: 'provisionedThroughput' + type: Integer + description: | + Indicates how much throughput to provision for the disk. + This sets the number of throughput mb per second that + the disk can handle. Note: Updating currently is only supported + for hyperdisk skus via disk update api/gcloud without the need + to delete and recreate the disk, hyperdisk allows for an update + of throughput every 4 hours. To update your hyperdisk more + frequently, you'll need to manually delete and recreate it. + - name: 'enableConfidentialCompute' + type: Boolean + description: | + Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key + is required when setting to true. + - name: 'sourceImageEncryptionKey' + type: NestedObject + description: | + The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to either encrypt + or decrypt this resource. + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this + resource. + output: true + - name: 'interface' + type: Enum + description: | + Specifies the disk interface to use for attaching this + disk, which is either SCSI or NVME. The default is SCSI. + Persistent disks must always use SCSI and the request will + fail if you attempt to attach a persistent disk in any + other format than SCSI. + enum_values: + - 'SCSI' + - 'NVME' + - name: 'mode' + type: Enum + description: | + The mode in which to attach this disk, either READ_WRITE or + READ_ONLY. If not specified, the default is to attach the + disk in READ_WRITE mode. + enum_values: + - 'READ_WRITE' + - 'READ_ONLY' + - name: 'source' + type: ResourceRef + description: | + Reference to a disk. When creating a new instance, + one of initializeParams.sourceImage or disks.source is required. + + If desired, you can also attach existing non-root + persistent disks using this property. This field is only + applicable for persistent disks. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Disk' + imports: 'selfLink' + - name: 'type' + type: Enum + description: | + Specifies the type of the disk, either SCRATCH or + PERSISTENT. If not specified, the default is PERSISTENT. + enum_values: + - 'SCRATCH' + - 'PERSISTENT' + - name: 'licenses' + type: Array + description: 'Any applicable publicly visible licenses.' + output: true + item_type: + type: String + - name: 'guestAccelerators' + type: Array + description: | + List of the type and count of accelerator cards attached to the + instance + item_type: + type: NestedObject + properties: + - name: 'acceleratorCount' + type: Integer + description: | + The number of the guest accelerator cards exposed to this + instance. + # TODO(alexstephen): Change to ResourceRef once AcceleratorType is + # created. + - name: 'acceleratorType' + type: String + description: | + Full or partial URL of the accelerator type resource to expose + to this instance. + - name: 'hostname' + type: String + description: | + The hostname of the instance to be created. The specified hostname + must be RFC1035 compliant. If hostname is not specified, the default + hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the + global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when + using zonal DNS. + - name: 'id' + type: Integer + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this instance. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setLabels' + update_verb: 'POST' + - name: 'metadata' + type: KeyValuePairs + description: | + The metadata key/value pairs to assign to instances that are + created from this template. These pairs can consist of custom + metadata or predefined keys. + - name: 'machineType' + type: ResourceRef + description: 'A reference to a machine type which defines VM kind.' + update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setMachineType' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'MachineType' + imports: 'selfLink' + - name: 'minCpuPlatform' + type: String + description: | + Specifies a minimum CPU platform for the VM instance. Applicable + values are the friendly names of CPU platforms + - name: 'name' + type: String + description: | + The name of the resource, provided by the client when initially + creating the resource. The resource name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 + characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a + lowercase letter, and all following characters must be a dash, + lowercase letter, or digit, except the last character, which cannot + be a dash. + - name: 'networkInterfaces' + type: Array + description: | + An array of configurations for this interface. This specifies + how this interface is configured to interact with other + network services, such as connecting to the internet. Only + one network interface is supported per instance. + item_type: + type: NestedObject + properties: + - name: 'accessConfigs' + type: Array + description: | + An array of configurations for this interface. Currently, only + one access config, ONE_TO_ONE_NAT, is supported. If there are no + accessConfigs specified, then this instance will have no + external internet access. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name of this access configuration. The + default and recommended name is External NAT but you can + use any arbitrary string you would like. For example, My + external IP or Network Access. + required: true + - name: 'natIP' + type: ResourceRef + description: | + Reference to an address. + An external IP address associated with this instance. + Specify an unused static external IP address available to + the project or leave this field undefined to use an IP + from a shared ephemeral IP address pool. If you specify a + static external IP address, it must live in the same + region as the zone of the instance. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Address' + imports: 'address' + - name: 'type' + type: Enum + description: | + The type of configuration. The default and only option is + ONE_TO_ONE_NAT. + required: true + enum_values: + - 'ONE_TO_ONE_NAT' + - name: 'setPublicPtr' + type: Boolean + description: | + Specifies whether a public DNS PTR record should be + created to map the external IP address of the instance + to a DNS domain name. + - name: 'publicPtrDomainName' + type: String + description: | + The DNS domain name for the public PTR record. You can + set this field only if the setPublicPtr field is + enabled. + - name: 'networkTier' + type: Enum + description: | + This signifies the networking tier used for configuring + this access configuration. If an AccessConfig is + specified without a valid external IP address, an + ephemeral IP will be created with this networkTier. If an + AccessConfig with a valid external IP address is + specified, it must match that of the networkTier + associated with the Address resource owning that IP. + enum_values: + - 'PREMIUM' + - 'STANDARD' + - name: 'aliasIpRanges' + type: Array + description: | + An array of alias IP ranges for this network interface. Can + only be specified for network interfaces on subnet-mode + networks. + item_type: + type: NestedObject + properties: + - name: 'ipCidrRange' + type: String + description: | + The IP CIDR range represented by this alias IP range. + This IP CIDR range must belong to the specified + subnetwork and cannot contain IP addresses reserved by + system or used by other network interfaces. This range + may be a single IP address (e.g. 10.2.3.4), a netmask + (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). + - name: 'subnetworkRangeName' + type: String + description: | + Optional subnetwork secondary range name specifying + the secondary range from which to allocate the IP + CIDR range for this alias IP range. If left + unspecified, the primary range of the subnetwork will + be used. + - name: 'internalIpv6PrefixLength' + type: String + description: | + The prefix length of the primary internal IPv6 range. + - name: 'ipv6Address' + type: String + description: | + An IPv6 internal network address for this network interface. + If not specified, Google Cloud will automatically assign an + internal IPv6 address from the instance's subnetwork. + - name: 'name' + type: String + description: | + The name of the network interface, generated by the + server. For network devices, these are eth0, eth1, etc + output: true + - name: 'network' + type: ResourceRef + description: | + Specifies the title of an existing network. When creating + an instance, if neither the network nor the subnetwork is specified, + the default network global/networks/default is used; if the network + is not specified but the subnetwork is specified, the network is + inferred. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'networkIP' + type: String + description: | + An IPv4 internal network address to assign to the + instance for this network interface. If not specified + by the user, an unused internal IP is assigned by the + system. + - name: 'subnetwork' + type: ResourceRef + description: | + Reference to a VPC network. + If the network resource is in legacy mode, do not + provide this property. If the network is in auto + subnet mode, providing the subnetwork is optional. If + the network is in custom subnet mode, then this field + should be specified. + # networkInterfaces.kind is not necessary for convergence. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'networkAttachment' + type: ResourceRef + description: | + The URL of the network attachment that this interface should connect to in the following format: + projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}. + resource: 'networkAttachment' + imports: 'selfLink' + - name: 'scheduling' + type: NestedObject + description: Sets the scheduling options for this instance. + properties: + - name: 'automaticRestart' + type: Boolean + description: | + Specifies whether the instance should be automatically restarted + if it is terminated by Compute Engine (not terminated by a user). + You can only set the automatic restart option for standard + instances. Preemptible instances cannot be automatically + restarted. + - name: 'onHostMaintenance' + type: String + description: | + Defines the maintenance behavior for this instance. For standard + instances, the default behavior is MIGRATE. For preemptible + instances, the default and only possible behavior is TERMINATE. + For more information, see Setting Instance Scheduling Options. + - name: 'preemptible' + type: Boolean + description: | + Defines whether the instance is preemptible. This can only be set + during instance creation, it cannot be set or changed after the + instance has been created. + - name: 'serviceAccounts' + type: Array + description: | + A list of service accounts, with their specified scopes, authorized + for this instance. Only one service account per VM instance is + supported. + item_type: + type: NestedObject + properties: + - name: 'email' + type: String + description: Email address of the service account. + - name: 'scopes' + type: Array + description: | + The list of scopes to be made available for this service + account. + item_type: + type: String + - name: 'shieldedInstanceConfig' + type: NestedObject + description: + Configuration for various parameters related to shielded instances. + # The code for this update method is custom because MM does not support + # sending just the nested properties + update_url: 'projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig' + update_verb: 'PATCH' + properties: + - name: 'enableSecureBoot' + type: Boolean + description: Defines whether the instance has Secure Boot enabled. + update_url: 'projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig' + update_verb: 'PATCH' + - name: 'enableVtpm' + type: Boolean + description: Defines whether the instance has the vTPM enabled + update_url: 'projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig' + update_verb: 'PATCH' + - name: 'enableIntegrityMonitoring' + type: Boolean + description: + Defines whether the instance has integrity monitoring enabled. + update_url: 'projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig' + update_verb: 'PATCH' + - name: 'confidentialInstanceConfig' + type: NestedObject + description: + 'Configuration for confidential computing (requires setting the machine + type to any of the n2d-* types and a boot disk of type pd-ssd).' + properties: + - name: 'enableConfidentialCompute' + type: Boolean + description: Enables confidential computing with AMD SEV. + at_least_one_of: + - 'confidential_instance_config.0.enable_confidential_compute' + - 'confidential_instance_config.0.confidential_instance_type' + deprecation_message: '`enableConfidentialCompute` is deprecated and will be removed in a future major release. Use `confidentialInstanceType: SEV` instead.' + - name: 'confidentialInstanceType' + type: Enum + description: | + The confidential computing technology the instance uses. + SEV is an AMD feature. One of the following values: SEV, SEV_SNP. + If SEV_SNP, min_cpu_platform = "AMD Milan" is currently required. + at_least_one_of: + - 'confidential_instance_config.0.enable_confidential_compute' + - 'confidential_instance_config.0.confidential_instance_type' + enum_values: + - 'SEV' + - 'SEV_SNP' + - name: 'status' + type: Enum + description: | + The status of the instance. One of the following values: + PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, + and TERMINATED. + + As a user, use RUNNING to keep a machine "on" and TERMINATED to + turn a machine off + # GCP API shows this as output: true. + # This is incorrect because you can make actions on the Instance (start, stop) + # In an idempotent world, the best way to express these actions is to + # change the status value. + enum_values: + - 'PROVISIONING' + - 'STAGING' + - 'RUNNING' + - 'STOPPING' + - 'SUSPENDING' + - 'SUSPENDED' + - 'TERMINATED' + - name: 'statusMessage' + type: String + description: An optional, human-readable explanation of the status. + output: true + - name: 'tags' + type: NestedObject + description: | + A list of tags to apply to this instance. Tags are used to identify + valid sources or targets for network firewalls and are specified by + the client during instance creation. The tags can be later modified + by the setTags method. Each tag within the list must comply with + RFC1035. + properties: + - name: 'fingerprint' + type: String + description: | + Specifies a fingerprint for this request, which is essentially a + hash of the metadata's contents and used for optimistic locking. + The fingerprint is initially generated by Compute Engine and + changes after every request to modify or update metadata. You + must always provide an up-to-date fingerprint hash in order to + update or change metadata. + - name: 'items' + type: Array + description: | + An array of tags. Each tag must be 1-63 characters long, and + comply with RFC1035. + item_type: + type: String diff --git a/mmv1/products/compute/go_InstanceGroup.yaml b/mmv1/products/compute/go_InstanceGroup.yaml new file mode 100644 index 000000000000..48e0fa36a110 --- /dev/null +++ b/mmv1/products/compute/go_InstanceGroup.yaml @@ -0,0 +1,122 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceGroup' +kind: 'compute#instanceGroup' +description: | + Represents an Instance Group resource. Instance groups are self-managed + and can contain identical or different instances. Instance groups do not + use an instance template. Unlike managed instance groups, you must create + and add instances to an instance group manually. +exclude: true +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +parameters: + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the instance group resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + # 'fingerprint' not applicable to state convergence. + - name: 'id' + type: Integer + description: 'A unique identifier for this instance group.' + output: true + - name: 'name' + type: String + description: | + The name of the instance group. + The name must be 1-63 characters long, and comply with RFC1035. + - name: 'namedPorts' + type: Array + description: | + Assigns a name to a port number. + For example: {name: "http", port: 80}. + + This allows the system to reference ports by the assigned name + instead of a port number. Named ports can also contain multiple + ports. + + For example: [{name: "http", port: 80},{name: "http", port: 8080}] + + Named ports apply to all instances in this instance group. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name for this named port. + The name must be 1-63 characters long, and comply with RFC1035. + - name: 'port' + type: Integer + description: | + The port number, which can be a value between 1 and 65535. + - name: 'network' + type: ResourceRef + description: | + The network to which all instances in the instance group belong. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'region' + type: ResourceRef + description: | + The region where the instance group is located + (for regional resources). + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'selfLink' + - name: 'subnetwork' + type: ResourceRef + description: | + The subnetwork to which all instances in the instance group belong. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_InstanceGroupManager.yaml b/mmv1/products/compute/go_InstanceGroupManager.yaml new file mode 100644 index 000000000000..3a52e01f41f3 --- /dev/null +++ b/mmv1/products/compute/go_InstanceGroupManager.yaml @@ -0,0 +1,220 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceGroupManager' +kind: 'compute#instanceGroupManager' +description: | + Creates a managed instance group using the information that you specify in + the request. After the group is created, it schedules an action to create + instances in the group using the specified instance template. This + operation is marked as DONE when the group is created even if the + instances in the group have not yet been created. You must separately + verify the status of the individual instances. + + A managed instance group can have up to 1000 VM instances per group. +exclude: true +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +parameters: + - name: 'zone' + type: ResourceRef + description: 'The zone the managed instance group resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'baseInstanceName' + type: String + description: | + The base instance name to use for instances in this group. The value + must be 1-58 characters long. Instances are named by appending a + hyphen and a random four-character string to the base instance name. + The base instance name must comply with RFC1035. + required: true + - name: 'creationTimestamp' + type: Time + description: | + The creation timestamp for this managed instance group in RFC3339 + text format. + output: true + - name: 'currentActions' + type: NestedObject + description: | + The list of instance actions and the number of instances in this + managed instance group that are scheduled for each of those actions. + output: true + properties: + - name: 'abandoning' + type: Integer + description: | + The total number of instances in the managed instance group that + are scheduled to be abandoned. Abandoning an instance removes it + from the managed instance group without deleting it. + output: true + - name: 'creating' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be created or are currently being created. If the + group fails to create any of these instances, it tries again until + it creates the instance successfully. + + If you have disabled creation retries, this field will not be + populated; instead, the creatingWithoutRetries field will be + populated. + output: true + - name: 'creatingWithoutRetries' + type: Integer + description: | + The number of instances that the managed instance group will + attempt to create. The group attempts to create each instance only + once. If the group fails to create any of these instances, it + decreases the group's targetSize value accordingly. + output: true + - name: 'deleting' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be deleted or are currently being deleted. + output: true + - name: 'none' + type: Integer + description: | + The number of instances in the managed instance group that are + running and have no scheduled actions. + output: true + - name: 'recreating' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be recreated or are currently being being recreated. + Recreating an instance deletes the existing root persistent disk + and creates a new disk from the image that is defined in the + instance template. + output: true + - name: 'refreshing' + type: Integer + description: | + The number of instances in the managed instance group that are + being reconfigured with properties that do not require a restart + or a recreate action. For example, setting or removing target + pools for the instance. + output: true + - name: 'restarting' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be restarted or are currently being restarted. + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + immutable: true + - name: 'id' + type: Integer + description: 'A unique identifier for this resource' + output: true + - name: 'instanceGroup' + type: ResourceRef + description: 'The instance group being managed' + output: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'InstanceGroup' + imports: 'selfLink' + - name: 'instanceTemplate' + type: ResourceRef + description: | + The instance template that is specified for this managed instance + group. The group uses this template to create all new instances in the + managed instance group. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'InstanceTemplate' + imports: 'selfLink' + - name: 'name' + type: String + description: | + The name of the managed instance group. The name must be 1-63 + characters long, and comply with RFC1035. + required: true + - name: 'namedPorts' + type: Array + description: + Named ports configured for the Instance Groups complementary to this + Instance Group Manager. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name for this named port. The name must be 1-63 characters + long, and comply with RFC1035. + - name: 'port' + type: Integer + description: + The port number, which can be a value between 1 and 65535. + - name: 'region' + type: ResourceRef + description: | + The region this managed instance group resides + (for regional resources). + output: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'selfLink' + - name: 'targetPools' + type: Array + description: | + TargetPool resources to which instances in the instanceGroup field are + added. The target pools automatically apply to all of the instances in + the managed instance group. + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'targetPool' + type: ResourceRef + description: 'The targetPool to receive managed instances.' + resource: 'TargetPool' + imports: 'selfLink' + - name: 'targetSize' + type: Integer + description: | + The target number of running instances for this managed instance + group. Deleting or abandoning instances reduces this number. Resizing + the group changes this number. diff --git a/mmv1/products/compute/go_InstanceGroupMembership.yaml b/mmv1/products/compute/go_InstanceGroupMembership.yaml new file mode 100644 index 000000000000..fd910f82c8d2 --- /dev/null +++ b/mmv1/products/compute/go_InstanceGroupMembership.yaml @@ -0,0 +1,108 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceGroupMembership' +kind: 'compute#instanceGroup' +description: | + Represents the Instance membership to the Instance Group. + + -> **NOTE** You can use this resource instead of the `instances` field in the + `google_compute_instance_group`, however it's not recommended to use it alongside this field. + It might cause inconsistencies, as they can end up competing over control. + + -> **NOTE** This resource has been added to avoid a situation, where after + Instance is recreated, it's removed from Instance Group and it's needed to + perform `apply` twice. To avoid situations like this, please use this resource + with the lifecycle `replace_triggered_by` method, with the passed Instance's ID. +references: + guides: + 'Add instances': 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroups/addInstances' + 'Remove instances': 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroups/removeInstances' + 'List instances': 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroups/listInstances' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroups' +docs: +id_format: '{{project}}/{{zone}}/{{instance_group}}/{{instance}}' +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{instance_group}}' +self_link: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{instance_group}}/listInstances' +create_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{instance_group}}/addInstances' +read_verb: 'POST' +delete_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{instance_group}}/removeInstances' +delete_verb: 'POST' +immutable: true +mutex: 'instanceGroups/{{project}}/zones/{{zone}}/{{instance_group}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - instance +nested_query: + keys: + - items + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_instance_group_membership.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_instance_group_membership.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/compute_instance_group_membership.go.tmpl' +exclude_tgc: true +examples: + - name: 'instance_group_membership' + vars: + network_name: 'network' + instance_group_name: 'instance-group' + instance_name: 'instance' + skip_test: true +parameters: + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the instance group resides.' + url_param_only: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' + - name: 'instanceGroup' + type: ResourceRef + description: | + Represents an Instance Group resource name that the instance belongs to. + url_param_only: true + required: true + ignore_read: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + resource: 'InstanceGroup' + imports: 'name' +properties: + - name: 'instance' + type: ResourceRef + description: 'An instance being added to the InstanceGroup' + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/full_to_relative_path.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Instance' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_InstanceGroupNamedPort.yaml b/mmv1/products/compute/go_InstanceGroupNamedPort.yaml new file mode 100644 index 000000000000..fd1d5514a0e6 --- /dev/null +++ b/mmv1/products/compute/go_InstanceGroupNamedPort.yaml @@ -0,0 +1,106 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceGroupNamedPort' +description: | + Mange the named ports setting for a managed instance group without + managing the group as whole. This resource is primarily intended for use + with GKE-generated groups that shouldn't otherwise be managed by other + tools. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroup' +docs: +id_format: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/{{port}}/{{name}}' +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' +self_link: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' +create_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/setNamedPorts' +delete_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/setNamedPorts' +delete_verb: 'POST' +immutable: true +mutex: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' +import_format: + - 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/{{port}}/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - port + - name +nested_query: + keys: + - namedPorts + is_list_of_ids: false + modify_by_patch: true +custom_code: + encoder: 'templates/terraform/encoders/go/normalize_group.go.tmpl' +examples: + - name: 'instance_group_named_port_gke' + primary_resource_id: 'my_port' + vars: + network_name: 'container-network' + subnetwork_name: 'container-subnetwork' + gke_cluster_name: 'my-cluster' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + skip_vcr: true +parameters: + - name: 'group' + type: ResourceRef + description: | + The name of the instance group. + url_param_only: true + required: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + resource: 'InstanceGroup' + imports: 'name' + - name: 'zone' + type: ResourceRef + description: | + The zone of the instance group. + url_param_only: true + required: false + ignore_read: true + default_from_api: true + resource: 'Zone' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The name for this named port. The name must be 1-63 characters + long, and comply with RFC1035. + required: true + - name: 'port' + type: Integer + description: The port number, which can be a value between 1 and 65535. + required: true diff --git a/mmv1/products/compute/go_InstanceSettings.yaml b/mmv1/products/compute/go_InstanceSettings.yaml new file mode 100644 index 000000000000..3069656e3b43 --- /dev/null +++ b/mmv1/products/compute/go_InstanceSettings.yaml @@ -0,0 +1,81 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceSettings' +kind: 'compute#instanceSettings' +description: | + Represents an Instance Settings resource. Instance settings are centralized configuration parameters that allow users to configure the default values for specific VM parameters that are normally set using GCE instance API methods. +references: + guides: + 'Update Instance Settings': 'https://cloud.google.com/compute/docs/metadata/setting-custom-metadata#set-custom-project-zonal-metadata' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/instanceSettings' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/instanceSettings' +self_link: 'projects/{{project}}/zones/{{zone}}/instanceSettings' +create_url: 'projects/{{project}}/zones/{{zone}}/instanceSettings?update_mask=*' +create_verb: 'PATCH' +update_url: 'projects/{{project}}/zones/{{zone}}/instanceSettings?update_mask=*' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/zones/{{zone}}/instanceSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + custom_delete: 'templates/terraform/custom_delete/go/clear_instance_settings.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +examples: + - name: 'instance_settings_basic' + primary_resource_id: 'gce_instance_settings' +parameters: + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the machine resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'fingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + custom_expand: 'templates/terraform/custom_expand/go/compute_instance_settings_fingerprint.tmpl' + - name: 'metadata' + type: NestedObject + description: | + The metadata key/value pairs assigned to all the instances in the corresponding scope. + properties: + - name: 'items' + type: KeyValuePairs + description: | + A metadata key/value items map. The total size of all keys and values must be less than 512KB diff --git a/mmv1/products/compute/go_Interconnect.yaml b/mmv1/products/compute/go_Interconnect.yaml new file mode 100644 index 000000000000..225cf2cdf95b --- /dev/null +++ b/mmv1/products/compute/go_Interconnect.yaml @@ -0,0 +1,406 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Interconnect' +kind: 'compute#Interconnect' +description: | + Represents an Interconnect resource. The Interconnect resource is a dedicated connection between + Google's network and your on-premises network. +references: + guides: + 'Create a Dedicated Interconnect': 'https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/interconnects' +docs: +base_url: 'projects/{{project}}/global/interconnects' +self_link: 'projects/{{project}}/global/interconnects/{{name}}' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 10000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/interconnect.go.tmpl' +examples: + - name: 'compute_interconnect_basic' + primary_resource_id: 'example-interconnect' + vars: + interconnect_name: 'example-interconnect' + customer_name: 'example_customer' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + skip_test: true + - name: 'compute_interconnect_basic_test' + primary_resource_id: 'example-interconnect' + vars: + interconnect_name: 'example-interconnect' + skip_docs: true +parameters: +properties: + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create the resource. + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is created. The name must be + 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first + character must be a lowercase letter, and all following characters must be a dash, + lowercase letter, or digit, except the last character, which cannot be a dash. + required: true + immutable: true + validation: + regex: '^[a-z]([-a-z0-9]*[a-z0-9])?$' + - name: 'location' + type: ResourceRef + description: | + URL of the InterconnectLocation object that represents where this connection is to be provisioned. + required: true + immutable: true + resource: 'InterconnectLocations' + imports: 'selfLink' + - name: 'linkType' + type: Enum + description: | + Type of link requested. Note that this field indicates the speed of each of the links in the + bundle, not the speed of the entire bundle. Can take one of the following values: + - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics. + - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. + required: true + immutable: true + enum_values: + - 'LINK_TYPE_ETHERNET_10G_LR' + - 'LINK_TYPE_ETHERNET_100G_LR' + - name: 'requestedLinkCount' + type: Integer + description: | + Target number of physical links in the link bundle, as requested by the customer. + required: true + immutable: true + - name: 'interconnectType' + type: Enum + description: | + Type of interconnect. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED. + Can take one of the following values: + - PARTNER: A partner-managed interconnection shared between customers though a partner. + - DEDICATED: A dedicated physical interconnection with the customer. + required: true + immutable: true + diff_suppress_func: 'InterconnectTypeDiffSuppress' + enum_values: + - 'DEDICATED' + - 'PARTNER' + - 'IT_PRIVATE' + - name: 'adminEnabled' + type: Boolean + description: | + Administrative status of the interconnect. When this is set to true, the Interconnect is + functional and can carry traffic. When set to false, no packets can be carried over the + interconnect and no BGP routes are exchanged over it. By default, the status is set to true. + send_empty_value: true + default_value: true + - name: 'nocContactEmail' + type: String + description: | + Email address to contact the customer NOC for operations and maintenance notifications + regarding this Interconnect. If specified, this will be used for notifications in addition to + all other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications. + This field is required for users who sign up for Cloud Interconnect using workforce identity + federation. + - name: 'customerName' + type: String + description: | + Customer name, to put in the Letter of Authorization as the party authorized to request a + crossconnect. + required: true + immutable: true + - name: 'operationalStatus' + type: Enum + description: | + The current status of this Interconnect's functionality, which can take one of the following: + - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may + be provisioned on this Interconnect. + - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be + provisioned on this Interconnect. + - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No + attachments may be provisioned or updated on this Interconnect. + output: true + enum_values: + - 'OS_ACTIVE' + - 'OS_UNPROVISIONED' + - 'OS_UNDER_MAINTENANCE' + - name: 'provisionedLinkCount' + type: Integer + description: | + Number of links actually provisioned in this interconnect. + output: true + - name: 'interconnectAttachments' + type: Array + description: | + A list of the URLs of all InterconnectAttachments configured to use this Interconnect. + output: true + item_type: + type: String + - name: 'peerIpAddress' + type: String + description: | + IP address configured on the customer side of the Interconnect link. + The customer should configure this IP address during turnup when prompted by Google NOC. + This can be used only for ping tests. + output: true + - name: 'googleIpAddress' + type: String + description: | + IP address configured on the Google side of the Interconnect link. + This can be used only for ping tests. + output: true + - name: 'googleReferenceId' + type: String + description: | + Google reference ID to be used when raising support tickets with Google or otherwise to debug + backend connectivity issues. + output: true + - name: 'expectedOutages' + type: Array + description: A list of outages expected for this Interconnect. + output: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Unique identifier for this outage notification. + output: true + - name: 'description' + type: String + description: | + A description about the purpose of the outage. + output: true + - name: 'source' + type: Enum + description: | + The party that generated this notification. Note that the value of NSRC_GOOGLE has been + deprecated in favor of GOOGLE. Can take the following value: + - GOOGLE: this notification as generated by Google. + output: true + enum_values: + - 'GOOGLE' + - name: 'state' + type: Enum + description: | + State of this notification. Note that the versions of this enum prefixed with "NS_" have + been deprecated in favor of the unprefixed values. Can take one of the following values: + - ACTIVE: This outage notification is active. The event could be in the past, present, + or future. See startTime and endTime for scheduling. + - CANCELLED: The outage associated with this notification was cancelled before the + outage was due to start. + - COMPLETED: The outage associated with this notification is complete. + output: true + enum_values: + - 'ACTIVE' + - 'CANCELLED' + - 'COMPLETED' + - name: 'issueType' + type: Enum + description: | + Form this outage is expected to take. Note that the versions of this enum prefixed with + "IT_" have been deprecated in favor of the unprefixed values. Can take one of the + following values: + - OUTAGE: The Interconnect may be completely out of service for some or all of the + specified window. + - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain + up, but with reduced bandwidth. + output: true + enum_values: + - 'OUTAGE' + - 'PARTIAL_OUTAGE' + - name: 'affectedCircuits' + type: Array + description: | + If issueType is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be + affected. + output: true + item_type: + type: String + - name: 'startTime' + type: String + description: | + Scheduled start time for the outage (milliseconds since Unix epoch). + output: true + - name: 'endTime' + type: String + description: | + Scheduled end time for the outage (milliseconds since Unix epoch). + output: true + - name: 'circuitInfos' + type: Array + description: A list of CircuitInfo objects, that describe the individual circuits in this LAG. + output: true + item_type: + type: NestedObject + properties: + - name: 'googleCircuitId' + type: String + description: | + Google-assigned unique ID for this circuit. Assigned at circuit turn-up. + output: true + - name: 'googleDemarcId' + type: String + description: | + Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by + Google to the customer in the LOA. + output: true + - name: 'customerDemarcId' + type: String + description: | + Customer-side demarc ID for this circuit. + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Labels for this resource. These can only be added or modified by the setLabels + method. Each label key/value pair must comply with RFC1035. Label values may be empty. + immutable: false + - name: 'labelFingerprint' + type: Fingerprint + description: | + A fingerprint for the labels being applied to this Interconnect, which is essentially a hash + of the labels set used for optimistic locking. The fingerprint is initially generated by + Compute Engine and changes after every request to modify or update labels. + You must always provide an up-to-date fingerprint hash in order to update or change labels, + otherwise the request will fail with error 412 conditionNotMet. + output: true + - name: 'state' + type: Enum + description: | + The current state of Interconnect functionality, which can take one of the following values: + - ACTIVE: The Interconnect is valid, turned up and ready to use. + Attachments may be provisioned on this Interconnect. + - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may b + provisioned on this Interconnect. + - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may + be provisioned or updated on this Interconnect. + output: true + enum_values: + - 'ACTIVE' + - 'UNPROVISIONED' + - 'UNDER_MAINTENANCE' + - name: 'satisfiesPzs' + type: Boolean + description: Reserved for future use. + output: true + - name: 'macsec' + type: NestedObject + description: | + Configuration that enables Media Access Control security (MACsec) on the Cloud + Interconnect connection between Google and your on-premises router. + properties: + - name: 'preSharedKeys' + type: Array + description: | + A keychain placeholder describing a set of named key objects along with their + start times. A MACsec CKN/CAK is generated for each key in the key chain. + Google router automatically picks the key with the most recent startTime when establishing + or re-establishing a MACsec secure link. + required: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + A name for this pre-shared key. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character + must be a lowercase letter, and all following characters must be a dash, lowercase + letter, or digit, except the last character, which cannot be a dash. + required: true + validation: + regex: '^[a-z]([-a-z0-9]*[a-z0-9])?$' + - name: 'startTime' + type: String + description: | + A RFC3339 timestamp on or after which the key is valid. startTime can be in the + future. If the keychain has a single key, startTime can be omitted. If the keychain + has multiple keys, startTime is mandatory for each key. The start times of keys must + be in increasing order. The start times of two consecutive keys must be at least 6 + hours apart. + - name: 'failOpen' + type: Boolean + description: | + If set to true, the Interconnect connection is configured with a should-secure + MACsec security policy, that allows the Google router to fallback to cleartext + traffic if the MKA session cannot be established. By default, the Interconnect + connection is configured with a must-secure security policy that drops all traffic + if the MKA session cannot be established with your router. + - name: 'macsecEnabled' + type: Boolean + description: | + Enable or disable MACsec on this Interconnect connection. + MACsec enablement fails if the MACsec object is not specified. + - name: 'remoteLocation' + type: String + description: | + Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside + of Google's network that the interconnect is connected to. + - name: 'requestedFeatures' + type: Array + description: | + interconnects.list of features requested for this Interconnect connection. Options: MACSEC ( + If specified then the connection is created on MACsec capable hardware ports. If not + specified, the default value is false, which allocates non-MACsec capable ports first if + available). + item_type: + type: Enum + description: | + interconnects.list of features requested for this Interconnect connection + enum_values: + - 'MACSEC' + - name: 'availableFeatures' + type: Array + description: | + interconnects.list of features available for this Interconnect connection. Can take the value: + MACSEC. If present then the Interconnect connection is provisioned on MACsec capable hardware + ports. If not present then the Interconnect connection is provisioned on non-MACsec capable + ports and MACsec isn't supported and enabling MACsec fails). + output: true + item_type: + type: Enum + description: | + interconnects.list of features available for this Interconnect connection, + enum_values: + - 'MACSEC' diff --git a/mmv1/products/compute/go_InterconnectAttachment.yaml b/mmv1/products/compute/go_InterconnectAttachment.yaml new file mode 100644 index 000000000000..8ec6cc6738ee --- /dev/null +++ b/mmv1/products/compute/go_InterconnectAttachment.yaml @@ -0,0 +1,341 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InterconnectAttachment' +kind: 'compute#interconnectAttachment' +description: | + Represents an InterconnectAttachment (VLAN attachment) resource. For more + information, see Creating VLAN Attachments. +docs: +base_url: 'projects/{{project}}/regions/{{region}}/interconnectAttachments' +has_self_link: true +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/interconnect_attachment.go.tmpl' + post_create: 'templates/terraform/post_create/go/interconnect_attachment.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/interconnect_attachment.go.tmpl' +examples: + - name: 'interconnect_attachment_basic' + primary_resource_id: 'on_prem' + vars: + interconnect_attachment_name: 'on-prem-attachment' + router_name: 'router-1' + network_name: 'network-1' + - name: 'interconnect_attachment_dedicated' + primary_resource_id: 'on_prem' + vars: + interconnect_name: 'interconenct-1' + interconnect_attachment_name: 'on-prem-attachment' + router_name: 'router-1' + network_name: 'network-1' + skip_docs: true + - name: 'compute_interconnect_attachment_ipsec_encryption' + primary_resource_id: 'ipsec-encrypted-interconnect-attachment' + vars: + interconnect_attachment_name: 'test-interconnect-attachment' + address_name: 'test-address' + router_name: 'test-router' + network_name: 'test-network' +parameters: + - name: 'region' + type: ResourceRef + description: | + Region where the regional interconnect attachment resides. + required: false + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'selfLink' +properties: + - name: 'adminEnabled' + type: Boolean + description: | + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment + send_empty_value: true + default_value: true + - name: 'cloudRouterIpAddress' + type: String + description: | + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + output: true + - name: 'customerRouterIpAddress' + type: String + description: | + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + output: true + - name: 'interconnect' + type: String + description: | + URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'mtu' + type: String + description: | + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_int_to_string.go.tmpl' + - name: 'bandwidth' + type: Enum + description: | + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G + default_from_api: true + enum_values: + - 'BPS_50M' + - 'BPS_100M' + - 'BPS_200M' + - 'BPS_300M' + - 'BPS_400M' + - 'BPS_500M' + - 'BPS_1G' + - 'BPS_2G' + - 'BPS_5G' + - 'BPS_10G' + - 'BPS_20G' + - 'BPS_50G' + - name: 'edgeAvailabilityDomain' + type: String + description: | + Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + immutable: true + default_from_api: true + - name: 'pairingKey' + type: String + description: | + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain" + output: true + - name: 'partnerAsn' + type: String + description: | + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + output: true + - name: 'privateInterconnectInfo' + type: NestedObject + description: | + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + output: true + properties: + - name: 'tag8021q' + type: Integer + description: | + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + output: true + - name: 'type' + type: Enum + description: | + The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. + immutable: true + default_from_api: true + enum_values: + - 'DEDICATED' + - 'PARTNER' + - 'PARTNER_PROVIDER' + - name: 'state' + type: Enum + description: | + [Output Only] The current state of this attachment's functionality. + output: true + enum_values: + - 'ACTIVE' + - 'DEFUNCT' + - 'PARTNER_REQUEST_RECEIVED' + - 'PENDING_CUSTOMER' + - 'PENDING_PARTNER' + - 'STATE_UNSPECIFIED' + - name: 'googleReferenceId' + type: String + description: | + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + output: true + - name: 'router' + type: ResourceRef + description: | + URL of the cloud router to be used for dynamic routing. This router must be in + the same region as this InterconnectAttachment. The InterconnectAttachment will + automatically connect the Interconnect to the network & region within which the + Cloud Router is configured. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Router' + imports: 'selfLink' + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is created. The + name must be 1-63 characters long, and comply with RFC1035. Specifically, the + name must be 1-63 characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a + lowercase letter, and all following characters must be a dash, lowercase + letter, or digit, except the last character, which cannot be a dash. + required: true + immutable: true + validation: + regex: '^[a-z]([-a-z0-9]*[a-z0-9])?$' + - name: 'candidateSubnets' + type: Array + description: | + Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + immutable: true + ignore_read: true + item_type: + type: String + - name: 'vlanTag8021q' + type: Integer + description: | + The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + immutable: true + default_from_api: true + - name: 'ipsecInternalAddresses' + type: Array + description: | + URL of addresses that have been reserved for the interconnect attachment, + Used only for interconnect attachment that has the encryption option as + IPSEC. + The addresses must be RFC 1918 IP address ranges. When creating HA VPN + gateway over the interconnect attachment, if the attachment is configured + to use an RFC 1918 IP address, then the VPN gateway's IP address will be + allocated from the IP address range specified here. + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN gateway + interface 0 will be allocated from the IP address specified for this + interconnect attachment. + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on this + interconnect attachment, the HA VPN gateway's IP address will be + allocated from regional external IP address pool. + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'ipsecInternalAddress' + type: ResourceRef + description: | + URL of an address that has been reserved for the interconnect + attachment. + resource: 'Address' + imports: 'selfLink' + - name: 'encryption' + type: Enum + description: | + Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "NONE" + enum_values: + - 'NONE' + - 'IPSEC' + - name: 'stackType' + type: Enum + description: | + The stack type for this interconnect attachment to identify whether the IPv6 + feature is enabled or not. If not specified, IPV4_ONLY will be used. + This field can be both set at interconnect attachments creation and update + interconnect attachment operations. + default_from_api: true + enum_values: + - 'IPV4_IPV6' + - 'IPV4_ONLY' + - name: 'cloudRouterIpv6Address' + type: String + description: | + IPv6 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + output: true + - name: 'customerRouterIpv6Address' + type: String + description: | + IPv6 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + output: true + - name: 'subnetLength' + type: Integer + description: | + Length of the IPv4 subnet mask. Allowed values: 29 (default), 30. The default value is 29, + except for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a + constraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure + remote location fall into this category. In these cases, the default value is 30, and + requesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it + gives Google Cloud Support more debugging visibility. + immutable: true + ignore_read: true diff --git a/mmv1/products/compute/go_License.yaml b/mmv1/products/compute/go_License.yaml new file mode 100644 index 000000000000..7774d584f274 --- /dev/null +++ b/mmv1/products/compute/go_License.yaml @@ -0,0 +1,47 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'License' +kind: 'compute#license' +description: | + A License resource represents a software license. Licenses are used to + track software usage in images, persistent disks, snapshots, and virtual + machine instances. +# Used as a resource reference +exclude: true +readonly: true +docs: +base_url: '/projects/{{project}}/global/licenses' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +custom_code: +parameters: +properties: + - name: 'name' + type: String + description: | + Name of the resource. The name is 1-63 characters long + and complies with RFC1035. + output: true + - name: 'chargesUseFee' + type: Boolean + description: | + If true, the customer will be charged license fee for + running software that contains this license on an instance. + output: true diff --git a/mmv1/products/compute/go_MachineImage.yaml b/mmv1/products/compute/go_MachineImage.yaml new file mode 100644 index 000000000000..5f9a605e6787 --- /dev/null +++ b/mmv1/products/compute/go_MachineImage.yaml @@ -0,0 +1,142 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'MachineImage' +kind: 'compute#machineImage' +description: | + Represents a Machine Image resource. Machine images store all the configuration, + metadata, permissions, and data from one or more disks required to create a + Virtual machine (VM) instance. +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/machine-images' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/machineImages' +docs: +base_url: 'projects/{{project}}/global/machineImages' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + allowed_iam_role: 'roles/compute.admin' + parent_resource_attribute: 'machine_image' + iam_conditions_request_type: 'QUERY_PARAM' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: +examples: + - name: 'machine_image_basic' + primary_resource_id: 'image' + primary_resource_name: 'fmt.Sprintf("tf-test-my-image%s", context["random_suffix"])' + vars: + vm_name: 'my-vm' + image_name: 'my-image' + - name: 'compute_machine_image_kms' + primary_resource_id: 'image' + primary_resource_name: 'fmt.Sprintf("tf-test-my-image%s", context["random_suffix"])' + vars: + vm_name: 'my-vm' + image_name: 'my-image' + key_name: 'key' + keyring_name: 'keyring' + test_vars_overrides: + 'policyChanged': 'acctest.BootstrapPSARole(t, "service-", "compute-system", "roles/cloudkms.cryptoKeyEncrypterDecrypter")' +parameters: +properties: + - name: 'name' + type: String + description: 'Name of the resource.' + min_version: 'beta' + required: true + - name: 'description' + type: String + description: 'A text description of the resource.' + min_version: 'beta' + - name: 'sourceInstance' + type: ResourceRef + description: + 'The source instance used to create the machine image. You can provide + this as a partial or full URL to the resource.' + min_version: 'beta' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Instance' + imports: 'selfLink' + - name: 'storageLocations' + type: Array + description: | + The regional or multi-regional Cloud Storage bucket location where the machine image is stored. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'guestFlush' + type: Boolean + description: | + Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + min_version: 'beta' + - name: 'machineImageEncryptionKey' + type: NestedObject + description: | + Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image) + min_version: 'beta' + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + min_version: 'beta' + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + min_version: 'beta' + output: true + - name: 'kmsKeyName' + type: String + description: | + The name of the encryption key that is stored in Google Cloud KMS. + min_version: 'beta' + diff_suppress_func: 'tpgresource.CompareCryptoKeyVersions' + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + min_version: 'beta' diff --git a/mmv1/products/compute/go_MachineType.yaml b/mmv1/products/compute/go_MachineType.yaml new file mode 100644 index 000000000000..7df93a83dfcf --- /dev/null +++ b/mmv1/products/compute/go_MachineType.yaml @@ -0,0 +1,131 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'MachineType' +kind: 'compute#machineType' +description: | + Represents a MachineType resource. Machine types determine the virtualized + hardware specifications of your virtual machine instances, such as the + amount of memory or number of virtual CPUs. +exclude: true +readonly: true +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/machineTypes' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +custom_code: +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'deprecated' + type: NestedObject + description: 'The deprecation status associated with this machine type.' + output: true + properties: + - name: 'deleted' + type: Time + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DELETED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - name: 'deprecated' + type: Time + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DEPRECATED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - name: 'obsolete' + type: Time + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to OBSOLETE. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - name: 'replacement' + type: String + description: | + The URL of the suggested replacement for a deprecated resource. + The suggested replacement resource must be the same kind of + resource as the deprecated resource. + output: true + - name: 'state' + type: Enum + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource + using a DEPRECATED resource will return successfully, but with a + warning indicating the deprecated resource and recommending its + replacement. Operations which use OBSOLETE or DELETED resources + will be rejected and result in an error. + output: true + enum_values: + - 'DEPRECATED' + - 'OBSOLETE' + - 'DELETED' + - name: 'description' + type: String + description: 'An optional textual description of the resource.' + output: true + - name: 'guestCpus' + type: Integer + description: | + The number of virtual CPUs that are available to the instance. + output: true + - name: 'id' + type: Integer + description: 'The unique identifier for the resource.' + output: true + - name: 'isSharedCpu' + type: Boolean + description: | + Whether this machine type has a shared CPU. See Shared-core machine + types for more information. + output: true + - name: 'maximumPersistentDisks' + type: Integer + description: 'Maximum persistent disks allowed.' + output: true + - name: 'maximumPersistentDisksSizeGb' + type: Integer + description: 'Maximum total persistent disks size (GB) allowed.' + output: true + - name: 'memoryMb' + type: Integer + description: | + The amount of physical memory available to the instance, defined in + MB. + output: true + - name: 'name' + type: String + description: 'Name of the resource.' + - name: 'zone' + type: ResourceRef + description: 'The zone the machine type is defined.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' diff --git a/mmv1/products/compute/go_ManagedSslCertificate.yaml b/mmv1/products/compute/go_ManagedSslCertificate.yaml new file mode 100644 index 000000000000..a83f40296587 --- /dev/null +++ b/mmv1/products/compute/go_ManagedSslCertificate.yaml @@ -0,0 +1,148 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ManagedSslCertificate' +kind: 'compute#sslCertificate' +description: | + An SslCertificate resource, used for HTTPS load balancing. This resource + represents a certificate for which the certificate secrets are created and + managed by Google. + + For a resource where you provide the key, see the + SSL Certificate resource. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates' +docs: + warning: | + This resource should be used with extreme caution! Provisioning an SSL + certificate is complex. Ensure that you understand the lifecycle of a + certificate before attempting complex tasks like cert rotation automatically. + This resource will "return" as soon as the certificate object is created, + but post-creation the certificate object will go through a "provisioning" + process. The provisioning process can complete only when the domain name + for which the certificate is created points to a target pool which, itself, + points at the certificate. Depending on your DNS provider, this may take + some time, and migrating from self-managed certificates to Google-managed + certificates may entail some downtime while the certificate provisions. + + In conclusion: Be extremely cautious. +base_url: 'projects/{{project}}/global/sslCertificates' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/compute_managed_ssl_certificate.go.tmpl' +examples: + - name: 'managed_ssl_certificate_basic' + primary_resource_id: 'default' + vars: + cert_name: 'test-cert' + proxy_name: 'test-proxy' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + dns_zone_name: 'dnszone' + forwarding_rule_name: 'forwarding-rule' + http_health_check_name: 'http-health-check' + - name: 'managed_ssl_certificate_recreation' + primary_resource_id: 'cert' + external_providers: ["random", "time"] + skip_vcr: true +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'certificate_id' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + default_from_api: true + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + These are in the same namespace as the managed SSL certificates. + - name: 'managed' + type: NestedObject + description: | + Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of `MANAGED` in `type`). + properties: + - name: 'domains' + type: Array + description: | + Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + required: true + diff_suppress_func: 'AbsoluteDomainSuppress' + item_type: + type: String + max_size: 100 + - name: 'type' + type: Enum + description: | + Enum field whose value is always `MANAGED` - used to signal to the API + which type this is. + default_value: "MANAGED" + enum_values: + - 'MANAGED' + - name: 'subjectAlternativeNames' + type: Array + description: | + Domains associated with the certificate via Subject Alternative Name. + output: true + item_type: + type: String + - name: 'expireTime' + type: Time + description: | + Expire time of the certificate in RFC3339 text format. + output: true diff --git a/mmv1/products/compute/go_Network.yaml b/mmv1/products/compute/go_Network.yaml new file mode 100644 index 000000000000..cec97ad33d59 --- /dev/null +++ b/mmv1/products/compute/go_Network.yaml @@ -0,0 +1,182 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Network' +kind: 'compute#network' +description: | + Manages a VPC network or legacy network resource on GCP. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks' +docs: +base_url: 'projects/{{project}}/global/networks' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + encoder: 'templates/terraform/encoders/go/compute_network.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/compute_network.go.tmpl' + decoder: 'templates/terraform/decoders/go/compute_network.go.tmpl' + post_create: 'templates/terraform/post_create/go/compute_network_delete_default_route.tmpl' +examples: + - name: 'network_basic' + primary_resource_id: 'vpc_network' + vars: + network_name: 'vpc-network' + - name: 'network_custom_mtu' + primary_resource_id: 'vpc_network' + vars: + network_name: 'vpc-network' + test_env_vars: + project: 'PROJECT_NAME' + - name: 'network_custom_firewall_enforcement_order' + primary_resource_id: 'vpc_network' + vars: + network_name: 'vpc-network' + test_env_vars: + project: 'PROJECT_NAME' +virtual_fields: + - name: 'delete_default_routes_on_create' + description: | + If set to `true`, default routes (`0.0.0.0/0`) will be deleted + immediately after network creation. Defaults to `false`. + type: Boolean + default_value: false +parameters: +properties: + - name: 'description' + type: String + description: | + An optional description of this resource. The resource must be + recreated to modify this field. + immutable: true + - name: 'gateway_ipv4' + type: String + description: | + The gateway address for default routing out of the network. This value + is selected by GCP. + api_name: gatewayIPv4 + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' + - name: 'numericId' + type: String + description: | + The unique identifier for the resource. This identifier is defined by the server. + output: true + - name: 'autoCreateSubnetworks' + type: Boolean + description: | + When set to `true`, the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + `10.128.0.0/9` address range. + + When set to `false`, the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + immutable: true + send_empty_value: true + default_value: true + - name: 'routingConfig' + type: NestedObject + description: | + The network-level routing configuration for this network. Used by Cloud + Router to determine what type of network-wide routing behavior to + enforce. + update_url: 'projects/{{project}}/global/networks/{{name}}' + update_verb: 'PATCH' + flatten_object: true + properties: + - name: 'routingMode' + type: Enum + description: | + The network-wide routing mode to use. If set to `REGIONAL`, this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to `GLOBAL`, + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. + required: false + default_from_api: true + update_url: 'projects/{{project}}/global/networks/{{name}}' + update_verb: 'PATCH' + enum_values: + - 'REGIONAL' + - 'GLOBAL' + - name: 'mtu' + type: Integer + description: | + Maximum Transmission Unit in bytes. The default value is 1460 bytes. + The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). + Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped + with an ICMP `Fragmentation-Needed` message if the packets are routed to the Internet or other VPCs + with varying MTUs. + immutable: true + default_from_api: true + - name: 'enableUlaInternalIpv6' + type: Boolean + description: | + Enable ULA internal ipv6 on this network. Enabling this feature will assign + a /48 from google defined ULA prefix fd20::/20. + immutable: true + - name: 'internalIpv6Range' + type: String + description: | + When enabling ula internal ipv6, caller optionally can specify the /48 range + they want from the google defined ULA prefix fd20::/20. The input must be a + valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will + fail if the speficied /48 is already in used by another resource. + If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. + immutable: true + default_from_api: true + - name: 'networkFirewallPolicyEnforcementOrder' + type: Enum + description: | + Set the order that Firewall Rules and Firewall Policies are evaluated. + update_url: 'projects/{{project}}/global/networks/{{name}}' + update_verb: 'PATCH' + default_value: "AFTER_CLASSIC_FIREWALL" + enum_values: + - 'BEFORE_CLASSIC_FIREWALL' + - 'AFTER_CLASSIC_FIREWALL' diff --git a/mmv1/products/compute/go_NetworkAttachment.yaml b/mmv1/products/compute/go_NetworkAttachment.yaml new file mode 100644 index 000000000000..635bee8c5862 --- /dev/null +++ b/mmv1/products/compute/go_NetworkAttachment.yaml @@ -0,0 +1,187 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkAttachment' +kind: 'compute#networkAttachment' +description: | + A network attachment is a resource that lets a producer Virtual Private Cloud (VPC) network initiate connections to a consumer VPC network through a Private Service Connect interface. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/about-network-attachments' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networkAttachments' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/networkAttachments' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'network_attachment_basic' + primary_resource_id: 'default' + vars: + resource_name: 'basic-network-attachment' + network_name: 'basic-network' + subnetwork_name: 'basic-subnetwork' + accepted_producer_project_name: 'prj-accepted' + rejected_producer_project_name: 'prj-rejected' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + - name: 'network_attachment_instance_usage' + primary_resource_id: 'default' + min_version: 'beta' + vars: + resource_name: 'basic-network-attachment' + network_name: 'basic-network' + subnetwork_name: 'basic-subnetwork' + instance_name: 'basic-instance' +parameters: + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + required: true + - name: 'region' + type: ResourceRef + description: | + URL of the region where the network attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body. + required: true + immutable: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'kind' + type: String + description: 'Type of the resource.' + output: true + - name: 'id' + type: String + description: 'The unique identifier for the resource type. The server generates this identifier.' + output: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create the resource. + - name: 'selfLink' + type: String + description: 'Server-defined URL for the resource.' + output: true + - name: 'selfLinkWithId' + type: String + description: | + Server-defined URL for this resource's resource id. + output: true + - name: 'connectionPreference' + type: Enum + description: | + The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules. + required: true + enum_values: + - 'ACCEPT_AUTOMATIC' + - 'ACCEPT_MANUAL' + - 'INVALID' + - name: 'connectionEndpoints' + type: Array + description: | + An array of connections for all the producers connected to this network attachment. + output: true + item_type: + type: NestedObject + properties: + - name: 'status' + type: String + description: | + The status of a connected endpoint to this network attachment. + output: true + - name: 'projectIdOrNum' + type: String + description: | + The project id or number of the interface to which the IP was assigned. + output: true + - name: 'subnetwork' + type: String + description: | + The subnetwork used to assign the IP to the producer instance network interface. + output: true + - name: 'ipAddress' + type: String + description: | + The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless. + output: true + - name: 'secondaryIpCidrRanges' + type: String + description: | + Alias IP ranges from the same subnetwork. + output: true + - name: 'subnetworks' + type: Array + description: | + An array of URLs where each entry is the URL of a subnet provided by the service consumer to use for endpoints in the producers that connect to this network attachment. + required: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'subnet' + type: ResourceRef + description: | + A subnet that is provided to set this network attachment. + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'producerRejectLists' + type: Array + description: | + Projects that are not allowed to connect to this network attachment. The project can be specified using its id or number. + item_type: + type: String + - name: 'producerAcceptLists' + type: Array + description: | + Projects that are allowed to connect to this network attachment. The project can be specified using its id or number. + item_type: + type: String + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in this object. This + field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch. + output: true + - name: 'network' + type: String + description: | + The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated. + Because it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks. + output: true diff --git a/mmv1/products/compute/go_NetworkEdgeSecurityService.yaml b/mmv1/products/compute/go_NetworkEdgeSecurityService.yaml new file mode 100644 index 000000000000..2a79092c8698 --- /dev/null +++ b/mmv1/products/compute/go_NetworkEdgeSecurityService.yaml @@ -0,0 +1,121 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkEdgeSecurityService' +kind: 'compute#networkEdgeSecurityService' +description: | + Google Cloud Armor network edge security service resource. +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/armor/docs/advanced-network-ddos' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networkEdgeSecurityServices' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices' +self_link: 'projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices/{{name}}' +create_url: 'projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices?networkEdgeSecurityService={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +skip_sweeper: true +examples: + - name: 'compute_network_edge_security_service_basic' + primary_resource_id: 'default' + vars: + resource_name: 'my-edge-security-service' + test_env_vars: + project_id: 'PROJECT_NAME' +parameters: + - name: 'region' + type: ResourceRef + description: | + The region of the gateway security policy. + min_version: 'beta' + url_param_only: true + required: false + immutable: true + resource: 'Region' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is created. + min_version: 'beta' + required: true + immutable: true + - name: 'description' + type: String + description: | + Free-text description of the resource. + min_version: 'beta' + - name: 'serviceId' + type: String + description: | + The unique identifier for the resource. This identifier is defined by the server. + api_name: id + min_version: 'beta' + output: true + - name: 'creationTimestamp' + type: String + description: | + Creation timestamp in RFC3339 text format. + min_version: 'beta' + output: true + - name: 'selfLink' + type: String + description: | + Server-defined URL for the resource. + min_version: 'beta' + output: true + - name: 'selfLinkWithServiceId' + type: String + description: | + Server-defined URL for this resource with the resource id. + api_name: selfLinkWithId + min_version: 'beta' + output: true + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a NetworkEdgeSecurityService. + An up-to-date fingerprint must be provided in order to update the NetworkEdgeSecurityService, otherwise the request will fail with error 412 conditionNotMet. + min_version: 'beta' + output: true + - name: 'securityPolicy' + type: String + description: | + The resource URL for the network edge security service associated with this network edge security service. + min_version: 'beta' diff --git a/mmv1/products/compute/go_NetworkEndpoint.yaml b/mmv1/products/compute/go_NetworkEndpoint.yaml new file mode 100644 index 000000000000..abe4429c67f6 --- /dev/null +++ b/mmv1/products/compute/go_NetworkEndpoint.yaml @@ -0,0 +1,128 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkEndpoint' +kind: 'compute#networkEndpoint' +description: | + A Network endpoint represents a IP address and port combination that is + part of a specific network endpoint group (NEG). NEGs are zonal + collections of these endpoints for GCP resources within a + single subnet. **NOTE**: Network endpoints cannot be created outside of a + network endpoint group. + + -> **NOTE** In case the Endpoint's Instance is recreated, it's needed to + perform `apply` twice. To avoid situations like this, please use this resource + with the lifecycle `replace_triggered_by` method, with the passed Instance's ID. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +docs: +id_format: '{{project}}/{{zone}}/{{network_endpoint_group}}/{{instance}}/{{ip_address}}/{{port}}' +base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}' +self_link: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/listNetworkEndpoints' +create_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/attachNetworkEndpoints' +read_verb: 'POST' +delete_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/detachNetworkEndpoints' +delete_verb: 'POST' +immutable: true +mutex: 'networkEndpoint/{{project}}/{{zone}}/{{network_endpoint_group}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - instance + - ipAddress + - port +nested_query: + keys: + - items + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_network_endpoint.go.tmpl' + decoder: 'templates/terraform/decoders/go/unwrap_resource.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_network_endpoint.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/compute_network_endpoint.go.tmpl' +exclude_tgc: true +examples: + - name: 'network_endpoint' + primary_resource_id: 'default-endpoint' + vars: + neg_name: 'my-lb-neg' + instance_name: 'endpoint-instance' + network_name: 'neg-network' + subnetwork_name: 'neg-subnetwork' + skip_test: true +parameters: + - name: 'zone' + type: ResourceRef + description: | + Zone where the containing network endpoint group is located. + url_param_only: true + required: false + ignore_read: true + default_from_api: true + resource: 'Zone' + imports: 'name' + - name: 'networkEndpointGroup' + type: ResourceRef + description: | + The network endpoint group this endpoint is part of. + url_param_only: true + required: true + ignore_read: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + resource: 'NetworkEndpointGroup' + imports: 'name' +properties: + - name: 'instance' + type: ResourceRef + description: | + The name for a specific VM instance that the IP address belongs to. + This is required for network endpoints of type GCE_VM_IP_PORT. + The instance must be in the same zone of network endpoint group. + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + resource: 'Instance' + imports: 'name' + - name: 'port' + type: Integer + description: | + Port number of network endpoint. + **Note** `port` is required unless the Network Endpoint Group is created + with the type of `GCE_VM_IP` + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_int.go.tmpl' + - name: 'ipAddress' + type: String + description: | + IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + required: true diff --git a/mmv1/products/compute/go_NetworkEndpointGroup.yaml b/mmv1/products/compute/go_NetworkEndpointGroup.yaml new file mode 100644 index 000000000000..c5d3c85558e8 --- /dev/null +++ b/mmv1/products/compute/go_NetworkEndpointGroup.yaml @@ -0,0 +1,150 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkEndpointGroup' +kind: 'compute#networkEndpointGroup' +description: | + Network endpoint groups (NEGs) are zonal resources that represent + collections of IP address and port combinations for GCP resources within a + single subnet. Each IP address and port combination is called a network + endpoint. + + Network endpoint groups can be used as backends in backend services for + HTTP(S), TCP proxy, and SSL proxy load balancers. You cannot use NEGs as a + backend with internal load balancers. Because NEG backends allow you to + specify IP addresses and ports, you can distribute traffic in a granular + fashion among applications or containers running within VM instances. + + Recreating a network endpoint group that's in use by another resource will give a + `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` + to avoid this type of error. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/compute_network_endpoint_group.go.tmpl' +examples: + - name: 'network_endpoint_group' + primary_resource_id: 'neg' + vars: + neg_name: 'my-lb-neg' + network_name: 'neg-network' + subnetwork_name: 'neg-subnetwork' + - name: 'network_endpoint_group_non_gcp' + primary_resource_id: 'neg' + vars: + neg_name: 'my-lb-neg' + network_name: 'neg-network' +parameters: + - name: 'zone' + type: ResourceRef + description: | + Zone where the network endpoint group is located. + required: false + ignore_read: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'networkEndpointType' + type: Enum + description: | + Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. + default_value: "GCE_VM_IP_PORT" + enum_values: + - 'GCE_VM_IP' + - 'GCE_VM_IP_PORT' + - 'NON_GCP_PRIVATE_IP_PORT' + - 'INTERNET_IP_PORT' + - 'INTERNET_FQDN_PORT' + - 'SERVERLESS' + - 'PRIVATE_SERVICE_CONNECT' + - name: 'size' + type: Integer + description: Number of network endpoints in the network endpoint group. + output: true + - name: 'network' + type: ResourceRef + description: | + The network to which all network endpoints in the NEG belong. + Uses "default" project network if unspecified. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'subnetwork' + type: ResourceRef + description: | + Optional subnetwork to which all network endpoints in the NEG belong. + diff_suppress_func: 'compareOptionalSubnet' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'defaultPort' + type: Integer + description: | + The default port used if the port number is not specified in the + network endpoint. diff --git a/mmv1/products/compute/go_NetworkEndpoints.yaml b/mmv1/products/compute/go_NetworkEndpoints.yaml new file mode 100644 index 000000000000..7242e983788f --- /dev/null +++ b/mmv1/products/compute/go_NetworkEndpoints.yaml @@ -0,0 +1,139 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkEndpoints' +kind: 'compute#networkEndpoints' +description: | + A set of network endpoints belonging to a network endpoint group (NEG). A + single network endpoint represents a IP address and port combination that is + part of a specific network endpoint group (NEG). NEGs are zonal collections + of these endpoints for GCP resources within a single subnet. **NOTE**: + Network endpoints cannot be created outside of a network endpoint group. + + This resource is authoritative for a single NEG. Any endpoints not specified + by this resource will be deleted when the resource configuration is applied. + + -> **NOTE** In case the Endpoint's Instance is recreated, it's needed to + perform `apply` twice. To avoid situations like this, please use this resource + with the lifecycle `replace_triggered_by` method, with the passed Instance's ID. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +docs: +id_format: '{{project}}/{{zone}}/{{network_endpoint_group}}/endpoints' +base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}' +self_link: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/listNetworkEndpoints' +create_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/attachNetworkEndpoints' +update_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/attachNetworkEndpoints' +update_verb: 'POST' +read_verb: 'POST' +delete_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/detachNetworkEndpoints' +delete_verb: 'POST' +mutex: 'networkEndpoint/{{project}}/{{zone}}/{{network_endpoint_group}}' +import_format: + - 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - networkEndpointGroup +custom_code: + constants: 'templates/terraform/constants/go/network_endpoints.go.tmpl' + encoder: 'templates/terraform/encoders/go/compute_network_endpoints.go.tmpl' + decoder: 'templates/terraform/decoders/go/network_endpoints.go.tmpl' + pre_create: 'templates/terraform/pre_create/go/network_endpoints.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/network_endpoints.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_network_endpoints.go.tmpl' +exclude_tgc: true +examples: + - name: 'network_endpoints' + primary_resource_id: 'default-endpoints' + vars: + neg_name: 'my-lb-neg' + instance_name: 'endpoint-instance' + network_name: 'neg-network' + subnetwork_name: 'neg-subnetwork' + skip_test: true +parameters: + - name: 'zone' + type: ResourceRef + description: | + Zone where the containing network endpoint group is located. + url_param_only: true + required: false + ignore_read: true + default_from_api: true + resource: 'Zone' + imports: 'name' + - name: 'networkEndpointGroup' + type: ResourceRef + description: | + The network endpoint group these endpoints are part of. + url_param_only: true + required: true + ignore_read: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + resource: 'NetworkEndpointGroup' + imports: 'name' +properties: + - name: 'networkEndpoints' + type: Array + description: | + The network endpoints to be added to the enclosing network endpoint group + (NEG). Each endpoint specifies an IP address and port, along with + additional information depending on the NEG type. + is_set: true + item_type: + type: NestedObject + properties: + - name: 'instance' + type: ResourceRef + description: | + The name for a specific VM instance that the IP address belongs to. + This is required for network endpoints of type GCE_VM_IP_PORT. + The instance must be in the same zone as the network endpoint group. + custom_expand: 'templates/terraform/custom_expand/go/resource_from_self_link.go.tmpl' + resource: 'Instance' + imports: 'name' + - name: 'port' + type: Integer + description: | + Port number of network endpoint. + **Note** `port` is required unless the Network Endpoint Group is created + with the type of `GCE_VM_IP` + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_int.go.tmpl' + - name: 'ipAddress' + type: String + description: | + IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + required: true diff --git a/mmv1/products/compute/go_NetworkFirewallPolicy.yaml b/mmv1/products/compute/go_NetworkFirewallPolicy.yaml new file mode 100644 index 000000000000..6324ccdf3966 --- /dev/null +++ b/mmv1/products/compute/go_NetworkFirewallPolicy.yaml @@ -0,0 +1,82 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkFirewallPolicy' +description: "The Compute NetworkFirewallPolicy resource" +docs: +base_url: 'projects/{{project}}/global/firewallPolicies' +self_link: 'projects/{{project}}/global/firewallPolicies/{{name}}' +create_url: 'projects/{{project}}/global/firewallPolicies' +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +legacy_long_form_project: true +examples: + - name: 'network_firewall_policy_full' + primary_resource_id: 'policy' + vars: + policy_name: 'tf-test-policy' +parameters: +properties: + - name: 'creationTimestamp' + type: String + description: Creation timestamp in RFC3339 text format. + output: true + - name: 'name' + type: String + description: User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + required: true + immutable: true + - name: 'networkFirewallPolicyId' + type: String + description: The unique identifier for the resource. This identifier is defined by the server. + api_name: id + output: true + - name: 'description' + type: String + description: An optional description of this resource. Provide this property when you create the resource. + - name: 'fingerprint' + type: Fingerprint + description: Fingerprint of the resource. This field is used internally during updates of this resource. + output: true + - name: 'selfLink' + type: String + description: Server-defined URL for the resource. + output: true + - name: 'selfLinkWithId' + type: String + description: Server-defined URL for this resource with the resource id. + output: true + - name: 'ruleTupleCount' + type: Integer + description: Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + output: true diff --git a/mmv1/products/compute/go_NetworkPeeringRoutesConfig.yaml b/mmv1/products/compute/go_NetworkPeeringRoutesConfig.yaml new file mode 100644 index 000000000000..bfc331e0f42d --- /dev/null +++ b/mmv1/products/compute/go_NetworkPeeringRoutesConfig.yaml @@ -0,0 +1,110 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NetworkPeeringRoutesConfig' +description: | + Manage a network peering's route settings without managing the peering as + a whole. This resource is primarily intended for use with GCP-generated + peerings that shouldn't otherwise be managed by other tools. Deleting this + resource is a no-op and the peering will not be modified. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc-peering' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks/updatePeering' +docs: +id_format: 'projects/{{project}}/global/networks/{{network}}/networkPeerings/{{peering}}' +base_url: 'projects/{{project}}/global/networks/{{network}}' +self_link: 'projects/{{project}}/global/networks/{{network}}' +create_url: 'projects/{{project}}/global/networks/{{network}}/updatePeering' +create_verb: 'PATCH' +update_url: 'projects/{{project}}/global/networks/{{network}}/updatePeering' +update_verb: 'PATCH' +skip_delete: true +mutex: 'projects/{{project}}/global/networks/{{network}}/peerings' +import_format: + - 'projects/{{project}}/global/networks/{{network}}/networkPeerings/{{peering}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - peering +nested_query: + keys: + - peerings + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/network_peering_routes_config.go.tmpl' +examples: + - name: 'network_peering_routes_config_basic' + primary_resource_id: 'peering_primary_routes' + vars: + peering_primary_name: 'primary-peering' + peering_secondary_name: 'secondary-peering' + network_primary_name: 'primary-network' + network_secondary_name: 'secondary-network' + - name: 'network_peering_routes_config_gke' + primary_resource_id: 'peering_gke_routes' + vars: + network_name: 'container-network' + subnetwork_name: 'container-subnetwork' + gke_cluster_name: 'private-cluster' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' +parameters: + - name: 'network' + type: ResourceRef + description: | + The name of the primary network for the peering. + url_param_only: true + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + resource: 'Network' + imports: 'name' +properties: + - name: 'peering' + type: String + description: | + Name of the peering. + api_name: name + required: true + - name: 'exportCustomRoutes' + type: Boolean + description: | + Whether to export the custom routes to the peer network. + required: true + send_empty_value: true + - name: 'importCustomRoutes' + type: Boolean + description: | + Whether to import the custom routes to the peer network. + required: true + send_empty_value: true diff --git a/mmv1/products/compute/go_NodeGroup.yaml b/mmv1/products/compute/go_NodeGroup.yaml new file mode 100644 index 000000000000..16df58318d41 --- /dev/null +++ b/mmv1/products/compute/go_NodeGroup.yaml @@ -0,0 +1,215 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NodeGroup' +kind: 'compute#NodeGroup' +description: | + Represents a NodeGroup resource to manage a group of sole-tenant nodes. +references: + guides: + 'Sole-Tenant Nodes': 'https://cloud.google.com/compute/docs/nodes/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/nodeGroups' +has_self_link: true +create_url: 'projects/{{project}}/zones/{{zone}}/nodeGroups?initialNodeCount=PRE_CREATE_REPLACE_ME' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + pre_create: 'templates/terraform/pre_create/go/compute_node_group_url_replace.go.tmpl' +examples: + - name: 'node_group_basic' + primary_resource_id: 'nodes' + vars: + group_name: 'soletenant-group' + template_name: 'soletenant-tmpl' + - name: 'node_group_maintenance_interval' + primary_resource_id: 'nodes' + min_version: 'beta' + vars: + group_name: 'soletenant-group' + template_name: 'soletenant-tmpl' + - name: 'node_group_autoscaling_policy' + primary_resource_id: 'nodes' + vars: + group_name: 'soletenant-group' + template_name: 'soletenant-tmpl' + - name: 'node_group_share_settings' + primary_resource_id: 'nodes' + vars: + group_name: 'soletenant-group' + template_name: 'soletenant-tmpl' + guest_project_id: 'project-id' + guest_project_name: 'project-name' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'zone' + type: ResourceRef + description: | + Zone where this node group is located + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'selfLink' +properties: + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'description' + type: String + description: | + An optional textual description of the resource. + - name: 'name' + type: String + description: | + Name of the resource. + - name: 'nodeTemplate' + type: ResourceRef + description: | + The URL of the node template to which this node group belongs. + required: true + update_url: 'projects/{{project}}/zones/{{zone}}/nodeGroups/{{name}}/setNodeTemplate' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'NodeTemplate' + imports: 'selfLink' + - name: 'size' + type: Integer + description: | + The total number of nodes in the node group. + output: true + - name: 'initialSize' + type: Integer + description: | + The initial number of nodes in the node group. One of `initial_size` or `autoscaling_policy` must be configured on resource creation. + url_param_only: true + - name: 'maintenancePolicy' + type: String + description: | + Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. + default_value: "DEFAULT" + - name: 'maintenanceWindow' + type: NestedObject + description: | + contains properties for the timeframe of maintenance + properties: + - name: 'startTime' + type: String + description: | + instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid. + required: true + - name: 'autoscalingPolicy' + type: NestedObject + description: | + If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + + One of `initial_size` or `autoscaling_policy` must be configured on resource creation. + default_from_api: true + properties: + - name: 'mode' + type: Enum + description: | + The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. + required: true + default_from_api: true + enum_values: + - 'OFF' + - 'ON' + - 'ONLY_SCALE_OUT' + - name: 'minNodes' + type: Integer + description: | + Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + default_from_api: true + - name: 'maxNodes' + type: Integer + description: | + Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + required: true + default_from_api: true + - name: 'shareSettings' + type: NestedObject + description: | + Share settings for the node group. + default_from_api: true + properties: + - name: 'shareType' + type: Enum + description: | + Node group sharing type. + required: true + enum_values: + - 'ORGANIZATION' + - 'SPECIFIC_PROJECTS' + - 'LOCAL' + - name: 'projectMap' + type: Map + description: | + A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. + key_name: 'id' + key_description: | + The project ID. + value_type: + name: projectConfig + type: NestedObject + properties: + - name: 'projectId' + type: String + description: | + The project id/number should be the same as the key of this project config in the project map. + required: true + - name: 'maintenanceInterval' + type: Enum + description: | + Specifies the frequency of planned maintenance events. Set to one of the following: + - AS_NEEDED: Hosts are eligible to receive infrastructure and hypervisor updates as they become available. + - RECURRENT: Hosts receive planned infrastructure and hypervisor updates on a periodic basis, but not more frequently than every 28 days. This minimizes the number of planned maintenance operations on individual hosts and reduces the frequency of disruptions, both live migrations and terminations, on individual VMs. + min_version: 'beta' + default_from_api: true + enum_values: + - 'AS_NEEDED' + - 'RECURRENT' diff --git a/mmv1/products/compute/go_NodeTemplate.yaml b/mmv1/products/compute/go_NodeTemplate.yaml new file mode 100644 index 000000000000..ae6d1d82a6ad --- /dev/null +++ b/mmv1/products/compute/go_NodeTemplate.yaml @@ -0,0 +1,156 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NodeTemplate' +kind: 'compute#nodeTemplate' +description: | + Represents a NodeTemplate resource. Node templates specify properties + for creating sole-tenant nodes, such as node type, vCPU and memory + requirements, node affinity labels, and region. +references: + guides: + 'Sole-Tenant Nodes': 'https://cloud.google.com/compute/docs/nodes/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/nodeTemplates' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/nodeTemplates' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'node_template_basic' + primary_resource_id: 'template' + vars: + template_name: 'soletenant-tmpl' + - name: 'node_template_server_binding' + primary_resource_id: 'template' + vars: + template_name: 'soletenant-with-licenses' +parameters: + - name: 'region' + type: ResourceRef + description: | + Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'selfLink' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional textual description of the resource.' + - name: 'name' + type: String + description: 'Name of the resource.' + - name: 'nodeAffinityLabels' + type: KeyValuePairs + description: | + Labels to use for node affinity, which will be used in + instance scheduling. + - name: 'nodeType' + type: String + description: | + Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + conflicts: + - node_type_flexibility + - name: 'nodeTypeFlexibility' + type: NestedObject + description: | + Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + conflicts: + - node_type + properties: + - name: 'cpus' + type: String + description: | + Number of virtual CPUs to use. + at_least_one_of: + - 'node_type_flexibility.0.cpus' + - 'node_type_flexibility.0.memory' + - name: 'memory' + type: String + description: | + Physical memory available to the node, defined in MB. + at_least_one_of: + - 'node_type_flexibility.0.cpus' + - 'node_type_flexibility.0.memory' + - name: 'localSsd' + type: String + description: | + Use local SSD + output: true + - name: 'serverBinding' + type: NestedObject + description: | + The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + default_from_api: true + properties: + - name: 'type' + type: Enum + description: | + Type of server binding policy. If `RESTART_NODE_ON_ANY_SERVER`, + nodes using this template will restart on any physical server + following a maintenance event. + + If `RESTART_NODE_ON_MINIMAL_SERVER`, nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. + required: true + enum_values: + - 'RESTART_NODE_ON_ANY_SERVER' + - 'RESTART_NODE_ON_MINIMAL_SERVERS' + - name: 'cpuOvercommitType' + type: Enum + description: | + CPU overcommit. + default_value: "NONE" + enum_values: + - 'ENABLED' + - 'NONE' diff --git a/mmv1/products/compute/go_OrganizationSecurityPolicy.yaml b/mmv1/products/compute/go_OrganizationSecurityPolicy.yaml new file mode 100644 index 000000000000..c9033fe12929 --- /dev/null +++ b/mmv1/products/compute/go_OrganizationSecurityPolicy.yaml @@ -0,0 +1,93 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSecurityPolicy' +description: | + Organization security policies are used to control incoming/outgoing traffic. +min_version: 'beta' +references: + guides: + 'Creating a firewall policy': 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-policy' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies' +docs: +id_format: 'locations/global/securityPolicies/{{policy_id}}' +base_url: 'locations/global/securityPolicies?parentId={{parent}}' +self_link: 'locations/global/securityPolicies/{{policy_id}}' +create_url: 'locations/global/securityPolicies?parentId={{parent}}' +update_verb: 'PATCH' +import_format: + - 'locations/global/securityPolicies/{{policy_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/org_security_policy.go.tmpl' + post_delete: 'templates/terraform/post_delete/go/org_security_policy.go.tmpl' + post_update: 'templates/terraform/post_update/go/org_security_policy.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +examples: + - name: 'organization_security_policy_basic' + primary_resource_id: 'policy' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'parent' + type: String + description: | + The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id} + min_version: 'beta' + required: true + immutable: true +properties: + - name: 'displayName' + type: String + description: | + A textual name of the security policy. + min_version: 'beta' + required: true + immutable: true + - name: 'description' + type: String + description: | + A textual description for the organization security policy. + min_version: 'beta' + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + min_version: 'beta' + output: true + - name: 'policy_id' + type: String + description: | + The unique identifier for the resource. This identifier is defined by the server. + api_name: id + min_version: 'beta' + output: true + - name: 'type' + type: Enum + description: | + The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". + min_version: 'beta' + immutable: true + default_value: "FIREWALL" + enum_values: + - 'FIREWALL' diff --git a/mmv1/products/compute/go_OrganizationSecurityPolicyAssociation.yaml b/mmv1/products/compute/go_OrganizationSecurityPolicyAssociation.yaml new file mode 100644 index 000000000000..3101fac1305e --- /dev/null +++ b/mmv1/products/compute/go_OrganizationSecurityPolicyAssociation.yaml @@ -0,0 +1,76 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSecurityPolicyAssociation' +description: | + An association for the OrganizationSecurityPolicy. +min_version: 'beta' +references: + guides: + 'Associating a policy with the organization or folder': 'https://cloud.google.com/vpc/docs/using-firewall-policies#associate' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addAssociation' +docs: +id_format: '{{policy_id}}/association/{{name}}' +base_url: '{{policy_id}}' +self_link: '{{policy_id}}/getAssociation?name={{name}}' +create_url: '{{policy_id}}/addAssociation' +delete_url: '{{policy_id}}/removeAssociation?name={{name}}' +delete_verb: 'POST' +immutable: true +import_format: + - '{{%policy_id}}/association/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/org_security_policy_association.go.tmpl' + post_delete: 'templates/terraform/post_create/go/org_security_policy_association.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +read_error_transform: 'transformSecurityPolicyAssociationReadError' +examples: + - name: 'organization_security_policy_association_basic' + primary_resource_id: 'policy' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'policyId' + type: String + description: | + The security policy ID of the association. + api_name: securityPolicyId + min_version: 'beta' + url_param_only: true + required: true +properties: + - name: 'name' + type: String + description: | + The name for an association. + min_version: 'beta' + required: true + - name: 'attachmentId' + type: String + description: | + The resource that the security policy is attached to. + min_version: 'beta' + required: true + - name: 'displayName' + type: String + description: | + The display name of the security policy of the association. + min_version: 'beta' + output: true diff --git a/mmv1/products/compute/go_OrganizationSecurityPolicyRule.yaml b/mmv1/products/compute/go_OrganizationSecurityPolicyRule.yaml new file mode 100644 index 000000000000..54fa3324ecf7 --- /dev/null +++ b/mmv1/products/compute/go_OrganizationSecurityPolicyRule.yaml @@ -0,0 +1,202 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSecurityPolicyRule' +description: | + A rule for the OrganizationSecurityPolicy. +min_version: 'beta' +references: + guides: + 'Creating firewall rules': 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-rules' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addRule' +docs: +id_format: '{{policy_id}}/priority/{{priority}}' +base_url: '{{policy_id}}' +self_link: '{{policy_id}}/getRule?priority={{priority}}' +create_url: '{{policy_id}}/addRule?priority={{priority}}' +update_url: '{{policy_id}}/patchRule?priority={{priority}}' +update_verb: 'POST' +delete_url: '{{policy_id}}/removeRule?priority={{priority}}' +delete_verb: 'POST' +import_format: + - '{{%policy_id}}/priority/{{priority}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/org_security_policy_rule.go.tmpl' + post_delete: 'templates/terraform/post_create/go/org_security_policy_rule.go.tmpl' + post_update: 'templates/terraform/post_create/go/org_security_policy_rule.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/skip_delete_during_test.go.tmpl' +examples: + - name: 'organization_security_policy_rule_basic' + primary_resource_id: 'policy' + min_version: 'beta' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'policyId' + type: String + description: | + The ID of the OrganizationSecurityPolicy this rule applies to. + min_version: 'beta' + url_param_only: true + required: true + immutable: true +properties: + - name: 'description' + type: String + description: | + A description of the rule. + min_version: 'beta' + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest prority. + min_version: 'beta' + required: true + immutable: true + - name: 'match' + type: NestedObject + description: + A match condition that incoming traffic is evaluated against. If it + evaluates to true, the corresponding 'action' is enforced. + min_version: 'beta' + required: true + properties: + - name: 'description' + type: String + description: | + A description of the rule. + min_version: 'beta' + - name: 'versionedExpr' + type: Enum + description: | + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". + min_version: 'beta' + default_value: "FIREWALL" + enum_values: + - 'FIREWALL' + - name: 'config' + type: NestedObject + description: The configuration options for matching the rule. + min_version: 'beta' + required: true + properties: + - name: 'srcIpRanges' + type: Array + description: | + Source IP address range in CIDR format. Required for + INGRESS rules. + min_version: 'beta' + exactly_one_of: + - 'match.0.config.0.src_ip_ranges' + - 'match.0.config.0.dest_ip_ranges' + item_type: + type: String + - name: 'destIpRanges' + type: Array + description: | + Destination IP address range in CIDR format. Required for + EGRESS rules. + min_version: 'beta' + exactly_one_of: + - 'match.0.config.0.src_ip_ranges' + - 'match.0.config.0.dest_ip_ranges' + item_type: + type: String + - name: 'layer4Config' + type: Array + description: | + Pairs of IP protocols and ports that the rule should match. + api_name: layer4Configs + min_version: 'beta' + required: true + item_type: + type: NestedObject + properties: + - name: 'ipProtocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + min_version: 'beta' + required: true + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + min_version: 'beta' + item_type: + type: String + - name: 'action' + type: String + description: | + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + min_version: 'beta' + required: true + - name: 'preview' + type: Boolean + description: | + If set to true, the specified action is not enforced. + min_version: 'beta' + - name: 'direction' + type: Enum + description: | + The direction in which this rule applies. If unspecified an INGRESS rule is created. + min_version: 'beta' + enum_values: + - 'INGRESS' + - 'EGRESS' + - name: 'targetResources' + type: Array + description: | + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + min_version: 'beta' + item_type: + type: String + - name: 'enableLogging' + type: Boolean + description: | + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + min_version: 'beta' + send_empty_value: true + - name: 'targetServiceAccounts' + type: Array + description: | + A list of service accounts indicating the sets of + instances that are applied with this rule. + min_version: 'beta' + item_type: + type: String diff --git a/mmv1/products/compute/go_PacketMirroring.yaml b/mmv1/products/compute/go_PacketMirroring.yaml new file mode 100644 index 000000000000..99ff103ff7f7 --- /dev/null +++ b/mmv1/products/compute/go_PacketMirroring.yaml @@ -0,0 +1,203 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PacketMirroring' +description: | + Packet Mirroring mirrors traffic to and from particular VM instances. + You can use the collected traffic to help you detect security threats + and monitor application performance. +references: + guides: + 'Using Packet Mirroring': 'https://cloud.google.com/vpc/docs/using-packet-mirroring#creating' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/packetMirrorings' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/packetMirrorings' +self_link: 'projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}}' +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'compute_packet_mirroring_full' + primary_resource_id: 'foobar' + vars: + instance_name: 'my-instance' + subnetwork_name: 'my-subnetwork' + service_name: 'my-service' + hc_name: 'my-healthcheck' + mirroring_name: 'my-mirroring' + ilb_rule_name: 'my-ilb' + network_name: 'my-network' +parameters: +properties: + - name: 'name' + type: String + description: The name of the packet mirroring rule + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: A human-readable description of the rule. + immutable: true + - name: 'region' + type: String + description: | + The Region in which the created address should reside. + If it is not provided, the provider region is used. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'network' + type: NestedObject + description: | + Specifies the mirrored VPC network. Only packets in this network + will be mirrored. All mirrored VMs should have a NIC in the given + network. All mirrored subnetworks should belong to the given network. + required: true + immutable: true + properties: + - name: 'url' + type: ResourceRef + description: + The full self_link URL of the network where this rule is active. + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'priority' + type: Integer + description: | + Since only one rule can be active at a time, priority is + used to break ties in the case of two rules that apply to + the same instances. + required: false + default_from_api: true + - name: 'collectorIlb' + type: NestedObject + description: | + The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL) + that will be used as collector for mirrored traffic. The + specified forwarding rule must have is_mirroring_collector + set to true. + required: true + properties: + - name: 'url' + type: ResourceRef + description: The URL of the forwarding rule. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'ForwardingRule' + imports: 'selfLink' + - name: 'filter' + type: NestedObject + description: | + A filter for mirrored traffic. If unset, all traffic is mirrored. + properties: + - name: 'ipProtocols' + type: Array + description: Possible IP protocols including tcp, udp, icmp and esp + api_name: IPProtocols + item_type: + type: String + - name: 'cidrRanges' + type: Array + description: | + IP CIDR ranges that apply as a filter on the source (ingress) or + destination (egress) IP in the IP header. Only IPv4 is supported. + item_type: + type: String + - name: 'direction' + type: Enum + description: Direction of traffic to mirror. + default_value: "BOTH" + enum_values: + - 'INGRESS' + - 'EGRESS' + - 'BOTH' + - name: 'mirroredResources' + type: NestedObject + description: | + A means of specifying which resources to mirror. + required: true + properties: + - name: 'subnetworks' + type: Array + description: | + All instances in one of these subnetworks will be mirrored. + at_least_one_of: + - 'mirrored_resources.0.subnetworks' + - 'mirrored_resources.0.instances' + - 'mirrored_resources.0.tags' + item_type: + description: + The subnetworks that should be mirrored. Specify at most 5. + type: NestedObject + properties: + - name: 'url' + type: ResourceRef + description: + The URL of the subnetwork where this rule should be active. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'instances' + type: Array + description: | + All the listed instances will be mirrored. Specify at most 50. + at_least_one_of: + - 'mirrored_resources.0.subnetworks' + - 'mirrored_resources.0.instances' + - 'mirrored_resources.0.tags' + item_type: + description: The instances that should be mirrored. + type: NestedObject + properties: + - name: 'url' + type: ResourceRef + description: + The URL of the instances where this rule should be active. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Instance' + imports: 'selfLink' + - name: 'tags' + type: Array + description: | + All instances with these tags will be mirrored. + at_least_one_of: + - 'mirrored_resources.0.subnetworks' + - 'mirrored_resources.0.instances' + - 'mirrored_resources.0.tags' + item_type: + type: String diff --git a/mmv1/products/compute/go_PerInstanceConfig.yaml b/mmv1/products/compute/go_PerInstanceConfig.yaml new file mode 100644 index 000000000000..e1f0003e0d3b --- /dev/null +++ b/mmv1/products/compute/go_PerInstanceConfig.yaml @@ -0,0 +1,245 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PerInstanceConfig' +description: | + A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name + across instance group manager operations and can define stateful disks or metadata that are unique to the instance. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers' +docs: +id_format: '{{project}}/{{zone}}/{{instance_group_manager}}/{{name}}' +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}' +self_link: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/listPerInstanceConfigs' +create_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/createInstances' +update_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/updatePerInstanceConfigs' +update_verb: 'POST' +read_verb: 'POST' +delete_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/deletePerInstanceConfigs' +delete_verb: 'POST' +mutex: 'instanceGroupManager/{{project}}/{{zone}}/{{instance_group_manager}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - name +nested_query: + keys: + - items + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_per_instance_config.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/compute_per_instance_config.go.tmpl' + post_update: 'templates/terraform/post_update/go/compute_per_instance_config.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/per_instance_config.go.tmpl' +exclude_tgc: true +examples: + - name: 'stateful_igm' + primary_resource_id: 'stateful-instance' + vars: + template_name: 'my-template' + igm_name: 'my-igm' + disk_name: 'my-disk-name' + skip_test: true +virtual_fields: + - name: 'minimal_action' + description: | + The minimal action to perform on the instance during an update. + Default is `NONE`. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE + type: Enum + default_value: "NONE" + - name: 'most_disruptive_allowed_action' + description: | + The most disruptive action to perform on the instance during an update. + Default is `REPLACE`. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE + type: Enum + default_value: "REPLACE" + - name: 'remove_instance_on_destroy' + description: | + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: Boolean + default_value: false + - name: 'remove_instance_state_on_destroy' + description: | + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: Boolean + default_value: false +parameters: + - name: 'zone' + type: ResourceRef + description: | + Zone where the containing instance group manager is located + url_param_only: true + required: false + immutable: true + ignore_read: true + default_from_api: true + resource: 'Zone' + imports: 'name' + - name: 'instanceGroupManager' + type: ResourceRef + description: | + The instance group manager this instance config is part of. + url_param_only: true + required: true + immutable: true + resource: 'InstanceGroupManager' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The name for this per-instance config and its corresponding instance. + required: true + immutable: true + - name: 'preservedState' + type: NestedObject + description: 'The preserved state for this instance.' + properties: + - name: 'metadata' + type: KeyValuePairs + description: | + Preserved metadata defined for this instance. This is a list of key->value pairs. + - name: 'disk' + type: Array + description: | + Stateful disks for the instance. + api_name: disks + is_set: true + custom_flatten: 'templates/terraform/custom_flatten/go/preserved_state_disks.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/preserved_state_disks.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'deviceName' + type: String + description: | + A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. + required: true + - name: 'source' + type: String + description: | + The URI of an existing persistent disk to attach under the specified device-name in the format + `projects/project-id/zones/zone/disks/disk-name`. + required: true + - name: 'mode' + type: Enum + description: | + The mode of the disk. + default_value: "READ_WRITE" + enum_values: + - 'READ_ONLY' + - 'READ_WRITE' + - name: 'deleteRule' + type: Enum + description: | + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are `NEVER` and `ON_PERMANENT_INSTANCE_DELETION`. + `NEVER` - detach the disk when the VM is deleted, but do not delete the disk. + `ON_PERMANENT_INSTANCE_DELETION` will delete the stateful disk when the VM is permanently + deleted from the instance group. + default_value: "NEVER" + enum_values: + - 'NEVER' + - 'ON_PERMANENT_INSTANCE_DELETION' + - name: 'internalIp' + type: Map + description: | + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + api_name: internalIPs + key_name: 'interface_name' + value_type: + name: internalIp + type: NestedObject + properties: + - name: 'autoDelete' + type: Enum + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + default_value: "NEVER" + enum_values: + - 'NEVER' + - 'ON_PERMANENT_INSTANCE_DELETION' + - name: 'ipAddress' + type: NestedObject + description: | + Ip address representation + properties: + - name: 'address' + type: ResourceRef + description: | + The URL of the reservation for this IP address. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Address' + imports: 'selfLink' + - name: 'externalIp' + type: Map + description: | + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + api_name: externalIPs + key_name: 'interface_name' + value_type: + name: externalIp + type: NestedObject + properties: + - name: 'autoDelete' + type: Enum + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + default_value: "NEVER" + enum_values: + - 'NEVER' + - 'ON_PERMANENT_INSTANCE_DELETION' + - name: 'ipAddress' + type: NestedObject + description: | + Ip address representation + properties: + - name: 'address' + type: ResourceRef + description: | + The URL of the reservation for this IP address. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Address' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_ProjectCloudArmorTier.yaml b/mmv1/products/compute/go_ProjectCloudArmorTier.yaml new file mode 100644 index 000000000000..9b086511eed3 --- /dev/null +++ b/mmv1/products/compute/go_ProjectCloudArmorTier.yaml @@ -0,0 +1,74 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectCloudArmorTier' +description: | + Sets the Cloud Armor tier of the project. +references: + guides: + 'Subscribing to Cloud Armor Enterprise': 'https://cloud.google.com/armor/docs/managed-protection-overview#subscribing_to_plus' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/projects/setCloudArmorTier' +docs: +id_format: 'projects/{{project}}' +base_url: 'projects/{{project}}' +create_url: 'projects/{{project}}/setCloudArmorTier' +update_url: 'projects/{{project}}/setCloudArmorTier' +update_verb: 'POST' + +read_query_params: '?fields=cloudArmorTier' +import_format: + - 'projects/{{project}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + custom_delete: 'templates/terraform/custom_delete/go/only_remove_from_state.go.tmpl' +examples: + - name: 'compute_project_cloud_armor_tier_basic' + primary_resource_id: 'cloud_armor_tier_config' + skip_test: true + - name: 'compute_project_cloud_armor_tier_project_set' + primary_resource_id: 'cloud_armor_tier_config' + vars: + project_id: 'your_project_id' + test_env_vars: + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_test: true +parameters: +properties: + - name: 'cloudArmorTier' + type: Enum + description: | + Managed protection tier to be set. + required: true + enum_values: + - 'CA_STANDARD' + - 'CA_ENTERPRISE_PAYGO' diff --git a/mmv1/products/compute/go_PublicAdvertisedPrefix.yaml b/mmv1/products/compute/go_PublicAdvertisedPrefix.yaml new file mode 100644 index 000000000000..42558bd8a439 --- /dev/null +++ b/mmv1/products/compute/go_PublicAdvertisedPrefix.yaml @@ -0,0 +1,83 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PublicAdvertisedPrefix' +description: | + Represents a PublicAdvertisedPrefix for use with bring your own IP addresses (BYOIP). +references: + guides: + 'Using bring your own IP': 'https://cloud.google.com/vpc/docs/using-bring-your-own-ip' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/publicAdvertisedPrefixes' +docs: +base_url: 'projects/{{project}}/global/publicAdvertisedPrefixes' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'public_advertised_prefixes_basic' + primary_resource_id: 'prefixes' + vars: + prefixes_name: 'my-prefix' + test_env_vars: + desc: 'PAP_DESCRIPTION' + skip_test: true +parameters: +properties: + - name: 'description' + type: String + description: An optional description of this resource. + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + - name: 'dnsVerificationIp' + type: String + description: The IPv4 address to be used for reverse DNS verification. + required: true + - name: 'ipCidrRange' + type: String + description: + The IPv4 address range, in CIDR format, represented by this public + advertised prefix. + required: true + - name: 'sharedSecret' + type: String + description: | + Output Only. The shared secret to be used for reverse DNS verification. + output: true diff --git a/mmv1/products/compute/go_PublicDelegatedPrefix.yaml b/mmv1/products/compute/go_PublicDelegatedPrefix.yaml new file mode 100644 index 000000000000..5144500c2ac1 --- /dev/null +++ b/mmv1/products/compute/go_PublicDelegatedPrefix.yaml @@ -0,0 +1,89 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PublicDelegatedPrefix' +description: | + Represents a PublicDelegatedPrefix for use with bring your own IP addresses (BYOIP). +references: + guides: + 'Using bring your own IP': 'https://cloud.google.com/vpc/docs/using-bring-your-own-ip' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/publicDelegatedPrefixes' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/publicDelegatedPrefixes' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'public_delegated_prefixes_basic' + primary_resource_id: 'prefixes' + vars: + prefixes_name: 'my-prefix' + test_env_vars: + desc: 'PAP_DESCRIPTION' + skip_test: true +parameters: +properties: + - name: 'region' + type: String + description: 'A region where the prefix will reside.' + url_param_only: true + required: true + - name: 'description' + type: String + description: An optional description of this resource. + - name: 'isLiveMigration' + type: Boolean + description: If true, the prefix will be live migrated. + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + - name: 'parentPrefix' + type: String + description: + The URL of parent prefix. Either PublicAdvertisedPrefix or + PublicDelegatedPrefix. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'ipCidrRange' + type: String + description: + The IPv4 address range, in CIDR format, represented by this public + advertised prefix. + required: true diff --git a/mmv1/products/compute/go_Region.yaml b/mmv1/products/compute/go_Region.yaml new file mode 100644 index 000000000000..da81ccb93b8c --- /dev/null +++ b/mmv1/products/compute/go_Region.yaml @@ -0,0 +1,132 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Region' +kind: 'compute#region' +description: | + Represents a Region resource. A region is a specific geographical + location where you can run your resources. Each region has one or more + zones +# Used as a resource reference +exclude: true +readonly: true +docs: +base_url: 'projects/{{project}}/regions' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +custom_code: +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'deprecated' + type: NestedObject + description: 'The deprecation state of this resource.' + output: true + properties: + - name: 'deleted' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DELETED. + - name: 'deprecated' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DEPRECATED. + output: true + - name: 'obsolete' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to OBSOLETE. + output: true + - name: 'replacement' + type: String + description: | + The URL of the suggested replacement for a deprecated resource. The + suggested replacement resource must be the same kind of resource as + the deprecated resource. + output: true + - name: 'state' + type: Enum + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource using a + DEPRECATED resource will return successfully, but with a warning + indicating the deprecated resource and recommending its replacement. + Operations which use OBSOLETE or DELETED resources will be rejected + and result in an error. + output: true + enum_values: + - 'DEPRECATED' + - 'OBSOLETE' + - 'DELETED' + - name: 'description' + type: String + description: 'An optional description of this resource.' + output: true + - name: 'id' + type: Integer + description: 'The unique identifier for the resource.' + output: true + - name: 'name' + type: String + description: 'Name of the resource.' + - name: 'quotas' + type: Array + description: 'Quotas assigned to this region.' + output: true + item_type: + type: NestedObject + properties: + - name: 'metric' + type: String + description: 'Name of the quota metric.' + output: true + - name: 'limit' + type: Double + description: 'Quota limit for this metric.' + output: true + - name: 'usage' + type: Double + description: 'Current usage of this metric.' + output: true + - name: 'owner' + type: String + description: + 'Owning resource. This is the resource on which this quota is + applied.' + output: true + - name: 'status' + type: Enum + description: | + Status of the region, either UP or DOWN. + output: true + enum_values: + - 'UP' + - 'DOWN' + - name: 'zones' + type: Array + description: 'List of zones within the region' + output: true + item_type: + type: String diff --git a/mmv1/products/compute/go_RegionAutoscaler.yaml b/mmv1/products/compute/go_RegionAutoscaler.yaml new file mode 100644 index 000000000000..494945ff6369 --- /dev/null +++ b/mmv1/products/compute/go_RegionAutoscaler.yaml @@ -0,0 +1,406 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionAutoscaler' +kind: 'compute#autoscaler' +description: | + Represents an Autoscaler resource. + + Autoscalers allow you to automatically scale virtual machine instances in + managed instance groups according to an autoscaling policy that you + define. +references: + guides: + 'Autoscaling Groups of Instances': 'https://cloud.google.com/compute/docs/autoscaler/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionAutoscalers' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/autoscalers' +has_self_link: true +update_url: 'projects/{{project}}/regions/{{region}}/autoscalers?autoscaler={{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'region_autoscaler_basic' + primary_resource_id: 'foobar' + vars: + region_autoscaler_name: 'my-region-autoscaler' + instance_template_name: 'my-instance-template' + target_pool_name: 'my-target-pool' + rigm_name: 'my-region-igm' +parameters: + - name: 'region' + type: ResourceRef + description: | + URL of the region where the instance group resides. + required: false + immutable: true + ignore_read: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'autoscalingPolicy' + type: NestedObject + description: | + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + required: true + properties: + - name: 'minReplicas' + type: Integer + description: | + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + api_name: minNumReplicas + required: true + send_empty_value: true + - name: 'maxReplicas' + type: Integer + description: | + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + api_name: maxNumReplicas + required: true + send_empty_value: true + - name: 'cooldownPeriod' + type: Integer + description: | + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + api_name: coolDownPeriodSec + default_value: 60 + - name: 'mode' + type: String + description: | + Defines operating mode for this policy. + default_value: "ON" + - name: 'scaleDownControl' + type: NestedObject + description: | + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events + min_version: 'beta' + properties: + - name: 'maxScaledDownReplicas' + type: NestedObject + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas' + - 'autoscaling_policy.0.scale_down_control.0.time_window_sec' + properties: + - name: 'fixed' + type: Integer + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed' + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent' + - name: 'percent' + type: Integer + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed' + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent' + - name: 'timeWindowSec' + type: Integer + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + at_least_one_of: + - 'autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas' + - 'autoscaling_policy.0.scale_down_control.0.time_window_sec' + - name: 'scaleInControl' + type: NestedObject + description: | + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - name: 'maxScaledInReplicas' + type: NestedObject + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas' + - 'autoscaling_policy.0.scale_in_control.0.time_window_sec' + properties: + - name: 'fixed' + type: Integer + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed' + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent' + - name: 'percent' + type: Integer + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed' + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent' + - name: 'timeWindowSec' + type: Integer + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + at_least_one_of: + - 'autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas' + - 'autoscaling_policy.0.scale_in_control.0.time_window_sec' + - name: 'cpuUtilization' + type: NestedObject + description: | + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + default_from_api: true + properties: + - name: 'target' + type: Double + description: | + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + api_name: utilizationTarget + required: true + - name: 'predictiveMethod' + type: String + description: | + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "NONE" + - name: 'metric' + type: Array + description: | + Configuration parameters of autoscaling based on a custom metric. + api_name: customMetricUtilizations + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + api_name: metric + required: true + - name: 'singleInstanceAssignment' + type: Double + description: | + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + `pubsub.googleapis.com/subscription/num_undelivered_messages` + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + - name: 'target' + type: Double + description: | + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + api_name: utilizationTarget + - name: 'type' + type: Enum + description: | + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. + api_name: utilizationTargetType + enum_values: + - 'GAUGE' + - 'DELTA_PER_SECOND' + - 'DELTA_PER_MINUTE' + - name: 'filter' + type: String + description: | + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + - name: 'loadBalancingUtilization' + type: NestedObject + description: | + Configuration parameters of autoscaling based on a load balancer. + properties: + - name: 'target' + type: Double + description: | + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + api_name: utilizationTarget + required: true + - name: 'scalingSchedules' + type: Map + description: | + Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. + key_name: 'name' + key_description: | + A name for the schedule. + value_type: + name: scalingSchedule + type: NestedObject + properties: + - name: 'minRequiredReplicas' + type: Integer + description: | + Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. + required: true + send_empty_value: true + - name: 'schedule' + type: String + description: | + The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). + required: true + - name: 'timeZone' + type: String + description: | + The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. + default_value: "UTC" + - name: 'durationSec' + type: Integer + description: | + The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. + required: true + - name: 'disabled' + type: Boolean + description: | + A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. + default_value: false + - name: 'description' + type: String + description: | + A description of a scaling schedule. + - name: 'target' + type: String + description: | + URL of the managed instance group that this autoscaler will scale. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' diff --git a/mmv1/products/compute/go_RegionBackendService.yaml b/mmv1/products/compute/go_RegionBackendService.yaml new file mode 100644 index 000000000000..f8b2e6a04482 --- /dev/null +++ b/mmv1/products/compute/go_RegionBackendService.yaml @@ -0,0 +1,1279 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionBackendService' +kind: 'compute#backendService' +description: | + A Region Backend Service defines a regionally-scoped group of virtual + machines that will serve traffic for load balancing. +references: + guides: + 'Internal TCP/UDP Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/internal/' + api: 'https://cloud.google.com/compute/docs/reference/latest/regionBackendServices' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/backendServices' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + allowed_iam_role: 'roles/compute.admin' + parent_resource_attribute: 'name' + iam_conditions_request_type: 'QUERY_PARAM' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + min_version: 'beta' +custom_code: + constants: 'templates/terraform/constants/go/region_backend_service.go.tmpl' + encoder: 'templates/terraform/encoders/go/region_backend_service.go.tmpl' + decoder: 'templates/terraform/decoders/go/region_backend_service.go.tmpl' + post_create: 'templates/terraform/post_create/go/compute_region_backend_service_security_policy.go.tmpl' +custom_diff: + - 'customDiffRegionBackendService' +schema_version: 1 +migrate_state: 'tpgresource.MigrateStateNoop' +examples: + - name: 'region_backend_service_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-region-service%s", context["random_suffix"])' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' + - name: 'region_backend_service_external_iap' + primary_resource_id: 'default' + vars: + region_backend_service_name: 'tf-test-region-service-external' + - name: 'region_backend_service_cache' + primary_resource_id: 'default' + min_version: 'beta' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' + - name: 'region_backend_service_ilb_round_robin' + primary_resource_id: 'default' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' + - name: 'region_backend_service_external' + primary_resource_id: 'default' + min_version: 'beta' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' + - name: 'region_backend_service_external_weighted' + primary_resource_id: 'default' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' + - name: 'region_backend_service_ilb_ring_hash' + primary_resource_id: 'default' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' + - name: 'region_backend_service_balancing_mode' + primary_resource_id: 'default' + vars: + region_backend_service_name: 'region-service' + rigm_name: 'rbs-rigm' + region_health_check_name: 'rbs-health-check' + network_name: 'rbs-net' + - name: 'region_backend_service_connection_tracking' + primary_resource_id: 'default' + min_version: 'beta' + vars: + region_backend_service_name: 'region-service' + health_check_name: 'rbs-health-check' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created backend service should reside. + If it is not provided, the provider region is used. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'affinityCookieTtlSec' + type: Integer + description: | + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + - name: 'backend' + type: Array + description: | + The set of backends that serve this RegionBackendService. + api_name: backends + is_set: true + set_hash_func: 'resourceGoogleComputeBackendServiceBackendHash' + item_type: + type: NestedObject + properties: + - name: 'balancingMode' + type: Enum + description: | + Specifies the balancing mode for this backend. + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. + + From version 6.0.0 default value will be UTILIZATION to match default GCP value. + default_value: "CONNECTION" + enum_values: + - 'UTILIZATION' + - 'RATE' + - 'CONNECTION' + - name: 'capacityScaler' + type: Double + description: | + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + ~>**NOTE**: This field cannot be set for + INTERNAL region backend services (default loadBalancingScheme), + but is required for non-INTERNAL backend service. The total + capacity_scaler for all backends must be non-zero. + + A setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + send_empty_value: true + - name: 'description' + type: String + description: | + An optional description of this resource. + Provide this property when you create the resource. + - name: 'failover' + type: Boolean + description: | + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + default_from_api: true + - name: 'group' + type: String + description: | + The fully-qualified URL of an Instance Group or Network Endpoint + Group resource. In case of instance group this defines the list + of instances that serve traffic. Member virtual machine + instances from each instance group must live in the same zone as + the instance group itself. No two backends in a backend service + are allowed to use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and + Network Endpoint Group backends. + + When the `load_balancing_scheme` is INTERNAL, only instance groups + are supported. + + Note that you must specify an Instance Group or Network Endpoint + Group resource using the fully-qualified URL, rather than a + partial URL. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + custom_flatten: 'templates/terraform/custom_flatten/go/guard_self_link.go.tmpl' + - name: 'maxConnections' + type: Integer + description: | + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + Cannot be set for INTERNAL backend services. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + - name: 'maxConnectionsPerInstance' + type: Integer + description: | + The max number of simultaneous connections that a single + backend instance can handle. Cannot be set for INTERNAL backend + services. + + This is used to calculate the capacity of the group. + Can be used in either CONNECTION or UTILIZATION balancing modes. + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + - name: 'maxConnectionsPerEndpoint' + type: Integer + description: | + The max number of simultaneous connections that a single backend + network endpoint can handle. Cannot be set + for INTERNAL backend services. + + This is used to calculate the capacity of the group. Can be + used in either CONNECTION or UTILIZATION balancing modes. For + CONNECTION mode, either maxConnections or + maxConnectionsPerEndpoint must be set. + - name: 'maxRate' + type: Integer + description: | + The max requests per second (RPS) of the group. Cannot be set + for INTERNAL backend services. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. Either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + - name: 'maxRatePerInstance' + type: Double + description: | + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. Cannot be set + for INTERNAL backend services. + - name: 'maxRatePerEndpoint' + type: Double + description: | + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. Cannot be set + for INTERNAL backend services. + - name: 'maxUtilization' + type: Double + description: | + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + Cannot be set for INTERNAL backend services. + - name: 'circuitBreakers' + type: NestedObject + description: | + Settings controlling the volume of connections to a backend service. This field + is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED + and the `protocol` is set to HTTP, HTTPS, or HTTP2. + properties: + - name: 'connectTimeout' + type: NestedObject + description: | + The timeout for new network connections to hosts. + min_version: 'beta' + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - name: 'maxRequestsPerConnection' + type: Integer + description: | + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + - name: 'maxConnections' + type: Integer + description: | + The maximum number of connections to the backend cluster. + Defaults to 1024. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 1024 + - name: 'maxPendingRequests' + type: Integer + description: | + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 1024 + - name: 'maxRequests' + type: Integer + description: | + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 1024 + - name: 'maxRetries' + type: Integer + description: | + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + at_least_one_of: + - 'circuit_breakers.0.connect_timeout' + - 'circuit_breakers.0.max_requests_per_connection' + - 'circuit_breakers.0.max_connections' + - 'circuit_breakers.0.max_pending_requests' + - 'circuit_breakers.0.max_requests' + - 'circuit_breakers.0.max_retries' + default_value: 3 + - name: 'consistentHash' + type: NestedObject + description: | + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. + This field only applies when all of the following are true - + * `load_balancing_scheme` is set to INTERNAL_MANAGED + * `protocol` is set to HTTP, HTTPS, or HTTP2 + * `locality_lb_policy` is set to MAGLEV or RING_HASH + properties: + - name: 'httpCookie' + type: NestedObject + description: | + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + at_least_one_of: + - 'consistent_hash.0.http_cookie' + - 'consistent_hash.0.http_header_name' + - 'consistent_hash.0.minimum_ring_size' + properties: + - name: 'ttl' + type: NestedObject + description: | + Lifetime of the cookie. + at_least_one_of: + - 'consistent_hash.0.http_cookie.0.ttl' + - 'consistent_hash.0.http_cookie.0.name' + - 'consistent_hash.0.http_cookie.0.path' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - name: 'name' + type: String + description: | + Name of the cookie. + at_least_one_of: + - 'consistent_hash.0.http_cookie.0.ttl' + - 'consistent_hash.0.http_cookie.0.name' + - 'consistent_hash.0.http_cookie.0.path' + - name: 'path' + type: String + description: | + Path to set for the cookie. + at_least_one_of: + - 'consistent_hash.0.http_cookie.0.ttl' + - 'consistent_hash.0.http_cookie.0.name' + - 'consistent_hash.0.http_cookie.0.path' + - name: 'httpHeaderName' + type: String + description: | + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + at_least_one_of: + - 'consistent_hash.0.http_cookie' + - 'consistent_hash.0.http_header_name' + - 'consistent_hash.0.minimum_ring_size' + - name: 'minimumRingSize' + type: Integer + description: | + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + at_least_one_of: + - 'consistent_hash.0.http_cookie' + - 'consistent_hash.0.http_header_name' + - 'consistent_hash.0.minimum_ring_size' + default_value: 1024 + - name: 'cdnPolicy' + type: NestedObject + description: 'Cloud CDN configuration for this BackendService.' + default_from_api: true + properties: + - name: 'cacheKeyPolicy' + type: NestedObject + description: 'The CacheKeyPolicy for this CdnPolicy.' + at_least_one_of: + - 'cdn_policy.0.cache_key_policy' + - 'cdn_policy.0.signed_url_cache_max_age_sec' + properties: + - name: 'includeHost' + type: Boolean + description: | + If true requests to different hosts will be cached separately. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + - name: 'includeProtocol' + type: Boolean + description: | + If true, http and https requests will be cached separately. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + - name: 'includeQueryString' + type: Boolean + description: | + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + - name: 'queryStringBlacklist' + type: Array + description: | + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + is_set: true + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'queryStringWhitelist' + type: Array + description: | + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + is_set: true + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'includeNamedCookies' + type: Array + description: | + Names of cookies to include in cache keys. + send_empty_value: true + at_least_one_of: + - 'cdn_policy.0.cache_key_policy.0.include_host' + - 'cdn_policy.0.cache_key_policy.0.include_protocol' + - 'cdn_policy.0.cache_key_policy.0.include_query_string' + - 'cdn_policy.0.cache_key_policy.0.query_string_blacklist' + - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' + - 'cdn_policy.0.cache_key_policy.0.include_named_cookies' + item_type: + type: String + - name: 'signedUrlCacheMaxAgeSec' + type: Integer + description: | + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + at_least_one_of: + - 'cdn_policy.0.cache_key_policy' + - 'cdn_policy.0.signed_url_cache_max_age_sec' + default_value: 3600 + - name: 'defaultTtl' + type: Integer + description: | + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + default_from_api: true + - name: 'maxTtl' + type: Integer + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + default_from_api: true + - name: 'clientTtl' + type: Integer + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + default_from_api: true + - name: 'negativeCaching' + type: Boolean + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. + default_from_api: true + send_empty_value: true + - name: 'negativeCachingPolicy' + type: Array + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + item_type: + type: NestedObject + properties: + - name: 'code' + type: Integer + description: | + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + - name: 'ttl' + type: Integer + description: | + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + min_version: 'beta' + - name: 'cacheMode' + type: Enum + description: | + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC + default_from_api: true + enum_values: + - 'USE_ORIGIN_HEADERS' + - 'FORCE_CACHE_ALL' + - 'CACHE_ALL_STATIC' + - name: 'serveWhileStale' + type: Integer + description: | + Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. + + default_from_api: true + send_empty_value: true + - name: 'connectionDraining' + type: NestedObject + description: | + Settings for connection draining + flatten_object: true + properties: + - name: 'connection_draining_timeout_sec' + type: Integer + description: | + Time for which instance will be drained (not accept new + connections, but still work to finish started). + + From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. + api_name: drainingTimeoutSec + send_empty_value: true + default_value: 0 + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'failoverPolicy' + type: NestedObject + description: | + Policy for failovers. + properties: + - name: 'disableConnectionDrainOnFailover' + type: Boolean + description: | + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + default_from_api: true + at_least_one_of: + - 'failover_policy.0.disable_connection_drain_on_failover' + - 'failover_policy.0.drop_traffic_if_unhealthy' + - 'failover_policy.0.failover_ratio' + - name: 'dropTrafficIfUnhealthy' + type: Boolean + description: | + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + default_from_api: true + send_empty_value: true + at_least_one_of: + - 'failover_policy.0.disable_connection_drain_on_failover' + - 'failover_policy.0.drop_traffic_if_unhealthy' + - 'failover_policy.0.failover_ratio' + - name: 'failoverRatio' + type: Double + description: | + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + at_least_one_of: + - 'failover_policy.0.disable_connection_drain_on_failover' + - 'failover_policy.0.drop_traffic_if_unhealthy' + - 'failover_policy.0.failover_ratio' + - name: 'enableCDN' + type: Boolean + description: | + If true, enable Cloud CDN for this RegionBackendService. + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + output: true + - name: 'healthChecks' + type: Array + description: | + The set of URLs to HealthCheck resources for health checking + this RegionBackendService. Currently at most one health + check can be specified. + + A health check must be specified unless the backend service uses an internet + or serverless NEG as a backend. + is_set: true + set_hash_func: 'tpgresource.SelfLinkRelativePathHash' + custom_flatten: 'templates/terraform/custom_flatten/go/guard_self_link_array.go.tmpl' + item_type: + type: String + min_size: 1 + max_size: 1 + - name: 'generated_id' + type: Integer + description: + 'The unique identifier for the resource. This identifier is defined by the + server.' + api_name: id + output: true + - name: 'iap' + type: NestedObject + description: Settings for enabling Cloud Identity Aware Proxy + send_empty_value: true + properties: + - name: 'oauth2ClientId' + type: String + description: | + OAuth2 Client ID for IAP + required: true + - name: 'oauth2ClientSecret' + type: String + description: | + OAuth2 Client Secret for IAP + required: true + ignore_read: true + sensitive: true + send_empty_value: true + - name: 'oauth2ClientSecretSha256' + type: String + description: | + OAuth2 Client Secret SHA-256 for IAP + sensitive: true + output: true + - name: 'loadBalancingScheme' + type: Enum + description: | + Indicates what kind of load balancing this regional backend service + will be used for. A backend service created for one type of load + balancing cannot be used with the other(s). For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). + immutable: true + default_value: "INTERNAL" + enum_values: + - 'EXTERNAL' + - 'EXTERNAL_MANAGED' + - 'INTERNAL' + - 'INTERNAL_MANAGED' + - name: 'localityLbPolicy' + type: Enum + description: | + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * `ROUND_ROBIN`: This is a simple policy in which each healthy backend + is selected in round robin order. + + * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * `RING_HASH`: The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * `RANDOM`: The load balancer selects a random healthy host. + + * `ORIGINAL_DESTINATION`: Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * `WEIGHTED_MAGLEV`: Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. + enum_values: + - 'ROUND_ROBIN' + - 'LEAST_REQUEST' + - 'RING_HASH' + - 'RANDOM' + - 'ORIGINAL_DESTINATION' + - 'MAGLEV' + - 'WEIGHTED_MAGLEV' + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'outlierDetection' + type: NestedObject + description: | + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the `load_balancing_scheme` is set + to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. + + From version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value. + Default values are enforce by GCP without providing them. + properties: + - name: 'baseEjectionTime' + type: NestedObject + description: | + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'consecutiveErrors' + type: Integer + description: | + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 5 + - name: 'consecutiveGatewayFailure' + type: Integer + description: | + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 5 + - name: 'enforcingConsecutiveErrors' + type: Integer + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 100 + - name: 'enforcingConsecutiveGatewayFailure' + type: Integer + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 0 + - name: 'enforcingSuccessRate' + type: Integer + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 100 + - name: 'interval' + type: NestedObject + description: | + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + properties: + - name: 'seconds' + type: Integer + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'maxEjectionPercent' + type: Integer + description: | + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 10 + - name: 'successRateMinimumHosts' + type: Integer + description: | + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 5 + - name: 'successRateRequestVolume' + type: Integer + description: | + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 100 + - name: 'successRateStdevFactor' + type: Integer + description: | + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + at_least_one_of: + - 'outlier_detection.0.base_ejection_time' + - 'outlier_detection.0.consecutive_errors' + - 'outlier_detection.0.consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_consecutive_errors' + - 'outlier_detection.0.enforcing_consecutive_gateway_failure' + - 'outlier_detection.0.enforcing_success_rate' + - 'outlier_detection.0.interval' + - 'outlier_detection.0.max_ejection_percent' + - 'outlier_detection.0.success_rate_minimum_hosts' + - 'outlier_detection.0.success_rate_request_volume' + - 'outlier_detection.0.success_rate_stdev_factor' + default_value: 1900 + - name: 'portName' + type: String + description: | + A named port on a backend instance group representing the port for + communication to the backend VMs in that group. Required when the + loadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED + and the backends are instance groups. The named port must be defined on each + backend instance group. This parameter has no meaning if the backends are NEGs. API sets a + default of "http" if not given. + Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing). + default_from_api: true + - name: 'protocol' + type: Enum + description: | + The protocol this RegionBackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. + # This is removed to avoid breaking terraform, as default values cannot be + # unspecified. Providers should include this as needed via overrides + # default_value: :TCP + default_from_api: true + enum_values: + - 'HTTP' + - 'HTTPS' + - 'HTTP2' + - 'SSL' + - 'TCP' + - 'UDP' + - 'GRPC' + - 'UNSPECIFIED' + - name: 'securityPolicy' + type: String + description: | + The security policy associated with this backend service. + min_version: 'beta' + update_url: 'projects/{{project}}/regions/{{region}}/backendServices/{{name}}/setSecurityPolicy' + update_verb: 'POST' + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'sessionAffinity' + type: Enum + description: | + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. + default_from_api: true + enum_values: + - 'NONE' + - 'CLIENT_IP' + - 'CLIENT_IP_PORT_PROTO' + - 'CLIENT_IP_PROTO' + - 'GENERATED_COOKIE' + - 'HEADER_FIELD' + - 'HTTP_COOKIE' + - 'CLIENT_IP_NO_DESTINATION' + - name: 'connectionTrackingPolicy' + type: NestedObject + description: | + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + min_version: 'beta' + properties: + - name: 'idleTimeoutSec' + type: Integer + description: | + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + default_from_api: true + - name: 'trackingMode' + type: Enum + description: | + Specifies the key used for connection tracking. There are two options: + `PER_CONNECTION`: The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + `PER_SESSION`: The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. + default_value: "PER_CONNECTION" + enum_values: + - 'PER_CONNECTION' + - 'PER_SESSION' + - name: 'connectionPersistenceOnUnhealthyBackends' + type: Enum + description: | + Specifies connection persistence when backends are unhealthy. + + If set to `DEFAULT_FOR_PROTOCOL`, the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to `NEVER_PERSIST`, after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to `ALWAYS_PERSIST`, existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. + default_value: "DEFAULT_FOR_PROTOCOL" + enum_values: + - 'DEFAULT_FOR_PROTOCOL' + - 'NEVER_PERSIST' + - 'ALWAYS_PERSIST' + - name: 'enableStrongAffinity' + type: Boolean + description: Enable Strong Session Affinity for Network Load Balancing. This option is not available publicly. + - name: 'timeoutSec' + type: Integer + description: | + The backend service timeout has a different meaning depending on the type of load balancer. + For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). + The default is 30 seconds. + The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. + default_from_api: true + - name: 'logConfig' + type: NestedObject + description: | + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + default_from_api: true + properties: + - name: 'enable' + type: Boolean + description: | + Whether to enable logging for the load balancer traffic served by this backend service. + send_empty_value: true + at_least_one_of: + - 'log_config.0.enable' + - 'log_config.0.sample_rate' + - name: 'sampleRate' + type: Double + description: | + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + at_least_one_of: + - 'log_config.0.enable' + - 'log_config.0.sample_rate' + diff_suppress_func: 'suppressWhenDisabled' + default_value: 1.0 + - name: 'network' + type: ResourceRef + description: | + The URL of the network to which this backend service belongs. + This field can only be specified when the load balancing scheme is set to INTERNAL. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'subsetting' + type: NestedObject + description: | + Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing and Internal HTTP(S) load balancing. + min_version: 'beta' + properties: + - name: 'policy' + type: Enum + description: | + The algorithm used for subsetting. + required: true + enum_values: + - 'CONSISTENT_HASH_SUBSETTING' diff --git a/mmv1/products/compute/go_RegionCommitment.yaml b/mmv1/products/compute/go_RegionCommitment.yaml new file mode 100644 index 000000000000..f01b2ff61484 --- /dev/null +++ b/mmv1/products/compute/go_RegionCommitment.yaml @@ -0,0 +1,201 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionCommitment' +kind: 'compute#commitment' +description: | + Represents a regional Commitment resource. + + Creating a commitment resource means that you are purchasing a committed + use contract with an explicit start and end time. You can create commitments + based on vCPUs and memory usage and receive discounted rates. +references: + guides: + 'Committed use discounts for Compute Engine': 'https://cloud.google.com/compute/docs/instances/committed-use-discounts-overview' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionCommitments' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/commitments' +has_self_link: true +skip_delete: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'compute_region_commitment_basic' + primary_resource_id: 'foobar' + vars: + region_commitment_name: 'my-region-commitment' + skip_test: true + - name: 'compute_region_commitment_full' + primary_resource_id: 'foobar' + vars: + region_commitment_name: 'my-full-commitment' + skip_test: true +parameters: + - name: 'region' + type: ResourceRef + description: | + URL of the region where this commitment may be used. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'commitment_id' + type: Integer + description: 'Unique identifier for the resource.' + api_name: id + output: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'status' + type: Enum + description: | + Status of the commitment with regards to eventual expiration + (each commitment has an end date defined). + output: true + enum_values: + - 'NOT_YET_ACTIVE' + - 'ACTIVE' + - 'EXPIRED' + - name: 'statusMessage' + type: String + description: | + A human-readable explanation of the status. + output: true + - name: 'plan' + type: Enum + description: | + The plan for this commitment, which determines duration and discount rate. + The currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). + required: true + enum_values: + - 'TWELVE_MONTH' + - 'THIRTY_SIX_MONTH' + - name: 'startTimestamp' + type: Time + description: 'Commitment start time in RFC3339 text format.' + output: true + - name: 'endTimestamp' + type: Time + description: 'Commitment end time in RFC3339 text format.' + output: true + - name: 'resources' + type: Array + description: | + A list of commitment amounts for particular resources. + Note that VCPU and MEMORY resource commitments must occur together. + item_type: + type: NestedObject + properties: + - name: 'type' + type: String + description: | + Type of resource for which this commitment applies. + Possible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR. + - name: 'amount' + type: String + description: | + The amount of the resource purchased (in a type-dependent unit, + such as bytes). For vCPUs, this can just be an integer. For memory, + this must be provided in MB. Memory must be a multiple of 256 MB, + with up to 6.5GB of memory per every vCPU. + - name: 'acceleratorType' + type: String + description: | + Name of the accelerator type resource. Applicable only when the type is ACCELERATOR. + - name: 'type' + type: String + description: | + The type of commitment, which affects the discount rate and the eligible resources. + The type could be one of the following value: `MEMORY_OPTIMIZED`, `ACCELERATOR_OPTIMIZED`, + `GENERAL_PURPOSE_N1`, `GENERAL_PURPOSE_N2`, `GENERAL_PURPOSE_N2D`, `GENERAL_PURPOSE_E2`, + `GENERAL_PURPOSE_T2D`, `GENERAL_PURPOSE_C3`, `COMPUTE_OPTIMIZED_C2`, `COMPUTE_OPTIMIZED_C2D` and + `GRAPHICS_OPTIMIZED_G2` + default_from_api: true + - name: 'category' + type: Enum + description: | + The category of the commitment. Category MACHINE specifies commitments composed of + machine resources such as VCPU or MEMORY, listed in resources. Category LICENSE + specifies commitments composed of software licenses, listed in licenseResources. + Note that only MACHINE commitments should have a Type specified. + default_from_api: true + enum_values: + - 'LICENSE' + - 'MACHINE' + - name: 'licenseResource' + type: NestedObject + description: | + The license specification required as part of a license commitment. + properties: + - name: 'license' + type: String + description: | + Any applicable license URI. + required: true + - name: 'amount' + type: String + description: | + The number of licenses purchased. + - name: 'coresPerLicense' + type: String + description: | + Specifies the core range of the instance for which this license applies. + - name: 'autoRenew' + type: Boolean + description: | + Specifies whether to enable automatic renewal for the commitment. + The default value is false if not specified. + If the field is set to true, the commitment will be automatically renewed for either + one or three years according to the terms of the existing commitment. + default_from_api: true diff --git a/mmv1/products/compute/go_RegionDisk.yaml b/mmv1/products/compute/go_RegionDisk.yaml new file mode 100644 index 000000000000..835fe3365a64 --- /dev/null +++ b/mmv1/products/compute/go_RegionDisk.yaml @@ -0,0 +1,370 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionDisk' +kind: 'compute#disk' +description: | + Persistent disks are durable storage devices that function similarly to + the physical disks in a desktop or a server. Compute Engine manages the + hardware behind these devices to ensure data redundancy and optimize + performance for you. Persistent disks are available as either standard + hard disk drives (HDD) or solid-state drives (SSD). + + Persistent disks are located independently from your virtual machine + instances, so you can detach or move persistent disks to keep your data + even after you delete your instances. Persistent disk performance scales + automatically with size, so you can resize your existing persistent disks + or add more persistent disks to an instance to meet your performance and + storage space requirements. + + Add a persistent disk to your instance when you need reliable and + affordable storage with consistent performance characteristics. +references: + guides: + 'Adding or Resizing Regional Persistent Disks': 'https://cloud.google.com/compute/docs/disks/regional-persistent-disk' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionDisks' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/disks' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + parent_resource_attribute: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/regions/{{region}}/disks/{{name}}' + - '{{name}}' +custom_code: + encoder: 'templates/terraform/encoders/go/disk.tmpl' + decoder: 'templates/terraform/decoders/go/disk.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/detach_disk.tmpl' +custom_diff: + - 'customdiff.ForceNewIfChange("size", IsDiskShrinkage)' + - 'hyperDiskIopsUpdateDiffSupress' +examples: + - name: 'region_disk_basic' + primary_resource_id: 'regiondisk' + primary_resource_name: 'fmt.Sprintf("tf-test-my-region-disk%s", context["random_suffix"])' + vars: + region_disk_name: 'my-region-disk' + disk_name: 'my-disk' + snapshot_name: 'my-snapshot' + - name: 'region_disk_async' + primary_resource_id: 'primary' + primary_resource_name: 'fmt.Sprintf("tf-test-my-region-disk%s", context["random_suffix"])' + vars: + region_disk_name: 'primary-region-disk' + secondary_region_disk_name: 'secondary-region-disk' + - name: 'region_disk_features' + primary_resource_id: 'regiondisk' + primary_resource_name: 'fmt.Sprintf("tf-test-my-region-disk%s", context["random_suffix"])' + vars: + region_disk_name: 'my-region-features-disk' +parameters: + - name: 'region' + type: ResourceRef + description: 'A reference to the region where the disk resides.' + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' + - name: 'diskEncryptionKey' + type: NestedObject + description: | + Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + immutable: true + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + sensitive: true + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - name: 'kmsKeyName' + type: String + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - name: 'snapshot' + type: ResourceRef + description: | + The source snapshot used to create this disk. You can provide this as + a partial or full URL to the resource. For example, the following are + valid values: + + * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` + * `projects/project/global/snapshots/snapshot` + * `global/snapshots/snapshot` + * `snapshot` + api_name: sourceSnapshot + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Snapshot' + imports: 'selfLink' + - name: 'sourceSnapshotEncryptionKey' + type: NestedObject + description: | + The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + immutable: true + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + - name: 'kmsKeyName' + type: String + description: | + The name of the encryption key that is stored in Google Cloud KMS. + min_version: 'beta' + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - name: 'sourceSnapshotId' + type: String + description: | + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + output: true +properties: + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'lastAttachTimestamp' + type: Time + description: 'Last attach timestamp in RFC3339 text format.' + output: true + - name: 'lastDetachTimestamp' + type: Time + description: 'Last detach timestamp in RFC3339 text format.' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Labels to apply to this disk. A list of key->value pairs. + immutable: false + update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/setLabels' + update_verb: 'POST' + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'size' + type: Integer + description: | + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the sourceImage or + sourceSnapshot parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with sourceImage or sourceSnapshot, + the value of sizeGb must not be less than the size of the sourceImage + or the size of the snapshot. + api_name: sizeGb + default_from_api: true + update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/resize' + update_verb: 'POST' + - name: 'users' + type: Array + description: | + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance + output: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'user' + type: ResourceRef + description: 'A reference to a user of this disk' + resource: 'Instance' + imports: 'selfLink' + - name: 'physicalBlockSizeBytes' + type: Integer + description: | + Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + default_from_api: true + - name: 'replicaZones' + type: Array + description: 'URLs of the zones where the disk should be replicated to.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'zone' + type: ResourceRef + description: | + A reference to a zone where the disk should be replicated to. + resource: 'Zone' + imports: 'selfLink' + min_size: 2 + max_size: 2 + - name: 'type' + type: ResourceRef + description: | + URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + default_value: "pd-standard" + resource: 'RegionDiskType' + imports: 'selfLink' + - name: 'interface' + type: String + description: | + Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. + min_version: 'beta' + url_param_only: true + diff_suppress_func: 'AlwaysDiffSuppress' + default_value: "SCSI" + deprecation_message: '`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.' + - name: 'sourceDisk' + type: String + description: | + The source disk used to create this disk. You can provide this as a partial or full URL to the resource. + For example, the following are valid values: + + * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk} + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk} + * projects/{project}/zones/{zone}/disks/{disk} + * projects/{project}/regions/{region}/disks/{disk} + * zones/{zone}/disks/{disk} + * regions/{region}/disks/{disk} + diff_suppress_func: 'sourceDiskDiffSupress' + - name: 'sourceDiskId' + type: String + description: | + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + output: true + - name: 'asyncPrimaryDisk' + type: NestedObject + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + properties: + - name: 'disk' + type: String + description: | + Primary disk for asynchronous disk replication. + required: true + - name: 'guestOsFeatures' + type: Array + description: | + A list of features to enable on the guest operating system. + Applicable only for bootable disks. + is_set: true + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'type' + type: Enum + description: | + The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. + required: true + enum_values: + - 'MULTI_IP_SUBNET' + - 'SECURE_BOOT' + - 'SEV_CAPABLE' + - 'UEFI_COMPATIBLE' + - 'VIRTIO_SCSI_MULTIQUEUE' + - 'WINDOWS' + - 'GVNIC' + - 'SEV_LIVE_MIGRATABLE' + - 'SEV_SNP_CAPABLE' + - 'SUSPEND_RESUME_COMPATIBLE' + - 'TDX_CAPABLE' + - name: 'licenses' + type: Array + description: Any applicable license URI. + immutable: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'license' + type: ResourceRef + description: 'An applicable license URI' + resource: 'License' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_RegionDiskResourcePolicyAttachment.yaml b/mmv1/products/compute/go_RegionDiskResourcePolicyAttachment.yaml new file mode 100644 index 000000000000..1c41e05ebb19 --- /dev/null +++ b/mmv1/products/compute/go_RegionDiskResourcePolicyAttachment.yaml @@ -0,0 +1,90 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionDiskResourcePolicyAttachment' +description: | + Adds existing resource policies to a disk. You can only add one policy + which will be applied to this disk for scheduling snapshot creation. + + ~> **Note:** This resource does not support zonal disks (`google_compute_disk`). For zonal disks, please refer to [`google_compute_disk_resource_policy_attachment`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk_resource_policy_attachment) +docs: +id_format: '{{project}}/{{region}}/{{disk}}/{{name}}' +base_url: 'projects/{{project}}/regions/{{region}}/disks/{{disk}}' +self_link: 'projects/{{project}}/regions/{{region}}/disks/{{disk}}' +create_url: 'projects/{{project}}/regions/{{region}}/disks/{{disk}}/addResourcePolicies' +delete_url: 'projects/{{project}}/regions/{{region}}/disks/{{disk}}/removeResourcePolicies' +delete_verb: 'POST' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - name +nested_query: + keys: + - resourcePolicies + is_list_of_ids: true + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_region_disk_resource_policies_attachment.go.tmpl' + decoder: 'templates/terraform/decoders/go/compute_disk_resource_policies_attachment.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_region_disk_resource_policies_attachment.go.tmpl' +examples: + - name: 'region_disk_resource_policy_attachment_basic' + primary_resource_id: 'attachment' + vars: + base_disk_name: 'my-base-disk' + snapshot_name: 'my-snapshot' + disk_name: 'my-disk' + policy_name: 'my-resource-policy' +parameters: + - name: 'disk' + type: ResourceRef + description: | + The name of the regional disk in which the resource policies are attached to. + url_param_only: true + required: true + resource: 'Disk' + imports: 'name' + - name: 'region' + type: ResourceRef + description: 'A reference to the region where the disk resides.' + url_param_only: true + required: false + default_from_api: true + resource: 'Region' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The resource policy to be attached to the disk for scheduling snapshot + creation. Do not specify the self link. + required: true diff --git a/mmv1/products/compute/go_RegionDiskType.yaml b/mmv1/products/compute/go_RegionDiskType.yaml new file mode 100644 index 000000000000..ea29643f962a --- /dev/null +++ b/mmv1/products/compute/go_RegionDiskType.yaml @@ -0,0 +1,110 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionDiskType' +kind: 'compute#diskType' +description: | + Represents a regional DiskType resource. A DiskType resource represents + the type of disk to use, such as a pd-ssd, pd-balanced or pd-standard. To reference a + disk type, use the disk type's full or partial URL. +exclude: true +readonly: true +docs: +base_url: 'projects/{{project}}/regions/{{region}}/diskTypes' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +custom_code: +parameters: + - name: 'region' + type: ResourceRef + description: 'A reference to the region where the disk type resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'defaultDiskSizeGb' + type: Integer + description: 'Server-defined default disk size in GB.' + output: true + - name: 'deprecated' + type: NestedObject + description: 'The deprecation status associated with this disk type.' + output: true + properties: + - name: 'deleted' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DELETED. + output: true + - name: 'deprecated' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DEPRECATED. + output: true + - name: 'obsolete' + type: Time + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to OBSOLETE. + output: true + - name: 'replacement' + type: String + description: | + The URL of the suggested replacement for a deprecated resource. The + suggested replacement resource must be the same kind of resource as + the deprecated resource. + output: true + - name: 'state' + type: Enum + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource using a + DEPRECATED resource will return successfully, but with a warning + indicating the deprecated resource and recommending its replacement. + Operations which use OBSOLETE or DELETED resources will be rejected + and result in an error. + output: true + enum_values: + - 'DEPRECATED' + - 'OBSOLETE' + - 'DELETED' + - name: 'description' + type: String + description: 'An optional description of this resource.' + output: true + - name: 'id' + type: Integer + description: 'The unique identifier for the resource.' + output: true + - name: 'name' + type: String + description: 'Name of the resource.' + - name: 'validDiskSize' + type: String + description: | + An optional textual description of the valid disk size, such as + "10GB-10TB". + output: true diff --git a/mmv1/products/compute/go_RegionHealthCheck.yaml b/mmv1/products/compute/go_RegionHealthCheck.yaml new file mode 100644 index 000000000000..62dcea119fdc --- /dev/null +++ b/mmv1/products/compute/go_RegionHealthCheck.yaml @@ -0,0 +1,858 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionHealthCheck' +kind: 'compute#healthCheck' +description: | + Health Checks determine whether instances are responsive and able to do work. + They are an important part of a comprehensive load balancing configuration, + as they enable monitoring instances behind load balancers. + + Health Checks poll instances at a specified interval. Instances that + do not respond successfully to some number of probes in a row are marked + as unhealthy. No new connections are sent to unhealthy instances, + though existing connections will continue. The health check will + continue to poll unhealthy instances. If an instance later responds + successfully to some number of consecutive probes, it is marked + healthy again and can receive new connections. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/health-checks' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionHealthChecks' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/healthChecks' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + encoder: 'templates/terraform/encoders/go/health_check_type.tmpl' +custom_diff: + - 'healthCheckCustomizeDiff' +examples: + - name: 'region_health_check_tcp' + primary_resource_id: 'tcp-region-health-check' + vars: + health_check_name: 'tcp-region-health-check' + - name: 'region_health_check_tcp_full' + primary_resource_id: 'tcp-region-health-check' + vars: + health_check_name: 'tcp-region-health-check' + - name: 'region_health_check_ssl' + primary_resource_id: 'ssl-region-health-check' + vars: + health_check_name: 'ssl-region-health-check' + - name: 'region_health_check_ssl_full' + primary_resource_id: 'ssl-region-health-check' + vars: + health_check_name: 'ssl-region-health-check' + - name: 'region_health_check_http' + primary_resource_id: 'http-region-health-check' + vars: + health_check_name: 'http-region-health-check' + - name: 'region_health_check_http_logs' + primary_resource_id: 'http-region-health-check' + min_version: 'beta' + vars: + health_check_name: 'http-region-health-check' + - name: 'region_health_check_http_full' + primary_resource_id: 'http-region-health-check' + vars: + health_check_name: 'http-region-health-check' + - name: 'region_health_check_https' + primary_resource_id: 'https-region-health-check' + vars: + health_check_name: 'https-region-health-check' + - name: 'region_health_check_https_full' + primary_resource_id: 'https-region-health-check' + vars: + health_check_name: 'https-region-health-check' + - name: 'region_health_check_http2' + primary_resource_id: 'http2-region-health-check' + vars: + health_check_name: 'http2-region-health-check' + - name: 'region_health_check_http2_full' + primary_resource_id: 'http2-region-health-check' + vars: + health_check_name: 'http2-region-health-check' + - name: 'region_health_check_grpc' + primary_resource_id: 'grpc-region-health-check' + vars: + health_check_name: 'grpc-region-health-check' + - name: 'region_health_check_grpc_full' + primary_resource_id: 'grpc-region-health-check' + vars: + health_check_name: 'grpc-region-health-check' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created health check should reside. + If it is not provided, the provider region is used. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'selfLink' +properties: + - name: 'checkIntervalSec' + type: Integer + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + send_empty_value: true + - name: 'healthyThreshold' + type: Integer + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + default_value: 2 + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + - name: 'unhealthyThreshold' + type: Integer + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + default_value: 2 + - name: 'timeoutSec' + type: Integer + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + default_value: 5 + - name: 'type' + type: Enum + description: |- + The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL. + output: true + enum_values: + - 'TCP' + - 'SSL' + - 'HTTP' + - 'HTTPS' + - 'HTTP2' + - name: 'httpHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'host' + type: String + description: | + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'requestPath' + type: String + description: | + The request path of the HTTP health check request. + The default value is /. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + default_value: "/" + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTP health check request. + The default value is 80. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'http_health_check.0.host' + - 'http_health_check.0.request_path' + - 'http_health_check.0.response' + - 'http_health_check.0.port' + - 'http_health_check.0.port_name' + - 'http_health_check.0.proxy_header' + - 'http_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'httpsHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'host' + type: String + description: | + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'requestPath' + type: String + description: | + The request path of the HTTPS health check request. + The default value is /. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + default_value: "/" + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTPS health check request. + The default value is 443. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'https_health_check.0.host' + - 'https_health_check.0.request_path' + - 'https_health_check.0.response' + - 'https_health_check.0.port' + - 'https_health_check.0.port_name' + - 'https_health_check.0.proxy_header' + - 'https_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'tcpHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'request' + type: String + description: | + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the TCP health check request. + The default value is 80. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'tcp_health_check.0.request' + - 'tcp_health_check.0.response' + - 'tcp_health_check.0.port' + - 'tcp_health_check.0.port_name' + - 'tcp_health_check.0.proxy_header' + - 'tcp_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'sslHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'request' + type: String + description: | + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the SSL health check request. + The default value is 443. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'ssl_health_check.0.request' + - 'ssl_health_check.0.response' + - 'ssl_health_check.0.port' + - 'ssl_health_check.0.port_name' + - 'ssl_health_check.0.proxy_header' + - 'ssl_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'http2HealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'host' + type: String + description: | + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'requestPath' + type: String + description: | + The request path of the HTTP2 health check request. + The default value is /. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + default_value: "/" + - name: 'response' + type: String + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'port' + type: Integer + description: | + The TCP port number for the HTTP2 health check request. + The default value is 443. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to the + backend. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'http2_health_check.0.host' + - 'http2_health_check.0.request_path' + - 'http2_health_check.0.response' + - 'http2_health_check.0.port' + - 'http2_health_check.0.port_name' + - 'http2_health_check.0.proxy_header' + - 'http2_health_check.0.port_specification' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'grpcHealthCheck' + type: NestedObject + exactly_one_of: + - 'http_health_check' + - 'https_health_check' + - 'http2_health_check' + - 'tcp_health_check' + - 'ssl_health_check' + - 'grpc_health_check' + diff_suppress_func: 'portDiffSuppress' + properties: + - name: 'port' + type: Integer + description: | + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + - name: 'portName' + type: String + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + - name: 'portSpecification' + type: Enum + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in `port` and + `portName` fields. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + enum_values: + - 'USE_FIXED_PORT' + - 'USE_NAMED_PORT' + - 'USE_SERVING_PORT' + - name: 'grpcServiceName' + type: String + description: | + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + + * Empty serviceName means the overall status of all services at the backend. + * Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + + The grpcServiceName can only be ASCII. + at_least_one_of: + - 'grpc_health_check.0.port' + - 'grpc_health_check.0.port_name' + - 'grpc_health_check.0.port_specification' + - 'grpc_health_check.0.grpc_service_name' + - name: 'logConfig' + type: NestedObject + description: | + Configure logging on this health check. + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/health_check_log_config.go.tmpl' + properties: + - name: 'enable' + type: Boolean + description: | + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + default_value: false diff --git a/mmv1/products/compute/go_RegionInstanceGroupManager.yaml b/mmv1/products/compute/go_RegionInstanceGroupManager.yaml new file mode 100644 index 000000000000..46c46ed67bca --- /dev/null +++ b/mmv1/products/compute/go_RegionInstanceGroupManager.yaml @@ -0,0 +1,227 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionInstanceGroupManager' +kind: 'compute#instanceGroupManager' +description: | + Creates a managed instance group using the information that you specify in + the request. After the group is created, it schedules an action to create + instances in the group using the specified instance template. This + operation is marked as DONE when the group is created even if the + instances in the group have not yet been created. You must separately + verify the status of the individual instances. + + A managed instance group can have up to 1000 VM instances per group. +exclude: true +docs: +base_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +parameters: + - name: 'region' + type: ResourceRef + description: 'The region the managed instance group resides.' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'baseInstanceName' + type: String + description: | + The base instance name to use for instances in this group. The value + must be 1-58 characters long. Instances are named by appending a + hyphen and a random four-character string to the base instance name. + The base instance name must comply with RFC1035. + required: true + - name: 'creationTimestamp' + type: Time + description: | + The creation timestamp for this managed instance group in RFC3339 + text format. + output: true + - name: 'currentActions' + type: NestedObject + description: | + The list of instance actions and the number of instances in this + managed instance group that are scheduled for each of those actions. + output: true + properties: + - name: 'abandoning' + type: Integer + description: | + The total number of instances in the managed instance group that + are scheduled to be abandoned. Abandoning an instance removes it + from the managed instance group without deleting it. + output: true + - name: 'creating' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be created or are currently being created. If the + group fails to create any of these instances, it tries again until + it creates the instance successfully. + + If you have disabled creation retries, this field will not be + populated; instead, the creatingWithoutRetries field will be + populated. + output: true + - name: 'creatingWithoutRetries' + type: Integer + description: | + The number of instances that the managed instance group will + attempt to create. The group attempts to create each instance only + once. If the group fails to create any of these instances, it + decreases the group's targetSize value accordingly. + output: true + - name: 'deleting' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be deleted or are currently being deleted. + output: true + - name: 'none' + type: Integer + description: | + The number of instances in the managed instance group that are + running and have no scheduled actions. + output: true + - name: 'recreating' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be recreated or are currently being being recreated. + Recreating an instance deletes the existing root persistent disk + and creates a new disk from the image that is defined in the + instance template. + output: true + - name: 'refreshing' + type: Integer + description: | + The number of instances in the managed instance group that are + being reconfigured with properties that do not require a restart + or a recreate action. For example, setting or removing target + pools for the instance. + output: true + - name: 'restarting' + type: Integer + description: | + The number of instances in the managed instance group that are + scheduled to be restarted or are currently being restarted. + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + immutable: true + - name: 'id' + type: Integer + description: 'A unique identifier for this resource' + output: true + - name: 'instanceGroup' + type: ResourceRef + description: 'The instance group being managed' + output: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'InstanceGroup' + imports: 'selfLink' + - name: 'instanceTemplate' + type: ResourceRef + description: | + The instance template that is specified for this managed instance + group. The group uses this template to create all new instances in the + managed instance group. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'InstanceTemplate' + imports: 'selfLink' + - name: 'name' + type: String + description: | + The name of the managed instance group. The name must be 1-63 + characters long, and comply with RFC1035. + required: true + - name: 'namedPorts' + type: Array + description: + Named ports configured for the Instance Groups complementary to this + Instance Group Manager. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name for this named port. The name must be 1-63 characters + long, and comply with RFC1035. + - name: 'port' + type: Integer + description: + The port number, which can be a value between 1 and 65535. + - name: 'targetPools' + type: Array + description: | + TargetPool resources to which instances in the instanceGroup field are + added. The target pools automatically apply to all of the instances in + the managed instance group. + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'targetPool' + type: ResourceRef + description: 'The targetPool to receive managed instances.' + resource: 'TargetPool' + imports: 'selfLink' + - name: 'targetSize' + type: Integer + description: | + The target number of running instances for this managed instance + group. Deleting or abandoning instances reduces this number. Resizing + the group changes this number. + - name: 'autoHealingPolicies' + type: Array + description: | + The autohealing policy for this managed instance group + item_type: + type: NestedObject + properties: + - name: 'healthCheck' + type: String + description: | + The URL for the health check that signals autohealing. + - name: 'initialDelaySec' + type: Integer + description: | + The number of seconds that the managed instance group waits + before it applies autohealing policies to new instances or recently recreated instances diff --git a/mmv1/products/compute/go_RegionNetworkEndpoint.yaml b/mmv1/products/compute/go_RegionNetworkEndpoint.yaml new file mode 100644 index 000000000000..347a086a82bb --- /dev/null +++ b/mmv1/products/compute/go_RegionNetworkEndpoint.yaml @@ -0,0 +1,149 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionNetworkEndpoint' +kind: 'compute#networkEndpoint' +description: | + A Region network endpoint represents a IP address/FQDN and port combination that is + part of a specific network endpoint group (NEG). + + ~> **NOTE**: Network endpoints cannot be created outside of a network endpoint group. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + 'Internet NEGs Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups' +docs: +id_format: '{{project}}/{{region}}/{{region_network_endpoint_group}}/{{ip_address}}/{{fqdn}}/{{port}}' +base_url: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}' +self_link: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/listNetworkEndpoints' +create_url: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/attachNetworkEndpoints' +read_verb: 'POST' +delete_url: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{region_network_endpoint_group}}/detachNetworkEndpoints' +delete_verb: 'POST' +immutable: true +mutex: 'networkEndpoint/{{project}}/{{region}}/{{region_network_endpoint_group}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - ipAddress + - fqdn + - port +nested_query: + keys: + - items + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_region_network_endpoint.go.tmpl' + decoder: 'templates/terraform/decoders/go/network_endpoint.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/compute_region_network_endpoint.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/compute_region_network_endpoint.go.tmpl' +exclude_tgc: true +examples: + - name: 'region_network_endpoint_internet_ip_port' + primary_resource_id: 'region-internet-ip-port-endpoint' + vars: + neg_name: 'ip-port-neg' + network_name: 'network' + - name: 'region_network_endpoint_internet_fqdn_port' + primary_resource_id: 'region-internet-fqdn-port-endpoint' + vars: + neg_name: 'fqdn-port-neg' + network_name: 'network' + - name: 'region_network_endpoint_portmap' + primary_resource_id: 'region_network_endpoint_portmap' + min_version: 'beta' + vars: + network_name: 'network' + subnetwork_name: 'subnetwork' + instance_name: 'instance' + neg_name: 'portmap-neg' + skip_test: true +parameters: + - name: 'region' + type: ResourceRef + description: | + Region where the containing network endpoint group is located. + url_param_only: true + required: false + ignore_read: true + default_from_api: true + resource: 'Region' + imports: 'name' + - name: 'regionNetworkEndpointGroup' + type: ResourceRef + description: | + The network endpoint group this endpoint is part of. + url_param_only: true + required: true + ignore_read: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + resource: 'RegionNetworkEndpointGroup' + imports: 'name' +properties: + - name: 'port' + type: Integer + description: | + Port number of network endpoint. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_int.go.tmpl' + validation: + function: 'validation.IntAtLeast(1)' + - name: 'ipAddress' + type: String + description: | + IPv4 address external endpoint. + + This can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT. + - name: 'fqdn' + type: String + description: | + Fully qualified domain name of network endpoint. + + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + at_least_one_of: + - 'fqdn' + - 'ip_address' + - name: 'clientDestinationPort' + type: Integer + description: | + Client destination port for the `GCE_VM_IP_PORTMAP` NEG. + min_version: 'beta' + custom_flatten: 'templates/terraform/custom_flatten/go/float64_to_int.go.tmpl' + - name: 'instance' + type: ResourceRef + description: | + The name for a specific VM instance that the IP address belongs to. + This is required for network endpoints of type GCE_VM_IP_PORTMAP. + min_version: 'beta' + resource: 'Instance' + imports: 'name' diff --git a/mmv1/products/compute/go_RegionNetworkEndpointGroup.yaml b/mmv1/products/compute/go_RegionNetworkEndpointGroup.yaml new file mode 100644 index 000000000000..6a57b76776d1 --- /dev/null +++ b/mmv1/products/compute/go_RegionNetworkEndpointGroup.yaml @@ -0,0 +1,321 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionNetworkEndpointGroup' +kind: 'compute#networkEndpointGroup' +description: | + A regional NEG that can support Serverless Products, proxying traffic to + external backends and providing traffic to the PSC port mapping endpoints. + + Recreating a region network endpoint group that's in use by another resource will give a + `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` + to avoid this type of error. +references: + guides: + 'Serverless NEGs Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts' + 'Internet NEGs Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'region_network_endpoint_group_functions' + primary_resource_id: 'function_neg' + vars: + neg_name: 'function-neg' + function_name: 'function-neg' + bucket_name: 'cloudfunctions-function-example-bucket' + zip_path: 'path/to/index.zip' + test_vars_overrides: + 'zip_path': 'acctest.CreateZIPArchiveForCloudFunctionSource(t, "./test-fixtures/http_trigger.js")' + - name: 'region_network_endpoint_group_cloudrun' + primary_resource_id: 'cloudrun_neg' + vars: + neg_name: 'cloudrun-neg' + - name: 'region_network_endpoint_group_appengine' + primary_resource_id: 'appengine_neg' + vars: + neg_name: 'appengine-neg' + - name: 'region_network_endpoint_group_appengine_empty' + primary_resource_id: 'appengine_neg' + vars: + neg_name: 'appengine-neg' + - name: 'region_network_endpoint_group_psc' + primary_resource_id: 'psc_neg' + vars: + neg_name: 'psc-neg' + - name: 'region_network_endpoint_group_psc_service_attachment' + primary_resource_id: 'psc_neg_service_attachment' + vars: + neg_name: 'psc-neg' + network_name: 'psc-network' + subnetwork_name: 'psc-subnetwork' + psc_subnetwork_name: 'psc-subnetwork-nat' + backend_service_name: 'psc-backend' + forwarding_rule_name: 'psc-forwarding-rule' + service_attachment_name: 'psc-service-attachment' + health_check_name: 'psc-healthcheck' + - name: 'region_network_endpoint_group_internet_ip_port' + primary_resource_id: 'region_network_endpoint_group_internet_ip_port' + vars: + neg_name: 'ip-port-neg' + network_name: 'network' + - name: 'region_network_endpoint_group_internet_fqdn_port' + primary_resource_id: 'region_network_endpoint_group_internet_fqdn_port' + vars: + neg_name: 'ip-port-neg' + network_name: 'network' + - name: 'region_network_endpoint_group_portmap' + primary_resource_id: 'region_network_endpoint_group_portmap' + min_version: 'beta' + vars: + network_name: 'network' + subnetwork_name: 'subnetwork' + neg_name: 'portmap-neg' +parameters: + - name: 'region' + type: ResourceRef + description: | + A reference to the region where the regional NEGs reside. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + - name: 'networkEndpointType' + type: Enum + description: | + Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. + default_value: "SERVERLESS" + enum_values: + - 'SERVERLESS' + - 'PRIVATE_SERVICE_CONNECT' + - 'INTERNET_IP_PORT' + - 'INTERNET_FQDN_PORT' + - 'GCE_VM_IP_PORTMAP' + - name: 'pscTargetService' + type: String + description: | + This field is only used for PSC and INTERNET NEGs. + + The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + - name: 'network' + type: ResourceRef + description: | + This field is only used for PSC and INTERNET NEGs. + + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'subnetwork' + type: ResourceRef + description: | + This field is only used for PSC NEGs. + + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'cloudRun' + type: NestedObject + description: | + This field is only used for SERVERLESS NEGs. + + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + conflicts: + - cloud_function + - app_engine + - serverless_deployment + properties: + - name: 'service' + type: String + description: | + Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + at_least_one_of: + - 'cloud_run.0.service' + - 'cloud_run.0.url_mask' + - name: 'tag' + type: String + description: | + Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + - name: 'urlMask' + type: String + description: | + A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + at_least_one_of: + - 'cloud_run.0.service' + - 'cloud_run.0.url_mask' + - name: 'appEngine' + type: NestedObject + description: | + This field is only used for SERVERLESS NEGs. + + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + send_empty_value: true + allow_empty_object: true + conflicts: + - cloud_run + - cloud_function + - serverless_deployment + properties: + - name: 'service' + type: String + description: | + Optional serving service. + The service name must be 1-63 characters long, and comply with RFC1035. + Example value: "default", "my-service". + - name: 'version' + type: String + description: | + Optional serving version. + The version must be 1-63 characters long, and comply with RFC1035. + Example value: "v1", "v2". + - name: 'urlMask' + type: String + description: | + A template to parse service and version fields from a request URL. + URL mask allows for routing to multiple App Engine services without + having to create multiple Network Endpoint Groups and backend services. + + For example, the request URLs "foo1-dot-appname.appspot.com/v1" and + "foo1-dot-appname.appspot.com/v2" can be backed by the same Serverless NEG with + URL mask "-dot-appname.appspot.com/". The URL mask will parse + them to { service = "foo1", version = "v1" } and { service = "foo1", version = "v2" } respectively. + - name: 'cloudFunction' + type: NestedObject + description: | + This field is only used for SERVERLESS NEGs. + + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + conflicts: + - cloud_run + - app_engine + - serverless_deployment + properties: + - name: 'function' + type: String + description: | + A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + at_least_one_of: + - 'cloud_function.0.function' + - 'cloud_function.0.url_mask' + - name: 'urlMask' + type: String + description: | + A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + at_least_one_of: + - 'cloud_function.0.function' + - 'cloud_function.0.url_mask' + - name: 'serverlessDeployment' + type: NestedObject + description: | + This field is only used for SERVERLESS NEGs. + + Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set. + min_version: 'beta' + send_empty_value: true + allow_empty_object: true + conflicts: + - cloud_run + - cloud_function + - app_engine + properties: + - name: 'platform' + type: String + description: | + The platform of the NEG backend target(s). Possible values: + API Gateway: apigateway.googleapis.com + required: true + - name: 'resource' + type: String + description: | + The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask. + The resource identified by this value is platform-specific and is as follows: API Gateway: The gateway ID, App Engine: The service name, + Cloud Functions: The function name, Cloud Run: The service name + - name: 'version' + type: String + description: | + The optional resource version. The version identified by this value is platform-specific and is follows: + API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag + - name: 'urlMask' + type: String + description: | + A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources + on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources. + The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID, + App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag + required: false diff --git a/mmv1/products/compute/go_RegionNetworkFirewallPolicy.yaml b/mmv1/products/compute/go_RegionNetworkFirewallPolicy.yaml new file mode 100644 index 000000000000..e172f020417b --- /dev/null +++ b/mmv1/products/compute/go_RegionNetworkFirewallPolicy.yaml @@ -0,0 +1,88 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionNetworkFirewallPolicy' +description: "The Compute NetworkFirewallPolicy resource" +docs: +base_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies' +self_link: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}' +create_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies' +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +legacy_long_form_project: true +examples: + - name: 'region_network_firewall_policy_full' + primary_resource_id: 'policy' + vars: + policy_name: 'tf-test-policy' +parameters: + - name: 'region' + type: String + description: The region of this resource. + url_param_only: true + immutable: true + default_from_api: true +properties: + - name: 'creationTimestamp' + type: String + description: Creation timestamp in RFC3339 text format. + output: true + - name: 'name' + type: String + description: User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + required: true + immutable: true + - name: 'regionNetworkFirewallPolicyId' + type: String + description: The unique identifier for the resource. This identifier is defined by the server. + api_name: id + output: true + - name: 'description' + type: String + description: An optional description of this resource. Provide this property when you create the resource. + - name: 'fingerprint' + type: Fingerprint + description: Fingerprint of the resource. This field is used internally during updates of this resource. + output: true + - name: 'selfLink' + type: String + description: Server-defined URL for the resource. + output: true + - name: 'selfLinkWithId' + type: String + description: Server-defined URL for this resource with the resource id. + output: true + - name: 'ruleTupleCount' + type: Integer + description: Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + output: true diff --git a/mmv1/products/compute/go_RegionPerInstanceConfig.yaml b/mmv1/products/compute/go_RegionPerInstanceConfig.yaml new file mode 100644 index 000000000000..673546790970 --- /dev/null +++ b/mmv1/products/compute/go_RegionPerInstanceConfig.yaml @@ -0,0 +1,246 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionPerInstanceConfig' +description: | + A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name + across instance group manager operations and can define stateful disks or metadata that are unique to the instance. + This resource works with regional instance group managers. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers' +docs: +id_format: '{{project}}/{{region}}/{{region_instance_group_manager}}/{{name}}' +base_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}' +self_link: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/listPerInstanceConfigs' +create_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/createInstances' +update_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/updatePerInstanceConfigs' +update_verb: 'POST' +read_verb: 'POST' +delete_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/deletePerInstanceConfigs' +delete_verb: 'POST' +mutex: 'instanceGroupManager/{{project}}/{{region}}/{{region_instance_group_manager}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +identity: + - name +nested_query: + keys: + - items + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/compute_per_instance_config.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/compute_per_instance_config.go.tmpl' + post_update: 'templates/terraform/post_update/go/compute_region_per_instance_config.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/region_per_instance_config.go.tmpl' +exclude_tgc: true +examples: + - name: 'stateful_rigm' + primary_resource_id: 'stateful-instance' + vars: + template_name: 'my-template' + igm_name: 'my-rigm' + disk_name: 'my-disk-name' + skip_test: true +virtual_fields: + - name: 'minimal_action' + description: | + The minimal action to perform on the instance during an update. + Default is `NONE`. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE + type: Enum + default_value: "NONE" + - name: 'most_disruptive_allowed_action' + description: | + The most disruptive action to perform on the instance during an update. + Default is `REPLACE`. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE + type: Enum + default_value: "REPLACE" + - name: 'remove_instance_on_destroy' + description: | + When true, deleting this config will immediately remove the underlying instance. + When false, deleting this config will use the behavior as determined by remove_instance_on_destroy. + type: Boolean + default_value: false + - name: 'remove_instance_state_on_destroy' + description: | + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: Boolean + default_value: false +parameters: + - name: 'region' + type: ResourceRef + description: | + Region where the containing instance group manager is located + url_param_only: true + required: false + immutable: true + ignore_read: true + default_from_api: true + resource: 'Region' + imports: 'name' + - name: 'regionInstanceGroupManager' + type: ResourceRef + description: | + The region instance group manager this instance config is part of. + url_param_only: true + required: true + immutable: true + resource: 'RegionInstanceGroupManager' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The name for this per-instance config and its corresponding instance. + required: true + immutable: true + - name: 'preservedState' + type: NestedObject + description: 'The preserved state for this instance.' + properties: + - name: 'metadata' + type: KeyValuePairs + description: | + Preserved metadata defined for this instance. This is a list of key->value pairs. + - name: 'disk' + type: Array + description: | + Stateful disks for the instance. + api_name: disks + is_set: true + custom_flatten: 'templates/terraform/custom_flatten/go/preserved_state_disks.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/preserved_state_disks.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'deviceName' + type: String + description: | + A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. + required: true + - name: 'source' + type: String + description: | + The URI of an existing persistent disk to attach under the specified device-name in the format + `projects/project-id/zones/zone/disks/disk-name`. + required: true + - name: 'mode' + type: Enum + description: | + The mode of the disk. + default_value: "READ_WRITE" + enum_values: + - 'READ_ONLY' + - 'READ_WRITE' + - name: 'deleteRule' + type: Enum + description: | + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are `NEVER` and `ON_PERMANENT_INSTANCE_DELETION`. + `NEVER` - detach the disk when the VM is deleted, but do not delete the disk. + `ON_PERMANENT_INSTANCE_DELETION` will delete the stateful disk when the VM is permanently + deleted from the instance group. + default_value: "NEVER" + enum_values: + - 'NEVER' + - 'ON_PERMANENT_INSTANCE_DELETION' + - name: 'internalIp' + type: Map + description: | + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + api_name: internalIPs + key_name: 'interface_name' + value_type: + name: internalIp + type: NestedObject + properties: + - name: 'autoDelete' + type: Enum + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + default_value: "NEVER" + enum_values: + - 'NEVER' + - 'ON_PERMANENT_INSTANCE_DELETION' + - name: 'ipAddress' + type: NestedObject + description: | + Ip address representation + properties: + - name: 'address' + type: ResourceRef + description: | + The URL of the reservation for this IP address. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Address' + imports: 'selfLink' + - name: 'externalIp' + type: Map + description: | + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + api_name: externalIPs + key_name: 'interface_name' + value_type: + name: externalIp + type: NestedObject + properties: + - name: 'autoDelete' + type: Enum + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + default_value: "NEVER" + enum_values: + - 'NEVER' + - 'ON_PERMANENT_INSTANCE_DELETION' + - name: 'ipAddress' + type: NestedObject + description: | + Ip address representation + properties: + - name: 'address' + type: ResourceRef + description: | + The URL of the reservation for this IP address. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Address' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_RegionSecurityPolicy.yaml b/mmv1/products/compute/go_RegionSecurityPolicy.yaml new file mode 100644 index 000000000000..f6473c18f264 --- /dev/null +++ b/mmv1/products/compute/go_RegionSecurityPolicy.yaml @@ -0,0 +1,196 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionSecurityPolicy' +description: | + Represents a Region Cloud Armor Security Policy resource. +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/armor/docs/security-policy-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionSecurityPolicies' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/securityPolicies' +self_link: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'region_security_policy_basic' + primary_resource_id: 'region-sec-policy-basic' + vars: + sec_policy_name: 'my-sec-policy-basic' + - name: 'region_security_policy_with_ddos_protection_config' + primary_resource_id: 'region-sec-policy-ddos-protection' + vars: + sec_policy_name: 'my-sec-policy-ddos-protection' + - name: 'region_security_policy_with_user_defined_fields' + primary_resource_id: 'region-sec-policy-user-defined-fields' + vars: + sec_policy_name: 'my-sec-policy-user-defined-fields' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created Region Security Policy should reside. + If it is not provided, the provider region is used. + min_version: 'beta' + required: false + immutable: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'policyId' + type: String + description: | + The unique identifier for the resource. This identifier is defined by the server. + api_name: id + min_version: 'beta' + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. + Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + min_version: 'beta' + required: true + immutable: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create the resource. + min_version: 'beta' + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + min_version: 'beta' + output: true + - name: 'type' + type: Enum + description: | + The type indicates the intended use of the security policy. + - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. + - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. + - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. + This field can be set only at resource creation time. + min_version: 'beta' + immutable: true + enum_values: + - 'CLOUD_ARMOR' + - 'CLOUD_ARMOR_EDGE' + - 'CLOUD_ARMOR_NETWORK' + - name: 'ddosProtectionConfig' + type: NestedObject + description: | + Configuration for Google Cloud Armor DDOS Proctection Config. + min_version: 'beta' + properties: + - name: 'ddosProtection' + type: Enum + description: | + Google Cloud Armor offers the following options to help protect systems against DDoS attacks: + - STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses. + - ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses. + - ADVANCED_PREVIEW: flag to enable the security policy in preview mode. + min_version: 'beta' + required: true + enum_values: + - 'ADVANCED' + - 'ADVANCED_PREVIEW' + - 'STANDARD' + - name: 'selfLink' + type: String + description: | + Server-defined URL for the resource. + min_version: 'beta' + output: true + - name: 'selfLinkWithPolicyId' + type: String + description: | + Server-defined URL for this resource with the resource id. + api_name: selfLinkWithId + min_version: 'beta' + output: true + - name: 'userDefinedFields' + type: Array + description: | + Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. + A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. + Rules may then specify matching values for these fields. + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name of this field. Must be unique within the policy. + min_version: 'beta' + - name: 'base' + type: Enum + description: | + The base relative to which 'offset' is measured. Possible values are: + - IPV4: Points to the beginning of the IPv4 header. + - IPV6: Points to the beginning of the IPv6 header. + - TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. + - UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. + min_version: 'beta' + required: true + enum_values: + - 'IPV4' + - 'IPV6' + - 'TCP' + - 'UDP' + - name: 'offset' + type: Integer + description: | + Offset of the first byte of the field (in network byte order) relative to 'base'. + min_version: 'beta' + - name: 'size' + type: Integer + description: | + Size of the field in bytes. Valid values: 1-4. + min_version: 'beta' + - name: 'mask' + type: String + description: | + If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. + Encoded as a hexadecimal number (starting with "0x"). + The last byte of the field (in network byte order) corresponds to the least significant byte of the mask. + min_version: 'beta' diff --git a/mmv1/products/compute/go_RegionSecurityPolicyRule.yaml b/mmv1/products/compute/go_RegionSecurityPolicyRule.yaml new file mode 100644 index 000000000000..370fb57bf869 --- /dev/null +++ b/mmv1/products/compute/go_RegionSecurityPolicyRule.yaml @@ -0,0 +1,575 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionSecurityPolicyRule' +description: | + A rule for the RegionSecurityPolicy. +min_version: 'beta' +references: + guides: + 'Creating region security policy rules': 'https://cloud.google.com/armor/docs/configure-security-policies' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionSecurityPolicies/addRule' +docs: +id_format: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}' +base_url: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}' +self_link: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/getRule?priority={{priority}}' +create_url: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/addRule?priority={{priority}}' +update_url: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/patchRule?priority={{priority}}' +update_verb: 'POST' +update_mask: true +delete_url: 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/removeRule?priority={{priority}}' +delete_verb: 'POST' +import_format: + - 'projects/{{project}}/regions/{{region}}/securityPolicies/{{security_policy}}/priority/{{priority}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'region_security_policy_rule_basic' + primary_resource_id: 'policy_rule' + min_version: 'beta' + vars: + sec_policy_name: 'policyruletest' + - name: 'region_security_policy_rule_multiple_rules' + primary_resource_id: 'policy_rule_one' + min_version: 'beta' + vars: + sec_policy_name: 'policywithmultiplerules' + - name: 'region_security_policy_rule_with_preconfigured_waf_config' + primary_resource_id: 'policy_rule' + min_version: 'beta' + vars: + sec_policy_name: 'policyruletest' + - name: 'region_security_policy_rule_with_network_match' + primary_resource_id: 'policy_rule_network_match' + min_version: 'beta' + vars: + sec_policy_name: 'policyfornetworkmatch' + skip_test: true +parameters: + - name: 'region' + type: String + description: | + The Region in which the created Region Security Policy rule should reside. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + - name: 'security_policy' + type: String + description: | + The name of the security policy this rule belongs to. + min_version: 'beta' + url_param_only: true + required: true + immutable: true +properties: + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create the resource. + min_version: 'beta' + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. + min_version: 'beta' + required: true + immutable: true + - name: 'match' + type: NestedObject + description: | + A match condition that incoming traffic is evaluated against. + If it evaluates to true, the corresponding 'action' is enforced. + min_version: 'beta' + properties: + - name: 'versionedExpr' + type: Enum + description: | + Preconfigured versioned expression. If this field is specified, config must also be specified. + Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. + min_version: 'beta' + enum_values: + - 'SRC_IPS_V1' + - name: 'expr' + type: NestedObject + description: | + User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. + min_version: 'beta' + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. + min_version: 'beta' + required: true + - name: 'config' + type: NestedObject + description: | + The configuration options available when specifying versionedExpr. + This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified. + min_version: 'beta' + properties: + - name: 'srcIpRanges' + type: Array + description: | + CIDR IP address range. Maximum number of srcIpRanges allowed is 10. + min_version: 'beta' + item_type: + type: String + - name: 'preconfiguredWafConfig' + type: NestedObject + description: | + Preconfigured WAF configuration to be applied for the rule. + If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. + min_version: 'beta' + properties: + - name: 'exclusion' + type: Array + description: | + An exclusion to apply during preconfigured WAF evaluation. + api_name: exclusions + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'targetRuleSet' + type: String + description: | + Target WAF rule set to apply the preconfigured WAF exclusion. + min_version: 'beta' + required: true + - name: 'targetRuleIds' + type: Array + description: | + A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under the WAF rule set. + min_version: 'beta' + item_type: + type: String + - name: 'requestHeader' + type: Array + description: | + Request header whose value will be excluded from inspection during preconfigured WAF evaluation. + api_name: requestHeadersToExclude + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'operator' + type: Enum + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + min_version: 'beta' + required: true + enum_values: + - 'CONTAINS' + - 'ENDS_WITH' + - 'EQUALS' + - 'EQUALS_ANY' + - 'STARTS_WITH' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + min_version: 'beta' + - name: 'requestCookie' + type: Array + description: | + Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. + api_name: requestCookiesToExclude + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'operator' + type: Enum + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + min_version: 'beta' + required: true + enum_values: + - 'CONTAINS' + - 'ENDS_WITH' + - 'EQUALS' + - 'EQUALS_ANY' + - 'STARTS_WITH' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + min_version: 'beta' + - name: 'requestUri' + type: Array + description: | + Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. + When specifying this field, the query or fragment part should be excluded. + api_name: requestUrisToExclude + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'operator' + type: Enum + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + min_version: 'beta' + required: true + enum_values: + - 'CONTAINS' + - 'ENDS_WITH' + - 'EQUALS' + - 'EQUALS_ANY' + - 'STARTS_WITH' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + min_version: 'beta' + - name: 'requestQueryParam' + type: Array + description: | + Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. + Note that the parameter can be in the query string or in the POST body. + api_name: requestQueryParamsToExclude + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'operator' + type: Enum + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + min_version: 'beta' + required: true + enum_values: + - 'CONTAINS' + - 'ENDS_WITH' + - 'EQUALS' + - 'EQUALS_ANY' + - 'STARTS_WITH' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + min_version: 'beta' + - name: 'action' + type: String + description: | + The Action to perform when the rule is matched. The following are the valid actions: + + * allow: allow access to target. + + * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. + + * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set. + + * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. + + * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this. + min_version: 'beta' + required: true + - name: 'rateLimitOptions' + type: NestedObject + description: | + Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions. + min_version: 'beta' + update_mask_fields: + - 'rateLimitOptions.rateLimitThreshold' + - 'rateLimitOptions.conformAction' + - 'rateLimitOptions.exceedAction' + - 'rateLimitOptions.enforceOnKey' + - 'rateLimitOptions.enforceOnKeyName' + - 'rateLimitOptions.enforceOnKeyConfigs' + - 'rateLimitOptions.banThreshold' + - 'rateLimitOptions.banDurationSec' + properties: + - name: 'rateLimitThreshold' + type: NestedObject + description: | + Threshold at which to begin ratelimiting. + min_version: 'beta' + properties: + - name: 'count' + type: Integer + description: | + Number of HTTP(S) requests for calculating the threshold. + min_version: 'beta' + - name: 'intervalSec' + type: Integer + description: | + Interval over which the threshold is computed. + min_version: 'beta' + - name: 'conformAction' + type: String + description: | + Action to take for requests that are under the configured rate limit threshold. + Valid option is "allow" only. + min_version: 'beta' + - name: 'exceedAction' + type: String + description: | + Action to take for requests that are above the configured rate limit threshold, to deny with a specified HTTP response code. + Valid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502. + min_version: 'beta' + - name: 'enforceOnKey' + type: Enum + description: | + Determines the key to enforce the rateLimitThreshold on. Possible values are: + * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKey" is not configured. + * IP: The source IP address of the request is the key. Each IP has this limit enforced separately. + * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. + * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. + * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. + * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. + * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. + * REGION_CODE: The country/region from which the request originates. + * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL. + * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP. + min_version: 'beta' + enum_values: + - 'ALL' + - 'IP' + - 'HTTP_HEADER' + - 'XFF_IP' + - 'HTTP_COOKIE' + - 'HTTP_PATH' + - 'SNI' + - 'REGION_CODE' + - 'TLS_JA3_FINGERPRINT' + - 'USER_IP' + - name: 'enforceOnKeyName' + type: String + description: | + Rate limit key name applicable only for the following key types: + HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. + HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + min_version: 'beta' + - name: 'enforceOnKeyConfigs' + type: Array + description: | + If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced. + You can specify up to 3 enforceOnKeyConfigs. + If enforceOnKeyConfigs is specified, enforceOnKey must not be specified. + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'enforceOnKeyType' + type: Enum + description: | + Determines the key to enforce the rateLimitThreshold on. Possible values are: + * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKeyConfigs" is not configured. + * IP: The source IP address of the request is the key. Each IP has this limit enforced separately. + * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. + * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. + * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. + * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. + * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. + * REGION_CODE: The country/region from which the request originates. + * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL. + * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP. + min_version: 'beta' + enum_values: + - 'ALL' + - 'IP' + - 'HTTP_HEADER' + - 'XFF_IP' + - 'HTTP_COOKIE' + - 'HTTP_PATH' + - 'SNI' + - 'REGION_CODE' + - 'TLS_JA3_FINGERPRINT' + - 'USER_IP' + - name: 'enforceOnKeyName' + type: String + description: | + Rate limit key name applicable only for the following key types: + HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. + HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + min_version: 'beta' + - name: 'banThreshold' + type: NestedObject + description: | + Can only be specified if the action for the rule is "rate_based_ban". + If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'. + min_version: 'beta' + properties: + - name: 'count' + type: Integer + description: | + Number of HTTP(S) requests for calculating the threshold. + min_version: 'beta' + - name: 'intervalSec' + type: Integer + description: | + Interval over which the threshold is computed. + min_version: 'beta' + - name: 'banDurationSec' + type: Integer + description: | + Can only be specified if the action for the rule is "rate_based_ban". + If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. + min_version: 'beta' + - name: 'preview' + type: Boolean + description: | + If set to true, the specified action is not enforced. + min_version: 'beta' + - name: 'networkMatch' + type: NestedObject + description: | + A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. + The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). + Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. + Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. + For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. + Example: + networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" + The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive + min_version: 'beta' + update_mask_fields: + - 'network_match.userDefinedFields' + - 'network_match.srcIpRanges' + - 'network_match.destIpRanges' + - 'network_match.ipProtocols' + - 'network_match.srcPorts' + - 'network_match.destPorts' + - 'network_match.srcRegionCodes' + - 'network_match.srcAsns' + properties: + - name: 'userDefinedFields' + type: Array + description: | + User-defined fields. Each element names a defined field and lists the matching values for that field. + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the user-defined field, as given in the definition. + min_version: 'beta' + - name: 'values' + type: Array + description: | + Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with "0x") number (e.g. "64") or range (e.g. "0x400-0x7ff"). + min_version: 'beta' + item_type: + type: String + - name: 'srcIpRanges' + type: Array + description: | + Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format. + min_version: 'beta' + item_type: + type: String + - name: 'destIpRanges' + type: Array + description: | + Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format. + min_version: 'beta' + item_type: + type: String + - name: 'ipProtocols' + type: Array + description: | + IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. "6"), range (e.g. "253-254"), or one of the following protocol names: "tcp", "udp", "icmp", "esp", "ah", "ipip", or "sctp". + min_version: 'beta' + item_type: + type: String + - name: 'srcPorts' + type: Array + description: | + Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023"). + min_version: 'beta' + item_type: + type: String + - name: 'destPorts' + type: Array + description: | + Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023"). + min_version: 'beta' + item_type: + type: String + - name: 'srcRegionCodes' + type: Array + description: | + Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address. + min_version: 'beta' + item_type: + type: String + - name: 'srcAsns' + type: Array + description: | + BGP Autonomous System Number associated with the source IP address. + min_version: 'beta' + item_type: + type: Integer diff --git a/mmv1/products/compute/go_RegionSslCertificate.yaml b/mmv1/products/compute/go_RegionSslCertificate.yaml new file mode 100644 index 000000000000..f3c5a78db137 --- /dev/null +++ b/mmv1/products/compute/go_RegionSslCertificate.yaml @@ -0,0 +1,137 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionSslCertificate' +kind: 'compute#sslCertificate' +description: | + A RegionSslCertificate resource, used for HTTPS load balancing. This resource + provides a mechanism to upload an SSL key and certificate to + the load balancer to serve secure connections from the user. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionSslCertificates' +docs: + optional_properties: | + * `name_prefix` - (Optional) Creates a unique name beginning with the + specified prefix. Conflicts with `name`. +base_url: 'projects/{{project}}/regions/{{region}}/sslCertificates' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/ssl_certificate.tmpl' + constants: 'templates/terraform/constants/go/compute_certificate.go.tmpl' +examples: + - name: 'region_ssl_certificate_basic' + primary_resource_id: 'default' + ignore_read_extra: + - 'name_prefix' + skip_vcr: true + - name: 'region_ssl_certificate_random_provider' + primary_resource_id: 'default' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'region_ssl_certificate_target_https_proxies' + primary_resource_id: 'default' + vars: + region_target_https_proxy_name: 'test-proxy' + region_url_map_name: 'url-map' + region_backend_service_name: 'backend-service' + region_health_check_name: 'http-health-check' + ignore_read_extra: + - 'name_prefix' + skip_vcr: true +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created regional ssl certificate should reside. + If it is not provided, the provider region is used. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'certificate' + type: String + description: | + The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + required: true + sensitive: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'expireTime' + type: String + description: 'Expire time of the certificate in RFC3339 text format.' + output: true + - name: 'certificate_id' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + These are in the same namespace as the managed SSL certificates. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/name_or_name_prefix.go.tmpl' + validation: + function: 'verify.ValidateGCEName' + - name: 'privateKey' + type: String + description: 'The write-only private key in PEM format.' + required: true + immutable: true + ignore_read: true + sensitive: true + diff_suppress_func: 'sha256DiffSuppress' + custom_flatten: 'templates/terraform/custom_flatten/go/sha256.tmpl' diff --git a/mmv1/products/compute/go_RegionSslPolicy.yaml b/mmv1/products/compute/go_RegionSslPolicy.yaml new file mode 100644 index 000000000000..25f9dabca134 --- /dev/null +++ b/mmv1/products/compute/go_RegionSslPolicy.yaml @@ -0,0 +1,138 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionSslPolicy' +kind: 'compute#sslPolicy' +description: | + Represents a Regional SSL policy. SSL policies give you the ability to control the + features of SSL that your SSL proxy or HTTPS load balancer negotiates. +references: + guides: + 'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionSslPolicies' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/sslPolicies' +has_self_link: true +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/region_ssl_policy.tmpl' +custom_diff: + - 'regionSslPolicyCustomizeDiff' +parameters: + - name: 'region' + type: ResourceRef + description: | + The region where the regional SSL policy resides. + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'profile' + type: Enum + description: | + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using `CUSTOM`, + the set of SSL features to enable must be specified in the + `customFeatures` field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + `CUSTOM` is used, the `custom_features` attribute **must be set**. + default_value: "COMPATIBLE" + enum_values: + - 'COMPATIBLE' + - 'MODERN' + - 'RESTRICTED' + - 'CUSTOM' + - name: 'minTlsVersion' + type: Enum + description: | + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. + default_value: "TLS_1_0" + enum_values: + - 'TLS_1_0' + - 'TLS_1_1' + - 'TLS_1_2' + - name: 'enabledFeatures' + type: Array + description: 'The list of features enabled in the SSL policy.' + is_set: true + output: true + item_type: + type: String + - name: 'customFeatures' + type: Array + description: | + A list of features enabled when the selected profile is CUSTOM. The + method returns the set of features that can be specified in this + list. This field must be empty if the profile is not CUSTOM. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the `CUSTOM` profile. This argument + *must not* be present when using any other profile. + is_set: true + send_empty_value: true + item_type: + type: String + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + output: true diff --git a/mmv1/products/compute/go_RegionTargetHttpProxy.yaml b/mmv1/products/compute/go_RegionTargetHttpProxy.yaml new file mode 100644 index 000000000000..e82dbaa539fe --- /dev/null +++ b/mmv1/products/compute/go_RegionTargetHttpProxy.yaml @@ -0,0 +1,107 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionTargetHttpProxy' +description: | + Represents a RegionTargetHttpProxy resource, which is used by one or more + forwarding rules to route incoming HTTP requests to a URL map. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpProxies' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/targetHttpProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'region_target_http_proxy_basic' + primary_resource_id: 'default' + vars: + region_target_http_proxy_name: 'test-proxy' + region_url_map_name: 'url-map' + region_backend_service_name: 'backend-service' + region_health_check_name: 'http-health-check' + - name: 'region_target_http_proxy_https_redirect' + primary_resource_id: 'default' + vars: + region_target_http_proxy_name: 'test-https-redirect-proxy' + region_url_map_name: 'url-map' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created target https proxy should reside. + If it is not provided, the provider region is used. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - name: 'urlMap' + type: ResourceRef + description: | + A reference to the RegionUrlMap resource that defines the mapping from URL + to the BackendService. + required: true + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}/setUrlMap' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionUrlMap' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_RegionTargetHttpsProxy.yaml b/mmv1/products/compute/go_RegionTargetHttpsProxy.yaml new file mode 100644 index 000000000000..f3e5b50a1ee3 --- /dev/null +++ b/mmv1/products/compute/go_RegionTargetHttpsProxy.yaml @@ -0,0 +1,184 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionTargetHttpsProxy' +description: | + Represents a RegionTargetHttpsProxy resource, which is used by one or more + forwarding rules to route incoming HTTPS requests to a URL map. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/compute_region_target_https_proxy.go.tmpl' + update_encoder: 'templates/terraform/encoders/go/compute_region_target_https_proxy.go.tmpl' + decoder: 'templates/terraform/decoders/go/compute_region_target_https_proxy.go.tmpl' +examples: + - name: 'region_target_https_proxy_basic' + primary_resource_id: 'default' + vars: + region_target_https_proxy_name: 'test-proxy' + region_ssl_certificate_name: 'my-certificate' + region_url_map_name: 'url-map' + region_backend_service_name: 'backend-service' + region_health_check_name: 'http-health-check' + - name: 'region_target_https_proxy_mtls' + primary_resource_id: 'default' + min_version: 'beta' + vars: + target_https_proxy_name: 'test-mtls-proxy' + ssl_certificate_name: 'my-certificate' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + server_tls_policy_name: 'my-tls-policy' + trust_config_name: 'my-trust-config' + - name: 'region_target_https_proxy_certificate_manager_certificate' + primary_resource_id: 'default' + vars: + region_target_https_proxy_name: 'target-http-proxy' + certificate_manager_certificate_name: 'my-certificate' + region_url_map_name: 'url-map' + region_backend_service_name: 'backend-service' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created target https proxy should reside. + If it is not provided, the provider region is used. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'certificateManagerCertificates' + type: Array + description: | + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + sslCertificates and certificateManagerCertificates can't be defined together. + Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the self_link `projects/{project}/locations/{location}/certificates/{resourceName}` + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' + update_verb: 'POST' + conflicts: + - ssl_certificates + diff_suppress_func: 'tpgresource.CompareResourceNames' + custom_expand: 'templates/terraform/custom_expand/go/certificate_manager_certificate_construct_full_url.go.tmpl' + item_type: + type: String + - name: 'sslCertificates' + type: Array + description: | + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. + sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' + update_verb: 'POST' + conflicts: + - certificate_manager_certificates + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'sslCertificate' + type: ResourceRef + description: 'The SSL certificates used by this TargetHttpsProxy' + resource: 'RegionSslCertificate' + imports: 'selfLink' + - name: 'sslPolicy' + type: ResourceRef + description: | + A reference to the Region SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}' + update_verb: 'PATCH' + update_id: 'sslPolicy' + fingerprint_name: 'fingerprint' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionSslPolicy' + imports: 'selfLink' + - name: 'urlMap' + type: ResourceRef + description: | + A reference to the RegionUrlMap resource that defines the mapping from URL + to the RegionBackendService. + required: true + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setUrlMap' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionUrlMap' + imports: 'selfLink' + - name: 'serverTlsPolicy' + type: ResourceRef + description: | + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + resource: 'SslPolicy' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_RegionTargetTcpProxy.yaml b/mmv1/products/compute/go_RegionTargetTcpProxy.yaml new file mode 100644 index 000000000000..b787d8fd3ae8 --- /dev/null +++ b/mmv1/products/compute/go_RegionTargetTcpProxy.yaml @@ -0,0 +1,117 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionTargetTcpProxy' +description: | + Represents a RegionTargetTcpProxy resource, which is used by one or more + forwarding rules to route incoming TCP requests to a regional TCP proxy load + balancer. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/tcp/internal-proxy' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetTcpProxies' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/targetTcpProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'region_target_tcp_proxy_basic' + primary_resource_id: 'default' + vars: + region_target_tcp_proxy_name: 'test-proxy' + region_backend_service_name: 'backend-service' + health_check_name: 'health-check' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the created target TCP proxy should reside. + If it is not provided, the provider region is used. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to + the backend. + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'backendService' + type: ResourceRef + description: | + A reference to the BackendService resource. + api_name: service + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'proxyBind' + type: Boolean + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + default_from_api: true diff --git a/mmv1/products/compute/go_RegionUrlMap.yaml b/mmv1/products/compute/go_RegionUrlMap.yaml new file mode 100644 index 000000000000..afa052ed8e67 --- /dev/null +++ b/mmv1/products/compute/go_RegionUrlMap.yaml @@ -0,0 +1,2110 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionUrlMap' +kind: 'compute#urlMap' +description: | + UrlMaps are used to route requests to a backend service based on rules + that you define for the host and path of an incoming URL. +docs: +base_url: 'projects/{{project}}/regions/{{region}}/urlMaps' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'region_url_map_basic' + primary_resource_id: 'regionurlmap' + vars: + region_url_map_name: 'regionurlmap' + login_region_backend_service_name: 'login' + home_region_backend_service_name: 'home' + region_health_check_name: 'health-check' + - name: 'region_url_map_default_route_action' + primary_resource_id: 'regionurlmap' + vars: + region_url_map_name: 'regionurlmap' + login_region_backend_service_name: 'login' + home_region_backend_service_name: 'home' + region_health_check_name: 'health-check' + - name: 'region_url_map_l7_ilb_path' + primary_resource_id: 'regionurlmap' + vars: + region_url_map_name: 'regionurlmap' + home_region_backend_service_name: 'home' + region_health_check_name: 'health-check' + - name: 'region_url_map_l7_ilb_path_partial' + primary_resource_id: 'regionurlmap' + vars: + region_url_map_name: 'regionurlmap' + home_region_backend_service_name: 'home' + region_health_check_name: 'health-check' + - name: 'region_url_map_l7_ilb_route' + primary_resource_id: 'regionurlmap' + vars: + region_url_map_name: 'regionurlmap' + home_region_backend_service_name: 'home' + region_health_check_name: 'health-check' + - name: 'region_url_map_l7_ilb_route_partial' + primary_resource_id: 'regionurlmap' + vars: + region_url_map_name: 'regionurlmap' + home_region_backend_service_name: 'home' + region_health_check_name: 'health-check' + - name: 'int_https_lb_https_redirect' + primary_resource_id: 'redirect' + min_version: 'beta' + vars: + l7_ilb_network: 'l7-ilb-network' + l7_ilb_proxy_subnet: 'l7-ilb-proxy-subnet' + l7_ilb_subnet: 'l7-ilb-subnet' + l7_ilb_ip: 'l7-ilb-ip' + l7_ilb_forwarding_rule: 'l7-ilb-forwarding-rule' + l7_ilb_target_https_proxy: 'l7-ilb-target-https-proxy' + l7_ilb_regional_url_map: 'l7-ilb-regional-url-map' + l7_ilb_backend_service: 'l7-ilb-backend-service' + l7_ilb_mig_template: 'l7-ilb-mig-template' + l7_ilb_hc: 'l7-ilb-hc' + l7_ilb_mig1: 'l7-ilb-mig1' + l7_ilb_fw_allow_hc: 'l7-ilb-fw-allow-hc' + l7_ilb_fw_allow_ilb_to_backends: 'l7-ilb-fw-allow-ilb-to-backends' + l7_ilb_test_vm: 'l7-ilb-test-vm' + l7_ilb_redirect: 'l7-ilb-redirect' + l7_ilb_target_http_proxy: 'l7-ilb-target-http-proxy' + l7_ilb_redirect_url_map: 'l7-ilb-redirect-url-map' + ignore_read_extra: + - 'target' + - 'ip_address' + skip_test: true + - name: 'regional_external_http_load_balancer' + primary_resource_id: 'default' + min_version: 'beta' + vars: + lb_network: 'lb-network' + backend_subnet: 'backend-subnet' + proxy_only_subnet: 'proxy-only-subnet' + fw_allow_health_check: 'fw-allow-health-check' + fw_allow_proxies: 'fw-allow-proxies' + l7_xlb_backend_template: 'l7-xlb-backend-template' + l7_xlb_backend_example: 'l7-xlb-backend-example' + address_name: 'address-name' + l7_xlb_basic_check: 'l7-xlb-basic-check' + l7_xlb_backend_service: 'l7-xlb-backend-service' + regional_l7_xlb_map: 'regional-l7-xlb-map' + l7_xlb_proxy: 'l7-xlb-proxy' + l7_xlb_forwarding_rule: 'l7-xlb-forwarding-rule' + skip_test: true + skip_docs: true + - name: 'region_url_map_path_template_match' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + home_backend_service_name: 'home-service' + cart_backend_service_name: 'cart-service' + user_backend_service_name: 'user-service' + health_check_name: 'health-check' +parameters: + - name: 'region' + type: ResourceRef + description: | + The Region in which the url map should reside. + If it is not provided, the provider region is used. + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'defaultService' + type: ResourceRef + description: | + The full or partial URL of the defaultService resource to which traffic is directed if + none of the hostRules match. If defaultRouteAction is additionally specified, advanced + routing actions like URL Rewrites, etc. take effect prior to sending the request to the + backend. However, if defaultService is specified, defaultRouteAction cannot contain any + weightedBackendServices. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. + exactly_one_of: + - 'default_service' + - 'default_url_redirect' + - 'default_route_action.0.weighted_backend_services' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. + # 'fingerprint' used internally for object consistency. + - name: 'host_rule' + type: Array + description: 'The list of HostRules to use against the URL.' + api_name: hostRules + is_set: true + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + An optional description of this HostRule. Provide this property + when you create the resource. + - name: 'hosts' + type: Array + description: | + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + is_set: true + required: true + item_type: + type: String + - name: 'pathMatcher' + type: String + description: | + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + required: true + - name: 'map_id' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'path_matcher' + type: Array + description: 'The list of named PathMatchers to use against the URL.' + api_name: pathMatchers + item_type: + type: NestedObject + properties: + - name: 'defaultService' + type: ResourceRef + description: | + A reference to a RegionBackendService resource. This will be used if + none of the pathRules defined by this PathMatcher is matched by + the URL's path portion. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'name' + type: String + description: | + The name to which this PathMatcher is referred by the HostRule. + required: true + - name: 'routeRules' + type: Array + description: | + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + item_type: + type: NestedObject + properties: + - name: 'priority' + type: Integer + description: | + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + required: true + - name: 'service' + type: ResourceRef + description: | + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'matchRules' + type: Array + description: | + The rules for determining a match. + item_type: + type: NestedObject + properties: + - name: 'fullPathMatch' + type: String + description: | + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + - name: 'headerMatches' + type: Array + description: | + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + item_type: + type: NestedObject + properties: + - name: 'exactMatch' + type: String + description: | + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - name: 'headerName' + type: String + description: | + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + required: true + - name: 'invertMatch' + type: Boolean + description: | + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + default_value: false + - name: 'prefixMatch' + type: String + description: | + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - name: 'presentMatch' + type: Boolean + description: | + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - name: 'rangeMatch' + type: NestedObject + description: | + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + - name: 'rangeEnd' + type: Integer + description: | + The end of the range (exclusive). + required: true + - name: 'rangeStart' + type: Integer + description: | + The start of the range (inclusive). + required: true + - name: 'regexMatch' + type: String + description: | + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + - name: 'suffixMatch' + type: String + description: | + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - name: 'ignoreCase' + type: Boolean + description: | + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + default_value: false + - name: 'metadataFilters' + type: Array + description: | + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + item_type: + type: NestedObject + properties: + - name: 'filterLabels' + type: Array + description: | + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + required: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + required: true + - name: 'value' + type: String + description: | + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + required: true + min_size: 1 + max_size: 64 + - name: 'filterMatchCriteria' + type: Enum + description: | + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. + required: true + enum_values: + - 'MATCH_ALL' + - 'MATCH_ANY' + - name: 'prefixMatch' + type: String + description: | + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + - name: 'queryParameterMatches' + type: Array + description: | + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + item_type: + type: NestedObject + properties: + - name: 'exactMatch' + type: String + description: | + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + - name: 'name' + type: String + description: | + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + required: true + - name: 'presentMatch' + type: Boolean + description: | + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + - name: 'regexMatch' + type: String + description: | + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + - name: 'regexMatch' + type: String + description: | + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + - name: 'pathTemplateMatch' + type: String + description: | + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + - name: 'routeAction' + type: NestedObject + description: | + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + default_value: false + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + default_value: false + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - name: 'backendService' + type: ResourceRef + description: | + The RegionBackendService resource being mirrored to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + properties: + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. + required: true + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'retryConditions' + type: Array + description: | + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + for example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable + item_type: + type: String + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - name: 'hostRewrite' + type: String + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - name: 'pathPrefixRewrite' + type: String + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - name: 'pathTemplateRewrite' + type: String + description: | + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The default RegionBackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + required: true + - name: 'urlRedirect' + type: NestedObject + description: | + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + default_value: false + - name: 'pathRule' + type: Array + description: | + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + api_name: pathRules + item_type: + type: NestedObject + properties: + - name: 'service' + type: ResourceRef + description: | + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'paths' + type: Array + description: | + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + is_set: true + required: true + item_type: + type: String + - name: 'routeAction' + type: NestedObject + description: | + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + default_value: false + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + If true, specifies the CORS policy is disabled. + required: true + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + required: true + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + required: true + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + required: true + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + required: true + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - name: 'backendService' + type: ResourceRef + description: | + The RegionBackendService resource being mirrored to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + properties: + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'retryConditions' + type: Array + description: | + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + for example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable + item_type: + type: String + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - name: 'hostRewrite' + type: String + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - name: 'pathPrefixRewrite' + type: String + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The default RegionBackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + required: true + - name: 'urlRedirect' + type: NestedObject + description: | + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + required: true + - name: 'defaultUrlRedirect' + type: NestedObject + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + required: true + - name: 'test' + type: Array + description: | + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + api_name: tests + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: 'Description of this test case.' + - name: 'host' + type: String + description: 'Host portion of the URL.' + required: true + - name: 'path' + type: String + description: 'Path portion of the URL.' + required: true + - name: 'service' + type: ResourceRef + description: + A reference to expected RegionBackendService resource the given URL + should be mapped to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'defaultUrlRedirect' + type: NestedObject + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + conflicts: + - default_route_action + exactly_one_of: + - 'default_service' + - 'default_url_redirect' + - 'default_route_action.0.weighted_backend_services' + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + required: true + - name: 'defaultRouteAction' + type: NestedObject + description: | + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + conflicts: + - default_url_redirect + properties: + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + exactly_one_of: + - 'default_service' + - 'default_url_redirect' + - 'default_route_action.0.weighted_backend_services' + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + validation: + function: 'validation.IntBetween(0, 1000)' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request before forwarding the request to the backendService. + item_type: + type: String + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request before forwarding the request to the backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: 'The name of the header.' + - name: 'headerValue' + type: String + description: 'The value of the header to add.' + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + default_value: false + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response before sending the response back to the client. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response before sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: 'The name of the header.' + - name: 'headerValue' + type: String + description: 'The value of the header to add.' + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + default_value: false + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'pathPrefixRewrite' + type: String + description: | + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + at_least_one_of: + - 'default_route_action.0.url_rewrite.0.path_prefix_rewrite' + - 'default_route_action.0.url_rewrite.0.host_rewrite' + validation: + function: 'validation.StringLenBetween(1, 1024)' + - name: 'hostRewrite' + type: String + description: | + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + at_least_one_of: + - 'default_route_action.0.url_rewrite.0.path_prefix_rewrite' + - 'default_route_action.0.url_rewrite.0.host_rewrite' + validation: + function: 'validation.StringLenBetween(1, 255)' + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - 'default_route_action.0.timeout.0.seconds' + - 'default_route_action.0.timeout.0.nanos' + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - 'default_route_action.0.timeout.0.seconds' + - 'default_route_action.0.timeout.0.nanos' + validation: + function: 'validation.IntBetween(0, 999999999)' + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'retryConditions' + type: Array + description: | + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.retry_conditions' + - 'default_route_action.0.retry_policy.0.num_retries' + - 'default_route_action.0.retry_policy.0.per_try_timeout' + item_type: + type: String + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.retry_conditions' + - 'default_route_action.0.retry_policy.0.num_retries' + - 'default_route_action.0.retry_policy.0.per_try_timeout' + validation: + function: 'validation.IntAtLeast(1)' + default_value: 1 + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.retry_conditions' + - 'default_route_action.0.retry_policy.0.num_retries' + - 'default_route_action.0.retry_policy.0.per_try_timeout' + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.seconds' + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.nanos' + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.seconds' + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.nanos' + validation: + function: 'validation.IntBetween(0, 999999999)' + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'backendService' + type: ResourceRef + description: | + The full or partial URL to the RegionBackendService resource being mirrored to. + The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored backend service. + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'RegionBackendService' + imports: 'selfLink' + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + default_value: false + - name: 'disabled' + type: Boolean + description: | + If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + default_value: false + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay' + - 'default_route_action.0.fault_injection_policy.0.abort' + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay' + - 'default_route_action.0.fault_injection_policy.0.delay.0.percentage' + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds' + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos' + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds' + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos' + validation: + function: 'validation.IntBetween(0, 999999999)' + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay' + - 'default_route_action.0.fault_injection_policy.0.delay.0.percentage' + validation: + function: 'validation.FloatBetween(0, 100)' + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault injection. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay' + - 'default_route_action.0.fault_injection_policy.0.abort' + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.abort.0.http_status' + - 'default_route_action.0.fault_injection_policy.0.abort.0.percentage' + validation: + function: 'validation.IntBetween(200, 599)' + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.abort.0.http_status' + - 'default_route_action.0.fault_injection_policy.0.abort.0.percentage' + validation: + function: 'validation.FloatBetween(0, 100)' diff --git a/mmv1/products/compute/go_Reservation.yaml b/mmv1/products/compute/go_Reservation.yaml new file mode 100644 index 000000000000..b24fab3c88b6 --- /dev/null +++ b/mmv1/products/compute/go_Reservation.yaml @@ -0,0 +1,246 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Reservation' +description: | + Represents a reservation resource. A reservation ensures that capacity is + held in a specific zone even if the reserved VMs are not running. + + Reservations apply only to Compute Engine, Cloud Dataproc, and Google + Kubernetes Engine VM usage.Reservations do not apply to `f1-micro` or + `g1-small` machine types, preemptible VMs, sole tenant nodes, or other + services not listed above + like Cloud SQL and Dataflow. +references: + guides: + 'Reserving zonal resources': 'https://cloud.google.com/compute/docs/instances/reserving-zonal-resources' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/reservations' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/reservations' +has_self_link: true +update_url: 'projects/{{project}}/zones/{{zone}}/reservations/{{name}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + update_encoder: 'templates/terraform/update_encoder/go/reservation.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/shared_reservation_update.go.tmpl' +examples: + - name: 'reservation_basic' + primary_resource_id: 'gce_reservation' + vars: + reservation_name: 'gce-reservation' + - name: 'shared_reservation_basic' + primary_resource_id: 'gce_reservation' + vars: + reservation_name: 'gce-shared-reservation' + test_env_vars: + project: 'PROJECT_NAME' + org_id: 'ORG_ID' + billing_account: 'BILLING_ACCT' + skip_docs: true + skip_vcr: true +parameters: + - name: 'zone' + type: ResourceRef + description: | + The zone where the reservation is made. + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: | + Creation timestamp in RFC3339 text format. + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. + immutable: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'commitment' + type: String + description: | + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + output: true + - name: 'specificReservationRequired' + type: Boolean + description: | + When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + immutable: true + default_value: false + - name: 'status' + type: String + description: | + The status of the reservation. + output: true + - name: 'shareSettings' + type: NestedObject + description: | + The share setting for reservations. + ignore_read: true + default_from_api: true + properties: + - name: 'shareType' + type: Enum + description: | + Type of sharing for this shared-reservation + immutable: true + default_from_api: true + enum_values: + - 'LOCAL' + - 'SPECIFIC_PROJECTS' + - name: 'projectMap' + type: Map + description: | + A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. + key_name: 'id' + key_description: | + The project id/number which is deleting or adding to the project list. + value_type: + name: projectConfig + type: NestedObject + properties: + - name: 'projectId' + type: String + description: | + The project id/number, should be same as the key of this project config in the project map. + - name: 'specificReservation' + type: NestedObject + description: | + Reservation for instances with specific machine shapes. + required: true + update_url: 'projects/{{project}}/zones/{{zone}}/reservations/{{name}}/resize' + update_verb: 'POST' + properties: + - name: 'count' + type: Integer + description: | + The number of resources that are allocated. + required: true + validation: + function: 'validation.IntAtLeast(1)' + - name: 'inUseCount' + type: Integer + description: | + How many instances are in use. + output: true + - name: 'instanceProperties' + type: NestedObject + description: | + The instance properties for the reservation. + required: true + immutable: true + properties: + - name: 'machineType' + type: String + description: | + The name of the machine type to reserve. + required: true + immutable: true + - name: 'minCpuPlatform' + type: String + description: | + The minimum CPU platform for the reservation. For example, + `"Intel Skylake"`. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + immutable: true + default_from_api: true + - name: 'guestAccelerators' + type: Array + description: | + Guest accelerator type and count. + immutable: true + item_type: + type: NestedObject + properties: + - name: 'acceleratorType' + type: String + description: | + The full or partial URL of the accelerator type to + attach to this instance. For example: + `projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100` + + If you are creating an instance template, specify only the accelerator name. + required: true + immutable: true + - name: 'acceleratorCount' + type: Integer + description: | + The number of the guest accelerator cards exposed to + this instance. + required: true + immutable: true + - name: 'localSsds' + type: Array + description: | + The amount of local ssd to reserve with each instance. This + reserves disks of type `local-ssd`. + immutable: true + item_type: + type: NestedObject + properties: + - name: 'interface' + type: Enum + description: | + The disk interface to use for attaching this disk. + immutable: true + default_value: "SCSI" + enum_values: + - 'SCSI' + - 'NVME' + - name: 'diskSizeGb' + type: Integer + description: | + The size of the disk in base-2 GB. + required: true + immutable: true diff --git a/mmv1/products/compute/go_ResizeRequest.yaml b/mmv1/products/compute/go_ResizeRequest.yaml new file mode 100644 index 000000000000..6a1c965eef58 --- /dev/null +++ b/mmv1/products/compute/go_ResizeRequest.yaml @@ -0,0 +1,393 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ResizeRequest' +kind: 'compute#instanceGroupManagerResizeRequest' +description: | + Represents a Managed Instance Group Resize Request + + Resize Requests are the Managed Instance Group implementation of Dynamic Workload Scheduler Flex Start. + + With Dynamic Workload Scheduler in Flex Start mode, you submit a GPU capacity request for your AI/ML jobs by indicating how many you need, a duration, and your preferred region. Dynamic Workload Scheduler intelligently persists the request; once the capacity becomes available, it automatically provisions your VMs enabling your workloads to run continuously for the entire duration of the capacity allocation. +references: + guides: + 'QUICKSTART_TITLE': 'https://cloud.google.com/compute/docs/instance-groups/create-resize-requests-mig' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagerResizeRequests' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/resizeRequests' +self_link: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/resizeRequests/{{name}}' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + custom_delete: 'templates/terraform/custom_delete/go/compute_mig_resize_request_delete.go.tmpl' +examples: + - name: 'compute_mig_resize_request' + primary_resource_id: 'a3_resize_request' + vars: + resize_request_name: 'a3-dws' +parameters: + - name: 'zone' + type: ResourceRef + description: | + Name of the compute zone scoping this request. Name should conform to RFC1035. + url_param_only: true + required: true + resource: 'Zone' + imports: 'name' + - name: 'instanceGroupManager' + type: ResourceRef + description: | + The name of the managed instance group. The name should conform to RFC1035 or be a resource ID. + Authorization requires the following IAM permission on the specified resource instanceGroupManager: + *compute.instanceGroupManagers.update + url_param_only: true + required: true + resource: 'InstanceGroupManager' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: | + The creation timestamp for this resize request in RFC3339 text format. + output: true + - name: 'state' + type: Enum + description: | + [Output only] Current state of the request. + output: true + enum_values: + - 'CREATING' + - 'ACCEPTED' + - 'FAILED' + - 'SUCCEEDED' + - 'CANCELLED' + - name: 'name' + type: String + description: | + The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035. + required: true + - name: 'description' + type: String + description: | + An optional description of this resize-request. + - name: 'resizeBy' + type: Integer + description: | + The number of instances to be created by this resize request. The group's target size will be increased by this number. + required: true + - name: 'requestedRunDuration' + type: NestedObject + description: | + Requested run duration for instances that will be created by this request. At the end of the run duration instance will be deleted. + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + required: true + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - name: 'status' + type: NestedObject + description: | + [Output only] Status of the request. + output: true + properties: + - name: 'error' + type: NestedObject + description: | + [Output only] Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + output: true + properties: + - name: 'errors' + type: NestedObject + description: | + [Output Only] The array of errors encountered while processing this operation. + output: true + properties: + - name: 'code' + type: String + description: | + [Output Only] The error type identifier for this error. + output: true + - name: 'location' + type: String + description: | + Output Only] Indicates the field in the request that caused the error. This property is optional. + output: true + - name: 'message' + type: String + description: | + [Output Only] An optional, human-readable error message. + output: true + - name: 'errorDetails' + type: NestedObject + description: | + [Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + output: true + properties: + - name: 'errorInfo' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'reason' + type: String + description: | + The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE. + output: true + - name: 'domain' + type: String + description: | + The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com". + output: true + - name: 'metadatas' + type: KeyValuePairs + description: | + Additional structured details about this error. + Keys must match /[a-z][a-zA-Z0-9-_]+/ but should ideally be lowerCamelCase. Also they must be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request. + output: true + - name: 'quotaInfo' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'metricName' + type: String + description: | + The Compute Engine quota metric name. + output: true + - name: 'limitName' + type: String + description: | + The name of the quota limit. + output: true + - name: 'dimensions' + type: KeyValuePairs + description: | + The map holding related quota dimensions + output: true + - name: 'limit' + type: Integer + description: | + Current effective quota limit. The limit's unit depends on the quota type or metric. + output: true + - name: 'futureLimit' + type: Integer + description: | + Future quota limit being rolled out. The limit's unit depends on the quota type or metric. + output: true + - name: 'rolloutStatus' + type: String + description: | + Rollout status of the future quota limit. + output: true + - name: 'help' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'links' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'description' + type: String + description: | + Describes what the link offers. + output: true + - name: 'url' + type: String + description: | + The URL of the link. + output: true + - name: 'localizedMessage' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'locale' + type: String + description: | + The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX" + output: true + - name: 'message' + type: String + description: | + The localized error message in the above locale. + # Status.lastAttempt + output: true + - name: 'lastAttempt' + type: NestedObject + description: | + [Output only] Information about the last attempt to fulfill the request. The value is temporary since the ResizeRequest can retry, as long as it's still active and the last attempt value can either be cleared or replaced with a different error. Since ResizeRequest retries infrequently, the value may be stale and no longer show an active problem. The value is cleared when ResizeRequest transitions to the final state (becomes inactive). If the final state is FAILED the error describing it will be storred in the "error" field only. + output: true + properties: + - name: 'error' + type: NestedObject + description: | + [Output only] Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + output: true + properties: + - name: 'errors' + type: NestedObject + description: | + [Output Only] The array of errors encountered while processing this operation. + output: true + properties: + - name: 'code' + type: String + description: | + [Output Only] The error type identifier for this error. + output: true + - name: 'location' + type: String + description: | + Output Only] Indicates the field in the request that caused the error. This property is optional. + output: true + - name: 'message' + type: String + description: | + [Output Only] An optional, human-readable error message. + output: true + - name: 'errorDetails' + type: NestedObject + description: | + [Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + output: true + properties: + - name: 'errorInfo' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'reason' + type: String + description: | + The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE. + output: true + - name: 'domain' + type: String + description: | + The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com". + output: true + - name: 'metadatas' + type: KeyValuePairs + description: | + Additional structured details about this error. + Keys must match /[a-z][a-zA-Z0-9-_]+/ but should ideally be lowerCamelCase. Also they must be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request. + output: true + - name: 'quotaInfo' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'metricName' + type: String + description: | + The Compute Engine quota metric name. + output: true + - name: 'limitName' + type: String + description: | + The name of the quota limit. + output: true + - name: 'dimensions' + type: KeyValuePairs + description: | + The map holding related quota dimensions + output: true + - name: 'limit' + type: Integer + description: | + Current effective quota limit. The limit's unit depends on the quota type or metric. + output: true + - name: 'futureLimit' + type: Integer + description: | + Future quota limit being rolled out. The limit's unit depends on the quota type or metric. + output: true + - name: 'rolloutStatus' + type: String + description: | + Rollout status of the future quota limit. + output: true + - name: 'help' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'links' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'description' + type: String + description: | + Describes what the link offers. + output: true + - name: 'url' + type: String + description: | + The URL of the link. + output: true + - name: 'localizedMessage' + type: NestedObject + description: | + [Output Only] + output: true + properties: + - name: 'locale' + type: String + description: | + The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX" + output: true + - name: 'message' + type: String + description: | + The localized error message in the above locale. + +#Examples for testing + output: true diff --git a/mmv1/products/compute/go_ResourcePolicy.yaml b/mmv1/products/compute/go_ResourcePolicy.yaml new file mode 100644 index 000000000000..38a7877c8d83 --- /dev/null +++ b/mmv1/products/compute/go_ResourcePolicy.yaml @@ -0,0 +1,365 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ResourcePolicy' +kind: 'compute#resourcePolicy' +description: | + A policy that can be attached to a resource to specify or schedule actions on that resource. +references: + guides: + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/resourcePolicies' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/resourcePolicies' +has_self_link: true +update_url: 'projects/{{project}}/regions/{{region}}/resourcePolicies/{{name}}' +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'resource_policy_basic' + primary_resource_id: 'foo' + vars: + name: 'gce-policy' + - name: 'resource_policy_full' + primary_resource_id: 'bar' + vars: + name: 'gce-policy' + - name: 'resource_policy_placement_policy' + primary_resource_id: 'baz' + vars: + name: 'gce-policy' + - name: 'resource_policy_placement_policy_max_distance' + primary_resource_id: 'baz' + min_version: 'beta' + vars: + name: 'gce-policy' + - name: 'resource_policy_instance_schedule_policy' + primary_resource_id: 'hourly' + vars: + name: 'gce-policy' + - name: 'resource_policy_snapshot_schedule_chain_name' + primary_resource_id: 'hourly' + vars: + name: 'gce-policy' + - name: 'resource_policy_consistency_group' + primary_resource_id: 'cgroup' + vars: + name: 'gce-policy' +parameters: + - name: 'region' + type: ResourceRef + description: Region where resource policy resides. + required: false + immutable: true + ignore_read: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The name of the resource, provided by the client when initially creating + the resource. The resource name must be 1-63 characters long, and comply + with RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])`? which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. + required: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create the resource. + - name: 'snapshotSchedulePolicy' + type: NestedObject + description: | + Policy for creating snapshots of persistent disks. + conflicts: + - group_placement_policy + - instance_schedule_policy + - disk_consistency_group_policy + properties: + - name: 'schedule' + type: NestedObject + description: | + Contains one of an `hourlySchedule`, `dailySchedule`, or `weeklySchedule`. + required: true + properties: + - name: 'hourlySchedule' + type: NestedObject + description: | + The policy will execute every nth hour starting at the specified time. + exactly_one_of: + - 'snapshot_schedule_policy.0.schedule.0.hourly_schedule' + - 'snapshot_schedule_policy.0.schedule.0.daily_schedule' + - 'snapshot_schedule_policy.0.schedule.0.weekly_schedule' + properties: + - name: 'hoursInCycle' + type: Integer + description: | + The number of hours between snapshots. + required: true + - name: 'startTime' + type: String + description: | + Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. eg: 21:00 + required: true + validation: + function: 'verify.ValidateHourlyOnly' + - name: 'dailySchedule' + type: NestedObject + description: | + The policy will execute every nth day at the specified time. + exactly_one_of: + - 'snapshot_schedule_policy.0.schedule.0.hourly_schedule' + - 'snapshot_schedule_policy.0.schedule.0.daily_schedule' + - 'snapshot_schedule_policy.0.schedule.0.weekly_schedule' + properties: + - name: 'daysInCycle' + type: Integer + description: | + Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1. + required: true + - name: 'startTime' + type: String + description: | + This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + required: true + validation: + function: 'verify.ValidateHourlyOnly' + - name: 'weeklySchedule' + type: NestedObject + description: | + Allows specifying a snapshot time for each day of the week. + exactly_one_of: + - 'snapshot_schedule_policy.0.schedule.0.hourly_schedule' + - 'snapshot_schedule_policy.0.schedule.0.daily_schedule' + - 'snapshot_schedule_policy.0.schedule.0.weekly_schedule' + properties: + - name: 'dayOfWeeks' + type: Array + description: | + May contain up to seven (one for each day of the week) snapshot times. + is_set: true + required: true + item_type: + type: NestedObject + properties: + - name: 'startTime' + type: String + description: | + Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + required: true + - name: 'day' + type: Enum + description: | + The day of the week to create the snapshot. e.g. MONDAY + required: true + enum_values: + - 'MONDAY' + - 'TUESDAY' + - 'WEDNESDAY' + - 'THURSDAY' + - 'FRIDAY' + - 'SATURDAY' + - 'SUNDAY' + min_size: 1 + max_size: 7 + - name: 'retentionPolicy' + type: NestedObject + description: | + Retention policy applied to snapshots created by this resource policy. + properties: + - name: 'maxRetentionDays' + type: Integer + description: | + Maximum age of the snapshot that is allowed to be kept. + required: true + - name: 'onSourceDiskDelete' + type: Enum + description: | + Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. + default_value: "KEEP_AUTO_SNAPSHOTS" + enum_values: + - 'KEEP_AUTO_SNAPSHOTS' + - 'APPLY_RETENTION_POLICY' + - name: 'snapshotProperties' + type: NestedObject + description: | + Properties with which the snapshots are created, such as labels. + properties: + - name: 'labels' + type: KeyValuePairs + description: | + A set of key-value pairs. + at_least_one_of: + - 'snapshot_schedule_policy.0.snapshot_properties.0.labels' + - 'snapshot_schedule_policy.0.snapshot_properties.0.storage_locations' + - 'snapshot_schedule_policy.0.snapshot_properties.0.guest_flush' + - name: 'storageLocations' + type: Array + description: | + Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional) + is_set: true + at_least_one_of: + - 'snapshot_schedule_policy.0.snapshot_properties.0.labels' + - 'snapshot_schedule_policy.0.snapshot_properties.0.storage_locations' + - 'snapshot_schedule_policy.0.snapshot_properties.0.guest_flush' + item_type: + type: String + max_size: 1 + - name: 'guestFlush' + type: Boolean + description: | + Whether to perform a 'guest aware' snapshot. + send_empty_value: true + at_least_one_of: + - 'snapshot_schedule_policy.0.snapshot_properties.0.labels' + - 'snapshot_schedule_policy.0.snapshot_properties.0.storage_locations' + - 'snapshot_schedule_policy.0.snapshot_properties.0.guest_flush' + - name: 'chainName' + type: String + description: | + Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and comply + with RFC1035. + - name: 'groupPlacementPolicy' + type: NestedObject + description: | + Resource policy for instances used for placement configuration. + conflicts: + - instance_schedule_policy + - snapshot_schedule_policy + - disk_consistency_group_policy + properties: + - name: 'vmCount' + type: Integer + description: | + Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + - name: 'availabilityDomainCount' + type: Integer + description: | + The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network + - name: 'collocation' + type: Enum + description: | + Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify `COLLOCATED` to enable collocation. Can only be specified with `vm_count`. If compute instances are created + with a COLLOCATED policy, then exactly `vm_count` instances must be created at the same time with the resource policy + attached. + enum_values: + - 'COLLOCATED' + - name: 'maxDistance' + type: Integer + description: | + Specifies the number of max logical switches. + min_version: 'beta' + - name: 'instanceSchedulePolicy' + type: NestedObject + description: | + Resource policy for scheduling instance operations. + conflicts: + - snapshot_schedule_policy + - group_placement_policy + - disk_consistency_group_policy + properties: + - name: 'vmStartSchedule' + type: NestedObject + description: | + Specifies the schedule for starting instances. + at_least_one_of: + - 'instance_schedule_policy.0.vm_start_schedule' + - 'instance_schedule_policy.0.vm_stop_schedule' + properties: + - name: 'schedule' + type: String + description: | + Specifies the frequency for the operation, using the unix-cron format. + required: true + - name: 'vmStopSchedule' + type: NestedObject + description: | + Specifies the schedule for stopping instances. + at_least_one_of: + - 'instance_schedule_policy.0.vm_start_schedule' + - 'instance_schedule_policy.0.vm_stop_schedule' + properties: + - name: 'schedule' + type: String + description: | + Specifies the frequency for the operation, using the unix-cron format. + required: true + - name: 'timeZone' + type: String + description: | + Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + required: true + - name: 'startTime' + type: String + description: | + The start time of the schedule. The timestamp is an RFC3339 string. + - name: 'expirationTime' + type: String + description: | + The expiration time of the schedule. The timestamp is an RFC3339 string. + - name: 'diskConsistencyGroupPolicy' + type: NestedObject + description: | + Replication consistency group for asynchronous disk replication. + send_empty_value: true + conflicts: + - snapshot_schedule_policy + - group_placement_policy + - instance_schedule_policy + custom_flatten: 'templates/terraform/custom_flatten/go/disk_consistency_group_policy.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/disk_consistency_group_policy.tmpl' + properties: + - name: 'enabled' + type: Boolean + description: | + Enable disk consistency on the resource policy. + required: true + immutable: true diff --git a/mmv1/products/compute/go_Route.yaml b/mmv1/products/compute/go_Route.yaml new file mode 100644 index 000000000000..af854f00bb37 --- /dev/null +++ b/mmv1/products/compute/go_Route.yaml @@ -0,0 +1,258 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Route' +kind: 'compute#route' +description: | + Represents a Route resource. + + A route is a rule that specifies how certain packets should be handled by + the virtual network. Routes are associated with virtual machines by tag, + and the set of routes for a particular virtual machine is called its + routing table. For each packet leaving a virtual machine, the system + searches that virtual machine's routing table for a single best matching + route. + + Routes match packets by destination IP address, preferring smaller or more + specific ranges over larger ones. If there is a tie, the system selects + the route with the smallest priority value. If there is still a tie, it + uses the layer three and four packet headers to select just one of the + remaining matching routes. The packet is then forwarded as specified by + the next_hop field of the winning route -- either to another virtual + machine destination, a virtual machine gateway or a Compute + Engine-operated gateway. Packets that do not match any route in the + sending virtual machine's routing table will be dropped. + + A Route resource must have exactly one specification of either + nextHopGateway, nextHopInstance, nextHopIp, nextHopVpnTunnel, or + nextHopIlb. + +references: + guides: + 'Using Routes': 'https://cloud.google.com/vpc/docs/using-routes' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routes' +docs: + optional_properties: | + * `next_hop_instance_zone` - (Optional when `next_hop_instance` is + specified) The zone of the instance specified in + `next_hop_instance`. Omit if `next_hop_instance` is specified as + a URL. +base_url: 'projects/{{project}}/global/routes' +has_self_link: true +immutable: true +mutex: 'projects/{{project}}/global/networks/{{network}}/peerings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/route.tmpl' + constants: 'templates/terraform/constants/go/compute_route.go.tmpl' + decoder: 'templates/terraform/decoders/go/route.tmpl' +error_retry_predicates: + + - 'transport_tpg.IsPeeringOperationInProgress' +examples: + - name: 'route_basic' + primary_resource_id: 'default' + vars: + route_name: 'network-route' + network_name: 'compute-network' + - name: 'route_ilb' + primary_resource_id: 'route-ilb' + vars: + network_name: 'compute-network' + subnet_name: 'compute-subnet' + forwarding_rule_name: 'compute-forwarding-rule' + health_check_name: 'proxy-health-check' + backend_name: 'compute-backend' + route_name: 'route-ilb' + - name: 'route_ilb_vip' + primary_resource_id: 'route-ilb' + min_version: 'beta' + vars: + producer_name: 'producer' + consumer_name: 'consumer' + forwarding_rule_name: 'compute-forwarding-rule' + health_check_name: 'proxy-health-check' + backend_name: 'compute-backend' + route_name: 'route-ilb' +parameters: +properties: + - name: 'destRange' + type: String + description: | + The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + required: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property + when you create the resource. + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + validation: + regex: '^[a-z]([-a-z0-9]*[a-z0-9])?$' + - name: 'network' + type: ResourceRef + description: 'The network that this route applies to.' + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'priority' + type: Integer + description: | + The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + immutable: true + send_empty_value: true + default_value: 1000 + - name: 'tags' + type: Array + description: 'A list of instance tags to which this route applies.' + is_set: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/set_to_list.tmpl' + item_type: + type: String + - name: 'nextHopGateway' + type: String + description: | + URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * `https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway` + * `projects/project/global/gateways/default-internet-gateway` + * `global/gateways/default-internet-gateway` + * The string `default-internet-gateway`. + immutable: true + exactly_one_of: + - 'next_hop_gateway' + - 'next_hop_instance' + - 'next_hop_ip' + - 'next_hop_vpn_tunnel' + - 'next_hop_ilb' + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/route_gateway.tmpl' + - name: 'nextHopInstance' + type: ResourceRef + description: | + URL to an instance that should handle matching packets. + You can specify this as a full or partial URL. For example: + * `https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance` + * `projects/project/zones/zone/instances/instance` + * `zones/zone/instances/instance` + * Just the instance name, with the zone in `next_hop_instance_zone`. + immutable: true + exactly_one_of: + - 'next_hop_gateway' + - 'next_hop_instance' + - 'next_hop_ip' + - 'next_hop_vpn_tunnel' + - 'next_hop_ilb' + custom_expand: 'templates/terraform/custom_expand/go/route_instance.tmpl' + resource: 'Instance' + imports: 'selfLink' + - name: 'nextHopIp' + type: String + description: | + Network IP address of an instance that should handle matching packets. + immutable: true + default_from_api: true + exactly_one_of: + - 'next_hop_gateway' + - 'next_hop_instance' + - 'next_hop_ip' + - 'next_hop_vpn_tunnel' + - 'next_hop_ilb' + - name: 'nextHopVpnTunnel' + type: ResourceRef + description: | + URL to a VpnTunnel that should handle matching packets. + immutable: true + exactly_one_of: + - 'next_hop_gateway' + - 'next_hop_instance' + - 'next_hop_ip' + - 'next_hop_vpn_tunnel' + - 'next_hop_ilb' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'VpnTunnel' + imports: 'selfLink' + - name: 'nextHopNetwork' + type: String + description: | + URL to a Network that should handle matching packets. + output: true + - name: 'nextHopIlb' + type: String + description: | + The IP address or URL to a forwarding rule of type + loadBalancingScheme=INTERNAL that should handle matching + packets. + + With the GA provider you can only specify the forwarding + rule as a partial or full URL. For example, the following + are all valid values: + * 10.128.0.56 + * https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule + * regions/region/forwardingRules/forwardingRule + + When the beta provider, you can also specify the IP address + of a forwarding rule from the same VPC or any peered VPC. + + Note that this can only be used when the destinationRange is + a public (non-RFC 1918) IP CIDR range. + immutable: true + exactly_one_of: + - 'next_hop_gateway' + - 'next_hop_instance' + - 'next_hop_ip' + - 'next_hop_vpn_tunnel' + - 'next_hop_ilb' + diff_suppress_func: 'CompareIpAddressOrSelfLinkOrResourceName' diff --git a/mmv1/products/compute/go_Router.yaml b/mmv1/products/compute/go_Router.yaml new file mode 100644 index 000000000000..530a6a8142c9 --- /dev/null +++ b/mmv1/products/compute/go_Router.yaml @@ -0,0 +1,200 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Router' +kind: 'compute#router' +description: | + Represents a Router resource. +references: + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/routers' +has_self_link: true +update_verb: 'PATCH' +mutex: 'router/{{region}}/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/router.go.tmpl' +custom_diff: + - 'resourceComputeRouterCustomDiff' +examples: + - name: 'router_basic' + primary_resource_id: 'foobar' + vars: + router_name: 'my-router' + network_name: 'my-network' + ignore_read_extra: + - 'advertisedIpRanges' + - name: 'compute_router_encrypted_interconnect' + primary_resource_id: 'encrypted-interconnect-router' + vars: + router_name: 'test-router' + network_name: 'test-network' + ignore_read_extra: + - 'advertisedIpRanges' +parameters: + - name: 'region' + type: ResourceRef + description: Region where the router resides. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + immutable: true + validation: + function: 'verify.ValidateGCEName' + - name: 'description' + type: String + description: | + An optional description of this resource. + send_empty_value: true + - name: 'network' + type: ResourceRef + description: | + A reference to the network to which this router belongs. + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'bgp' + type: NestedObject + description: | + BGP information specific to this router. + send_empty_value: true + properties: + - name: 'asn' + type: Integer + description: | + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + required: true + validation: + function: 'verify.ValidateRFC6996Asn' + - name: 'advertiseMode' + type: Enum + description: | + User-specified flag to indicate which mode to use for advertisement. + default_value: "DEFAULT" + enum_values: + - 'DEFAULT' + - 'CUSTOM' + - name: 'advertisedGroups' + type: Array + description: | + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS + send_empty_value: true + item_type: + type: String + - name: 'advertisedIpRanges' + type: Array + description: | + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + send_empty_value: true + custom_flatten: 'templates/terraform/custom_flatten/go/compute_router_range.go.tmpl' + item_type: + type: NestedObject + properties: + - name: 'range' + type: String + description: | + The IP range to advertise. The value must be a + CIDR-formatted string. + required: true + send_empty_value: true + - name: 'description' + type: String + description: | + User-specified description for the IP range. + send_empty_value: true + - name: 'keepaliveInterval' + type: Integer + description: | + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + default_value: 20 + - name: 'identifierRange' + type: String + description: | + Explicitly specifies a range of valid BGP Identifiers for this Router. + It is provided as a link-local IPv4 range (from 169.254.0.0/16), of + size at least /30, even if the BGP sessions are over IPv6. It must + not overlap with any IPv4 BGP session ranges. Other vendors commonly + call this router ID. + default_from_api: true + - name: 'encryptedInterconnectRouter' + type: Boolean + description: | + Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + immutable: true diff --git a/mmv1/products/compute/go_RouterNat.yaml b/mmv1/products/compute/go_RouterNat.yaml new file mode 100644 index 000000000000..bd91cff799c6 --- /dev/null +++ b/mmv1/products/compute/go_RouterNat.yaml @@ -0,0 +1,465 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RouterNat' +description: | + A NAT service created in a router. +references: + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +docs: +id_format: '{{project}}/{{region}}/{{router}}/{{name}}' +base_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}' +self_link: 'projects/{{project}}/regions/{{region}}/routers/{{router}}' +create_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}' +create_verb: 'PATCH' +update_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}' +update_verb: 'PATCH' +delete_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}' +delete_verb: 'PATCH' +mutex: 'router/{{region}}/{{router}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'nats' +identity: + - name +nested_query: + keys: + - nats + is_list_of_ids: false + modify_by_patch: true +custom_code: + constants: 'templates/terraform/constants/go/router_nat.go.tmpl' + pre_create: 'templates/terraform/constants/go/router_nat_validate_action_active_range.go.tmpl' + pre_update: 'templates/terraform/constants/go/router_nat_validate_action_active_range.go.tmpl' +custom_diff: + - 'resourceComputeRouterNatDrainNatIpsCustomDiff' +exclude_tgc: true +examples: + - name: 'router_nat_basic' + primary_resource_id: 'nat' + vars: + router_name: 'my-router' + nat_name: 'my-router-nat' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + skip_test: true + - name: 'router_nat_manual_ips' + primary_resource_id: 'nat_manual' + vars: + router_name: 'my-router' + nat_name: 'my-router-nat' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + address_name: 'nat-manual-ip' + skip_test: true + - name: 'router_nat_rules' + primary_resource_id: 'nat_rules' + vars: + router_name: 'my-router' + nat_name: 'my-router-nat' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + address_name1: 'nat-address1' + address_name2: 'nat-address2' + address_name3: 'nat-address3' + skip_test: true + - name: 'router_nat_private' + primary_resource_id: 'nat_type' + min_version: 'beta' + vars: + router_name: 'my-router' + nat_name: 'my-router-nat' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + hub_name: 'my-hub' + spoke_name: 'my-spoke' + skip_test: true +parameters: + - name: 'router' + type: ResourceRef + description: | + The name of the Cloud Router in which this NAT will be configured. + url_param_only: true + required: true + immutable: true + resource: 'Router' + imports: 'name' + - name: 'region' + type: ResourceRef + description: Region where the router and NAT reside. + url_param_only: true + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the NAT service. The name must be 1-63 characters long and + comply with RFC1035. + required: true + immutable: true + validation: + function: 'verify.ValidateRFC1035Name(2, 63)' + - name: 'natIpAllocateOption' + type: Enum + description: | + How external IPs should be allocated for this NAT. Valid values are + `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud + Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. + required: false + enum_values: + - 'MANUAL_ONLY' + - 'AUTO_ONLY' + - name: 'natIps' + type: Array + description: | + Self-links of NAT IPs. Only valid if natIpAllocateOption + is set to MANUAL_ONLY. + is_set: true + send_empty_value: true + set_hash_func: computeRouterNatIPsHash + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'address' + type: ResourceRef + description: 'A reference to an address associated with this NAT' + resource: 'Address' + imports: 'selfLink' + - name: 'drainNatIps' + type: Array + description: | + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. + is_set: true + send_empty_value: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'address' + type: ResourceRef + description: 'A reference to an address associated with this NAT' + resource: 'Address' + imports: 'selfLink' + - name: 'sourceSubnetworkIpRangesToNat' + type: Enum + description: | + How NAT should be configured per Subnetwork. + If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the + IP ranges in every Subnetwork are allowed to Nat. + If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP + ranges in every Subnetwork are allowed to Nat. + `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. + required: true + enum_values: + - 'ALL_SUBNETWORKS_ALL_IP_RANGES' + - 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES' + - 'LIST_OF_SUBNETWORKS' + - name: 'subnetwork' + type: Array + description: | + One or more subnetwork NAT configurations. Only used if + `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS` + api_name: subnetworks + is_set: true + send_empty_value: true + set_hash_func: computeRouterNatSubnetworkHash + item_type: + type: NestedObject + properties: + - name: 'name' + type: ResourceRef + description: 'Self-link of subnetwork to NAT' + required: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'sourceIpRangesToNat' + type: Array + description: | + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + `ALL_IP_RANGES`, `LIST_OF_SECONDARY_IP_RANGES`, + `PRIMARY_IP_RANGE`. + is_set: true + required: true + item_type: + type: String + min_size: 1 + - name: 'secondaryIpRangeNames' + type: Array + description: | + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + `LIST_OF_SECONDARY_IP_RANGES` is one of the values in + sourceIpRangesToNat + is_set: true + item_type: + type: String + - name: 'minPortsPerVm' + type: Integer + description: | + Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. + default_from_api: true + - name: 'maxPortsPerVm' + type: Integer + description: | + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + - name: 'enableDynamicPortAllocation' + type: Boolean + description: | + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + default_from_api: true + send_empty_value: true + - name: 'udpIdleTimeoutSec' + type: Integer + description: | + Timeout (in seconds) for UDP connections. Defaults to 30s if not set. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: 30 + - name: 'icmpIdleTimeoutSec' + type: Integer + description: | + Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: 30 + - name: 'tcpEstablishedIdleTimeoutSec' + type: Integer + description: | + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: 1200 + - name: 'tcpTransitoryIdleTimeoutSec' + type: Integer + description: | + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: 30 + - name: 'tcpTimeWaitTimeoutSec' + type: Integer + description: | + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: 120 + - name: 'logConfig' + type: NestedObject + description: | + Configuration for logging on NAT + send_empty_value: true + properties: + - name: 'enable' + type: Boolean + description: | + Indicates whether or not to export logs. + required: true + - name: 'filter' + type: Enum + description: | + Specifies the desired filtering of logs on this NAT. + required: true + enum_values: + - 'ERRORS_ONLY' + - 'TRANSLATIONS_ONLY' + - 'ALL' + - name: 'endpointTypes' + type: Array + description: | + Specifies the endpoint Types supported by the NAT Gateway. + Supported values include: + `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`, + `ENDPOINT_TYPE_MANAGED_PROXY_LB`. + immutable: true + default_from_api: true + item_type: + type: String + min_size: 1 + - name: 'rules' + type: Array + description: 'A list of rules associated with this NAT.' + is_set: true + send_empty_value: true + set_hash_func: computeRouterNatRulesHash + item_type: + type: NestedObject + properties: + - name: 'ruleNumber' + type: Integer + description: | + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + required: true + send_empty_value: true + validation: + function: 'validation.IntBetween(0, 65000)' + - name: 'description' + type: String + description: 'An optional description of this rule.' + - name: 'match' + type: String + description: | + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'" + required: true + - name: 'action' + type: NestedObject + description: + 'The action to be enforced for traffic that matches this rule.' + default_from_api: true + properties: + - name: 'sourceNatActiveIps' + type: Array + description: | + A list of URLs of the IP resources used for this NAT rule. + These IP addresses must be valid static external IP addresses assigned to the project. + This field is used for public NAT. + is_set: true + set_hash_func: computeRouterNatIPsHash + custom_flatten: 'templates/terraform/custom_flatten/go/nat_rules_ip_set.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'address' + type: ResourceRef + description: + 'A reference to an address associated with this NAT' + resource: 'Address' + imports: 'selfLink' + - name: 'sourceNatDrainIps' + type: Array + description: | + A list of URLs of the IP resources to be drained. + These IPs must be valid static external IPs that have been assigned to the NAT. + These IPs should be used for updating/patching a NAT rule only. + This field is used for public NAT. + is_set: true + set_hash_func: computeRouterNatIPsHash + custom_flatten: 'templates/terraform/custom_flatten/go/nat_rules_ip_set.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'address' + type: ResourceRef + description: + 'A reference to an address associated with this NAT' + resource: 'Address' + imports: 'selfLink' + - name: 'sourceNatActiveRanges' + type: Array + description: | + A list of URLs of the subnetworks used as source ranges for this NAT Rule. + These subnetworks must have purpose set to PRIVATE_NAT. + This field is used for private NAT. + is_set: true + min_version: 'beta' + set_hash_func: computeRouterNatRulesSubnetHash + custom_flatten: 'templates/terraform/custom_flatten/go/nat_rules_subnets_set.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'subnet' + type: ResourceRef + description: + 'A reference to a subnetwork address associated with this NAT' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'sourceNatDrainRanges' + type: Array + description: | + A list of URLs of subnetworks representing source ranges to be drained. + This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. + This field is used for private NAT. + is_set: true + min_version: 'beta' + set_hash_func: computeRouterNatRulesSubnetHash + custom_flatten: 'templates/terraform/custom_flatten/go/nat_rules_subnets_set.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'subnet' + type: ResourceRef + description: + 'A reference to a subnetwork address associated with this NAT' + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'enableEndpointIndependentMapping' + type: Boolean + description: | + Enable endpoint independent mapping. + For more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + default_from_api: true + send_empty_value: true + - name: 'type' + type: Enum + description: | + Indicates whether this NAT is used for public or private IP translation. + If unspecified, it defaults to PUBLIC. + If `PUBLIC` NAT used for public IP translation. + If `PRIVATE` NAT used for private IP translation. + min_version: 'beta' + immutable: true + default_value: "PUBLIC" + enum_values: + - 'PUBLIC' + - 'PRIVATE' + - name: 'autoNetworkTier' + type: Enum + description: | + The network tier to use when automatically reserving NAT IP addresses. + Must be one of: PREMIUM, STANDARD. If not specified, then the current + project-level default tier is used. + default_from_api: true + enum_values: + - 'PREMIUM' + - 'STANDARD' diff --git a/mmv1/products/compute/go_RouterRoutePolicy.yaml b/mmv1/products/compute/go_RouterRoutePolicy.yaml new file mode 100644 index 000000000000..afa5e8f73af3 --- /dev/null +++ b/mmv1/products/compute/go_RouterRoutePolicy.yaml @@ -0,0 +1,191 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RouterRoutePolicy' +description: A route policy created in a router +min_version: 'beta' +references: + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +docs: +id_format: '{{project}}/{{region}}/{{router}}/routePolicies/{{name}}' +base_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}' +self_link: 'projects/{{project}}/regions/{{region}}/routers/{{router}}/getRoutePolicy?policy={{name}}' +create_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}/updateRoutePolicy' +update_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}/updateRoutePolicy' +update_verb: 'POST' +update_mask: true +delete_url: 'projects/{{project}}/regions/{{region}}/routers/{{router}}/deleteRoutePolicy?policy={{name}}' +delete_verb: 'POST' +import_format: + - '{{project}}/{{region}}/{{router}}/routePolicies/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + decoder: 'templates/terraform/decoders/go/unwrap_route_policy_resource.go.tmpl' +examples: + - name: 'router_route_policy_export' + primary_resource_id: 'rp-export' + vars: + router_name: 'my-router' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + route_policy_name: 'my-rp1' + - name: 'router_route_policy_import' + primary_resource_id: 'rp-import' + vars: + router_name: 'my-router' + network_name: 'my-network' + subnet_name: 'my-subnetwork' + route_policy_name: 'my-rp2' +parameters: + - name: 'router' + type: ResourceRef + description: | + The name of the Cloud Router in which this route policy will be configured. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + resource: 'Router' + imports: 'name' + - name: 'region' + type: ResourceRef + description: Region where the router and NAT reside. + min_version: 'beta' + url_param_only: true + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + resource: 'Region' + imports: 'name' + - name: 'name' + type: String + description: | + Name of the route policy. This policy's name, which must be a resource ID segment and unique within all policies owned by the Router + min_version: 'beta' + required: true + immutable: true +properties: + - name: 'type' + type: Enum + description: | + This is policy's type, which is one of IMPORT or EXPORT + min_version: 'beta' + enum_values: + - 'ROUTE_POLICY_TYPE_IMPORT' + - 'ROUTE_POLICY_TYPE_EXPORT' + - name: 'terms' + type: Array + description: | + List of terms (the order in the list is not important, they are evaluated in order of priority). + min_version: 'beta' + required: true + immutable: true + item_type: + type: NestedObject + properties: + - name: 'priority' + type: Integer + description: | + The evaluation priority for this term, which must be between 0 (inclusive) and 231 (exclusive), and unique within the list. + min_version: 'beta' + required: true + - name: 'match' + type: NestedObject + description: | + CEL expression evaluated against a route to determine if this term applies (see Policy Language). When not set, the term applies to all routes. + min_version: 'beta' + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + min_version: 'beta' + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + min_version: 'beta' + - name: 'description' + type: String + description: Description of the expression + min_version: 'beta' + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + min_version: 'beta' + - name: 'actions' + type: Array + description: | + 'CEL expressions to evaluate to modify a route when this term matches.'\ + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression + Language syntax. + min_version: 'beta' + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its + purpose. + min_version: 'beta' + - name: 'description' + type: String + description: | + Description of the expression + min_version: 'beta' + - name: 'location' + type: String + description: | + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + min_version: 'beta' + - name: 'fingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + min_version: 'beta' + output: true diff --git a/mmv1/products/compute/go_SecurityPolicyRule.yaml b/mmv1/products/compute/go_SecurityPolicyRule.yaml new file mode 100644 index 000000000000..38faecb63b84 --- /dev/null +++ b/mmv1/products/compute/go_SecurityPolicyRule.yaml @@ -0,0 +1,448 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SecurityPolicyRule' +description: | + A rule for the SecurityPolicy. +references: + guides: + 'Creating global security policy rules': 'https://cloud.google.com/armor/docs/configure-security-policies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies/addRule' +docs: +id_format: 'projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}' +base_url: 'projects/{{project}}/global/securityPolicies/{{security_policy}}' +self_link: 'projects/{{project}}/global/securityPolicies/{{security_policy}}/getRule?priority={{priority}}' +create_url: 'projects/{{project}}/global/securityPolicies/{{security_policy}}/addRule?priority={{priority}}' +update_url: 'projects/{{project}}/global/securityPolicies/{{security_policy}}/patchRule?priority={{priority}}' +update_verb: 'POST' +update_mask: true +delete_url: 'projects/{{project}}/global/securityPolicies/{{security_policy}}/removeRule?priority={{priority}}' +delete_verb: 'POST' +import_format: + - 'projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: +examples: + - name: 'security_policy_rule_basic' + primary_resource_id: 'policy_rule' + vars: + sec_policy_name: 'policyruletest' + - name: 'security_policy_rule_default_rule' + primary_resource_id: 'policy_rule' + vars: + sec_policy_name: 'policyruletest' + project_id: 'PROJECT_NAME' + skip_test: true + - name: 'security_policy_rule_multiple_rules' + primary_resource_id: 'policy_rule_one' + vars: + sec_policy_name: 'policywithmultiplerules' +parameters: + - name: 'security_policy' + type: String + description: | + The name of the security policy this rule belongs to. + url_param_only: true + required: true + immutable: true +properties: + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create the resource. + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. + required: true + immutable: true + - name: 'match' + type: NestedObject + description: | + A match condition that incoming traffic is evaluated against. + If it evaluates to true, the corresponding 'action' is enforced. + properties: + - name: 'versionedExpr' + type: Enum + description: | + Preconfigured versioned expression. If this field is specified, config must also be specified. + Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. + enum_values: + - 'SRC_IPS_V1' + - name: 'expr' + type: NestedObject + description: | + User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. + # >> These fields are not yet supported, following the global security policy resource. + required: true + - name: 'exprOptions' + type: NestedObject + description: | + The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr'). + properties: + - name: 'recaptchaOptions' + type: NestedObject + description: | + reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect. + required: true + properties: + - name: 'actionTokenSiteKeys' + type: Array + description: | + A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. + item_type: + type: String + - name: 'sessionTokenSiteKeys' + type: Array + description: | + A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. + item_type: + type: String + - name: 'config' + type: NestedObject + description: | + The configuration options available when specifying versionedExpr. + This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified. + properties: + - name: 'srcIpRanges' + type: Array + description: | + CIDR IP address range. Maximum number of srcIpRanges allowed is 10. + item_type: + type: String + - name: 'preconfiguredWafConfig' + type: NestedObject + description: | + Preconfigured WAF configuration to be applied for the rule. + If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. + properties: + - name: 'exclusion' + type: Array + description: | + An exclusion to apply during preconfigured WAF evaluation. + api_name: exclusions + item_type: + type: NestedObject + properties: + - name: 'requestHeader' + type: Array + description: | + Request header whose value will be excluded from inspection during preconfigured WAF evaluation. + api_name: requestHeadersToExclude + item_type: + type: NestedObject + properties: + - name: 'operator' + type: String + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + required: true + validation: + function: 'validation.StringInSlice([]string{"EQUALS", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "EQUALS_ANY"}, false)' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + - name: 'requestCookie' + type: Array + description: | + Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. + api_name: requestCookiesToExclude + item_type: + type: NestedObject + properties: + - name: 'operator' + type: String + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + required: true + validation: + function: 'validation.StringInSlice([]string{"EQUALS", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "EQUALS_ANY"}, false)' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + - name: 'requestUri' + type: Array + description: | + Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. + When specifying this field, the query or fragment part should be excluded. + api_name: requestUrisToExclude + item_type: + type: NestedObject + properties: + - name: 'operator' + type: String + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + required: true + validation: + function: 'validation.StringInSlice([]string{"EQUALS", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "EQUALS_ANY"}, false)' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + - name: 'requestQueryParam' + type: Array + description: | + Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. + Note that the parameter can be in the query string or in the POST body. + api_name: requestQueryParamsToExclude + item_type: + type: NestedObject + properties: + - name: 'operator' + type: String + description: | + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + api_name: op + required: true + validation: + function: 'validation.StringInSlice([]string{"EQUALS", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "EQUALS_ANY"}, false)' + - name: 'value' + type: String + description: | + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + api_name: val + - name: 'targetRuleSet' + type: String + description: | + Target WAF rule set to apply the preconfigured WAF exclusion. + required: true + - name: 'targetRuleIds' + type: Array + description: | + A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under the WAF rule set. + item_type: + type: String + - name: 'action' + type: String + description: | + The Action to perform when the rule is matched. The following are the valid actions: + + * allow: allow access to target. + + * deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502. + + * rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set. + + * redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. + + * throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this. + required: true + - name: 'rateLimitOptions' + type: NestedObject + description: | + Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions. + update_mask_fields: + - 'rateLimitOptions.rateLimitThreshold' + - 'rateLimitOptions.conformAction' + - 'rateLimitOptions.exceedRedirectOptions' + - 'rateLimitOptions.exceedAction' + - 'rateLimitOptions.enforceOnKey' + - 'rateLimitOptions.enforceOnKeyName' + - 'rateLimitOptions.enforceOnKeyConfigs' + - 'rateLimitOptions.banThreshold' + - 'rateLimitOptions.banDurationSec' + properties: + - name: 'rateLimitThreshold' + type: NestedObject + description: | + Threshold at which to begin ratelimiting. + properties: + - name: 'count' + type: Integer + description: | + Number of HTTP(S) requests for calculating the threshold. + - name: 'intervalSec' + type: Integer + description: | + Interval over which the threshold is computed. + - name: 'conformAction' + type: String + description: | + Action to take for requests that are under the configured rate limit threshold. + Valid option is "allow" only. + - name: 'exceedRedirectOptions' + type: NestedObject + description: | + Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR. + properties: + - name: 'type' + type: String + description: | + Type of the redirect action. + - name: 'target' + type: String + description: | + Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA. + - name: 'exceedAction' + type: String + description: | + Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. + Valid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502. + - name: 'enforceOnKey' + type: Enum + description: | + Determines the key to enforce the rateLimitThreshold on. Possible values are: + * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKey" is not configured. + * IP: The source IP address of the request is the key. Each IP has this limit enforced separately. + * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. + * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. + * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. + * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. + * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. + * REGION_CODE: The country/region from which the request originates. + * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL. + * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP. + enum_values: + - 'ALL' + - 'IP' + - 'HTTP_HEADER' + - 'XFF_IP' + - 'HTTP_COOKIE' + - 'HTTP_PATH' + - 'SNI' + - 'REGION_CODE' + - 'TLS_JA3_FINGERPRINT' + - 'USER_IP' + - name: 'enforceOnKeyName' + type: String + description: | + Rate limit key name applicable only for the following key types: + HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. + HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + - name: 'enforceOnKeyConfigs' + type: Array + description: | + If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced. + You can specify up to 3 enforceOnKeyConfigs. + If enforceOnKeyConfigs is specified, enforceOnKey must not be specified. + item_type: + type: NestedObject + properties: + - name: 'enforceOnKeyType' + type: Enum + description: | + Determines the key to enforce the rateLimitThreshold on. Possible values are: + * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKeyConfigs" is not configured. + * IP: The source IP address of the request is the key. Each IP has this limit enforced separately. + * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. + * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. + * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. + * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. + * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. + * REGION_CODE: The country/region from which the request originates. + * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL. + * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP. + enum_values: + - 'ALL' + - 'IP' + - 'HTTP_HEADER' + - 'XFF_IP' + - 'HTTP_COOKIE' + - 'HTTP_PATH' + - 'SNI' + - 'REGION_CODE' + - 'TLS_JA3_FINGERPRINT' + - 'USER_IP' + - name: 'enforceOnKeyName' + type: String + description: | + Rate limit key name applicable only for the following key types: + HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. + HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + - name: 'banThreshold' + type: NestedObject + description: | + Can only be specified if the action for the rule is "rate_based_ban". + If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'. + properties: + - name: 'count' + type: Integer + description: | + Number of HTTP(S) requests for calculating the threshold. + - name: 'intervalSec' + type: Integer + description: | + Interval over which the threshold is computed. + - name: 'banDurationSec' + type: Integer + description: | + Can only be specified if the action for the rule is "rate_based_ban". + If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. + - name: 'preview' + type: Boolean + description: | + If set to true, the specified action is not enforced. diff --git a/mmv1/products/compute/go_ServiceAttachment.yaml b/mmv1/products/compute/go_ServiceAttachment.yaml new file mode 100644 index 000000000000..f35f6bb89b94 --- /dev/null +++ b/mmv1/products/compute/go_ServiceAttachment.yaml @@ -0,0 +1,241 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceAttachment' +kind: 'compute#ServiceAttachment' +description: | + Represents a ServiceAttachment resource. +references: + guides: + 'Configuring Private Service Connect to access services': 'https://cloud.google.com/vpc/docs/configure-private-service-connect-services' + api: 'https://cloud.google.com/compute/docs/reference/beta/serviceAttachments' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/serviceAttachments' +has_self_link: true +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/compute_service_attachment.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/compute_service_attachment.go.tmpl' +examples: + - name: 'service_attachment_basic' + primary_resource_id: 'psc_ilb_service_attachment' + vars: + service_attachment_name: 'my-psc-ilb' + network_name: 'psc-ilb-network' + nat_subnetwork_name: 'psc-ilb-nat' + producer_subnetwork_name: 'psc-ilb-producer-subnetwork' + producer_health_check_name: 'producer-service-health-check' + producer_service_name: 'producer-service' + producer_forwarding_rule_name: 'producer-forwarding-rule' + consumer_address_name: 'psc-ilb-consumer-address' + consumer_forwarding_rule_name: 'psc-ilb-consumer-forwarding-rule' + - name: 'service_attachment_explicit_projects' + primary_resource_id: 'psc_ilb_service_attachment' + vars: + service_attachment_name: 'my-psc-ilb' + network_name: 'psc-ilb-network' + nat_subnetwork_name: 'psc-ilb-nat' + producer_subnetwork_name: 'psc-ilb-producer-subnetwork' + producer_health_check_name: 'producer-service-health-check' + producer_service_name: 'producer-service' + producer_forwarding_rule_name: 'producer-forwarding-rule' + consumer_address_name: 'psc-ilb-consumer-address' + consumer_forwarding_rule_name: 'psc-ilb-consumer-forwarding-rule' + - name: 'service_attachment_explicit_networks' + primary_resource_id: 'psc_ilb_service_attachment' + vars: + service_attachment_name: 'my-psc-ilb' + network_name: 'psc-ilb-network' + nat_subnetwork_name: 'psc-ilb-nat' + producer_subnetwork_name: 'psc-ilb-producer-subnetwork' + producer_health_check_name: 'producer-service-health-check' + producer_service_name: 'producer-service' + producer_forwarding_rule_name: 'producer-forwarding-rule' + consumer_network_name: 'psc-ilb-consumer-network' + consumer_address_name: 'psc-ilb-consumer-address' + consumer_forwarding_rule_name: 'psc-ilb-consumer-forwarding-rule' + - name: 'service_attachment_reconcile_connections' + primary_resource_id: 'psc_ilb_service_attachment' + vars: + service_attachment_name: 'my-psc-ilb' + network_name: 'psc-ilb-network' + nat_subnetwork_name: 'psc-ilb-nat' + producer_subnetwork_name: 'psc-ilb-producer-subnetwork' + producer_health_check_name: 'producer-service-health-check' + producer_service_name: 'producer-service' + producer_forwarding_rule_name: 'producer-forwarding-rule' + consumer_address_name: 'psc-ilb-consumer-address' + consumer_forwarding_rule_name: 'psc-ilb-consumer-forwarding-rule' +parameters: + - name: 'region' + type: ResourceRef + description: | + URL of the region where the resource resides. + required: false + immutable: true + ignore_read: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + immutable: true + - name: 'description' + type: String + description: | + An optional description of this resource. + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + output: true + - name: 'connectionPreference' + type: String + description: | + The connection preference to use for this service attachment. Valid + values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL". + required: true + - name: 'connectedEndpoints' + type: Array + description: | + An array of the consumer forwarding rules connected to this service + attachment. + output: true + item_type: + type: NestedObject + properties: + - name: 'endpoint' + type: String + description: | + The URL of the consumer forwarding rule. + output: true + - name: 'status' + type: String + description: | + The status of the connection from the consumer forwarding rule to + this service attachment. + output: true + - name: 'targetService' + type: String + description: | + The URL of a service serving the endpoint identified by this service attachment. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'natSubnets' + type: Array + description: | + An array of subnets that is provided for NAT in this service attachment. + required: true + send_empty_value: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'subnet' + type: ResourceRef + description: | + A subnet that is provided for NAT in this service attachment. + resource: 'Subnetwork' + imports: 'selfLink' + - name: 'enableProxyProtocol' + type: Boolean + description: | + If true, enable the proxy protocol which is for supplying client TCP/IP + address data in TCP connections that traverse proxies on their way to + destination servers. + required: true + - name: 'domainNames' + type: Array + description: | + If specified, the domain name will be used during the integration between + the PSC connected endpoints and the Cloud DNS. For example, this is a + valid domain name: "p.mycompany.com.". Current max number of domain names + supported is 1. + immutable: true + item_type: + type: String + - name: 'consumerRejectLists' + type: Array + description: | + An array of projects that are not allowed to connect to this service + attachment. + send_empty_value: true + item_type: + type: String + - name: 'consumerAcceptLists' + type: Array + description: | + An array of projects that are allowed to connect to this service + attachment. + is_set: true + send_empty_value: true + set_hash_func: computeServiceAttachmentConsumerAcceptListsHash + item_type: + type: NestedObject + properties: + - name: 'projectIdOrNum' + type: String + description: | + A project that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. + - name: 'networkUrl' + type: String + description: | + The network that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. + diff_suppress_func: 'tpgresource.CompareSelfLinkRelativePaths' + - name: 'connectionLimit' + type: Integer + description: | + The number of consumer forwarding rules the consumer project can + create. + required: true + - name: 'reconcileConnections' + type: Boolean + description: | + This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. + + If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . + If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. + default_from_api: true + send_empty_value: true diff --git a/mmv1/products/compute/go_Snapshot.yaml b/mmv1/products/compute/go_Snapshot.yaml new file mode 100644 index 000000000000..777187208741 --- /dev/null +++ b/mmv1/products/compute/go_Snapshot.yaml @@ -0,0 +1,250 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Snapshot' +kind: 'compute#snapshot' +description: | + Represents a Persistent Disk Snapshot resource. + + Use snapshots to back up data from your persistent disks. Snapshots are + different from public images and custom images, which are used primarily + to create instances or configure instance templates. Snapshots are useful + for periodic backup of the data on your persistent disks. You can create + snapshots from persistent disks even while they are attached to running + instances. + + Snapshots are incremental, so you can create regular snapshots on a + persistent disk faster and at a much lower cost than if you regularly + created a full image of the disk. +# 'createSnapshot' is a zonal operation while 'snapshot.delete' is a global +# operation. we'll leave the object as global operation and use the disk's +# zonal operation for the create action. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/disks/create-snapshots' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/snapshots' +docs: +base_url: 'projects/{{project}}/global/snapshots' +has_self_link: true +create_url: 'PRE_CREATE_REPLACE_ME/createSnapshot' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + full_url: 'selfLink' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/global/snapshots/{{name}}' + - '{{name}}' +custom_code: + decoder: 'templates/terraform/decoders/go/snapshot.go.tmpl' + pre_create: 'templates/terraform/pre_create/go/compute_snapshot_precreate_url.go.tmpl' +examples: + - name: 'snapshot_basic' + primary_resource_id: 'snapshot' + primary_resource_name: 'fmt.Sprintf("tf-test-my-snapshot%s", context["random_suffix"])' + vars: + snapshot_name: 'my-snapshot' + disk_name: 'debian-disk' + - name: 'snapshot_chainname' + primary_resource_id: 'snapshot' + primary_resource_name: 'fmt.Sprintf("tf-test-snapshot-chainname%s", context["random_suffix"])' + vars: + snapshot_name: 'my-snapshot' + disk_name: 'debian-disk' + chain_name: 'snapshot-chain' +parameters: + - name: 'sourceDisk' + type: ResourceRef + description: 'A reference to the disk used to create this snapshot.' + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Disk' + imports: 'name' + - name: 'zone' + type: ResourceRef + description: 'A reference to the zone where the disk is hosted.' + required: false + immutable: true + ignore_read: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' + - name: 'snapshotEncryptionKey' + type: NestedObject + description: | + Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + ignore_read: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/compute_snapshot_snapshot_encryption_raw_key.go.tmpl' + - name: 'sha256' + type: String + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - name: 'kmsKeySelfLink' + type: String + description: | + The name of the encryption key that is stored in Google Cloud KMS. + api_name: kmsKeyName + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + # ignore_read in providers - this is only used in Create + - name: 'sourceDiskEncryptionKey' + type: NestedObject + description: | + The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + ignore_read: true + properties: + - name: 'rawKey' + type: String + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + # The docs list this field but it is never returned. + sensitive: true + - name: 'kmsKeyServiceAccount' + type: String + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'snapshot_id' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'diskSizeGb' + type: Integer + description: 'Size of the snapshot, specified in GB.' + output: true + - name: 'chainName' + type: String + description: | + Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and + comply with RFC1035. This is an uncommon option only for advanced + service owners who needs to create separate snapshot chains, for + example, for chargeback tracking. When you describe your snapshot + resource, this field is visible only if it has a non-empty value. + - name: 'name' + type: String + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + # 'sourceDiskId' not useful for object convergence. + immutable: true + - name: 'storageBytes' + type: Integer + description: | + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + output: true + - name: 'storageLocations' + type: Array + description: | + Cloud Storage bucket storage location of the snapshot (regional or multi-regional). + default_from_api: true + item_type: + type: String + - name: 'licenses' + type: Array + description: | + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + output: true + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'license' + type: ResourceRef + description: 'A reference to a license associated with this snapshot' + resource: 'License' + imports: 'selfLink' + - name: 'labels' + type: KeyValueLabels + description: Labels to apply to this Snapshot. + immutable: false + update_url: 'projects/{{project}}/global/snapshots/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/global/snapshots/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' diff --git a/mmv1/products/compute/go_SslCertificate.yaml b/mmv1/products/compute/go_SslCertificate.yaml new file mode 100644 index 000000000000..0c12f39c56b0 --- /dev/null +++ b/mmv1/products/compute/go_SslCertificate.yaml @@ -0,0 +1,124 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SslCertificate' +kind: 'compute#sslCertificate' +description: | + An SslCertificate resource, used for HTTPS load balancing. This resource + provides a mechanism to upload an SSL key and certificate to + the load balancer to serve secure connections from the user. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates' +docs: + optional_properties: | + * `name_prefix` - (Optional) Creates a unique name beginning with the + specified prefix. Conflicts with `name`. +base_url: 'projects/{{project}}/global/sslCertificates' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/ssl_certificate.tmpl' +examples: + - name: 'ssl_certificate_basic' + primary_resource_id: 'default' + ignore_read_extra: + - 'name_prefix' + skip_vcr: true + - name: 'ssl_certificate_random_provider' + primary_resource_id: 'default' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'ssl_certificate_target_https_proxies' + primary_resource_id: 'default' + vars: + target_https_proxy_name: 'test-proxy' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + ignore_read_extra: + - 'name_prefix' + skip_vcr: true +parameters: +properties: + - name: 'certificate' + type: String + description: | + The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + required: true + sensitive: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'expireTime' + type: String + description: 'Expire time of the certificate in RFC3339 text format.' + output: true + - name: 'certificate_id' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + These are in the same namespace as the managed SSL certificates. + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/name_or_name_prefix.go.tmpl' + validation: + function: 'verify.ValidateGCEName' + - name: 'privateKey' + type: String + description: 'The write-only private key in PEM format.' + required: true + immutable: true + ignore_read: true + sensitive: true + diff_suppress_func: 'sha256DiffSuppress' + custom_flatten: 'templates/terraform/custom_flatten/go/sha256.tmpl' diff --git a/mmv1/products/compute/go_SslPolicy.yaml b/mmv1/products/compute/go_SslPolicy.yaml new file mode 100644 index 000000000000..fedccef00273 --- /dev/null +++ b/mmv1/products/compute/go_SslPolicy.yaml @@ -0,0 +1,137 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SslPolicy' +kind: 'compute#sslPolicy' +description: | + Represents a SSL policy. SSL policies give you the ability to control the + features of SSL that your SSL proxy or HTTPS load balancer negotiates. +references: + guides: + 'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies' +docs: +base_url: 'projects/{{project}}/global/sslPolicies' +has_self_link: true +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/ssl_policy.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/ssl_policy.tmpl' +custom_diff: + - 'sslPolicyCustomizeDiff' +examples: + - name: 'ssl_policy_basic' + primary_resource_id: 'prod-ssl-policy' + vars: + production_ssl_policy_name: 'production-ssl-policy' + nonprod_ssl_policy_name: 'nonprod-ssl-policy' + custom_ssl_policy_name: 'custom-ssl-policy' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'profile' + type: Enum + description: | + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using `CUSTOM`, + the set of SSL features to enable must be specified in the + `customFeatures` field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + `CUSTOM` is used, the `custom_features` attribute **must be set**. + default_value: "COMPATIBLE" + enum_values: + - 'COMPATIBLE' + - 'MODERN' + - 'RESTRICTED' + - 'CUSTOM' + - name: 'minTlsVersion' + type: Enum + description: | + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. + default_value: "TLS_1_0" + enum_values: + - 'TLS_1_0' + - 'TLS_1_1' + - 'TLS_1_2' + - name: 'enabledFeatures' + type: Array + description: 'The list of features enabled in the SSL policy.' + is_set: true + output: true + item_type: + type: String + - name: 'customFeatures' + type: Array + description: | + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + `COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`, + the set of SSL features to enable must be specified in the + `customFeatures` field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the `CUSTOM` profile. This argument + *must not* be present when using any other profile. + is_set: true + item_type: + type: String + - name: 'fingerprint' + type: String + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + output: true diff --git a/mmv1/products/compute/go_Subnetwork.yaml b/mmv1/products/compute/go_Subnetwork.yaml new file mode 100644 index 000000000000..288bb3b3429e --- /dev/null +++ b/mmv1/products/compute/go_Subnetwork.yaml @@ -0,0 +1,406 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Subnetwork' +kind: 'compute#subnetwork' +description: | + A VPC network is a virtual version of the traditional physical networks + that exist within and between physical data centers. A VPC network + provides connectivity for your Compute Engine virtual machine (VM) + instances, Container Engine containers, App Engine Flex services, and + other network-related resources. + + Each GCP project contains one or more VPC networks. Each VPC network is a + global entity spanning all GCP regions. This global VPC network allows VM + instances and other resources to communicate with each other via internal, + private IP addresses. + + Each VPC network is subdivided into subnets, and each subnet is contained + within a single region. You can have more than one subnet in a region for + a given VPC network. Each subnet has a contiguous private RFC1918 IP + space. You create instances, containers, and the like in these subnets. + When you create an instance, you must create it in a subnet, and the + instance draws its internal IP address from that subnet. + + Virtual machine (VM) instances in a VPC network can communicate with + instances in all other subnets of the same VPC network, regardless of + region, using their RFC1918 private IP addresses. You can isolate portions + of the network, even entire subnets, using firewall rules. +references: + guides: + 'Private Google Access': 'https://cloud.google.com/vpc/docs/configure-private-google-access' + 'Cloud Networking': 'https://cloud.google.com/vpc/docs/using-vpc' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/subnetworks' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +iam_policy: + allowed_iam_role: 'roles/compute.networkUser' + parent_resource_attribute: 'subnetwork' + iam_conditions_request_type: 'QUERY_PARAM' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/subnetwork.tmpl' + constants: 'templates/terraform/constants/go/subnetwork.tmpl' +custom_diff: + - 'customdiff.ForceNewIfChange("ip_cidr_range", IsShrinkageIpCidr)' +examples: + - name: 'subnetwork_basic' + primary_resource_id: 'network-with-private-secondary-ip-ranges' + primary_resource_name: 'fmt.Sprintf("tf-test-test-subnetwork%s", context["random_suffix"])' + vars: + subnetwork_name: 'test-subnetwork' + network_name: 'test-network' + - name: 'subnetwork_logging_config' + primary_resource_id: 'subnet-with-logging' + vars: + subnetwork_name: 'log-test-subnetwork' + network_name: 'log-test-network' + - name: 'subnetwork_internal_l7lb' + primary_resource_id: 'network-for-l7lb' + min_version: 'beta' + vars: + subnetwork_name: 'l7lb-test-subnetwork' + network_name: 'l7lb-test-network' + - name: 'subnetwork_ipv6' + primary_resource_id: 'subnetwork-ipv6' + vars: + subnetwork_name: 'ipv6-test-subnetwork' + network_name: 'ipv6-test-network' + - name: 'subnetwork_internal_ipv6' + primary_resource_id: 'subnetwork-internal-ipv6' + vars: + subnetwork_name: 'internal-ipv6-test-subnetwork' + network_name: 'internal-ipv6-test-network' + - name: 'subnetwork_purpose_private_nat' + primary_resource_id: 'subnetwork-purpose-private-nat' + min_version: 'beta' + vars: + subnetwork_name: 'subnet-purpose-test-subnetwork' + network_name: 'subnet-purpose-test-network' + - name: 'subnetwork_cidr_overlap' + primary_resource_id: 'subnetwork-cidr-overlap' + min_version: 'beta' + vars: + subnetwork_name: 'subnet-cidr-overlap' + network_name: 'net-cidr-overlap' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + - name: 'gatewayAddress' + type: String + description: | + The gateway address for default routes to reach destination addresses + outside this subnetwork. + output: true + - name: 'ipCidrRange' + type: String + description: | + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + required: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/expandIpCidrRange' + update_verb: 'POST' + validation: + function: 'verify.ValidateIpCidrRange' + - name: 'name' + type: String + description: | + The name of the resource, provided by the client when initially + creating the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'network' + type: ResourceRef + description: | + The network this subnet belongs to. + Only networks that are in the distributed mode can have subnetworks. + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' + - name: 'purpose' + type: String + description: | + The purpose of the resource. This field can be either `PRIVATE_RFC_1918`, `REGIONAL_MANAGED_PROXY`, `GLOBAL_MANAGED_PROXY`, `PRIVATE_SERVICE_CONNECT` or `PRIVATE_NAT`([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)). + A subnet with purpose set to `REGIONAL_MANAGED_PROXY` is a user-created subnetwork that is reserved for regional Envoy-based load balancers. + A subnetwork in a given region with purpose set to `GLOBAL_MANAGED_PROXY` is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. + A subnetwork with purpose set to `PRIVATE_SERVICE_CONNECT` reserves the subnet for hosting a Private Service Connect published service. + A subnetwork with purpose set to `PRIVATE_NAT` is used as source range for Private NAT gateways. + Note that `REGIONAL_MANAGED_PROXY` is the preferred setting for all regional Envoy load balancers. + If unspecified, the purpose defaults to `PRIVATE_RFC_1918`. + immutable: true + default_from_api: true + - name: 'role' + type: Enum + description: | + The role of subnetwork. + Currently, this field is only used when `purpose` is `REGIONAL_MANAGED_PROXY`. + The value can be set to `ACTIVE` or `BACKUP`. + An `ACTIVE` subnetwork is one that is currently being used for Envoy-based load balancers in a region. + A `BACKUP` subnetwork is one that is ready to be promoted to `ACTIVE` or is currently draining. + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + update_id: 'role' + fingerprint_name: 'fingerprint' + enum_values: + - 'ACTIVE' + - 'BACKUP' + - name: 'secondaryIpRange' + type: Array + description: | + An array of configurations for secondary IP ranges for VM instances + contained in this subnetwork. The primary IP of such VM must belong + to the primary ipCidrRange of the subnetwork. The alias IPs may belong + to either primary or secondary ranges. + + **Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid + breaking users during the 0.12 upgrade. To explicitly send a list + of zero objects you must use the following syntax: + `example=[]` + For more details about this behavior, see [this section](https://www.terraform.io/docs/configuration/attr-as-blocks.html#defining-a-fixed-object-collection-value). + api_name: secondaryIpRanges + unordered_list: true + schema_config_mode_attr: true + default_from_api: true + send_empty_value: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + update_id: 'secondaryIpRanges' + fingerprint_name: 'fingerprint' + item_type: + type: NestedObject + properties: + - name: 'rangeName' + type: String + description: | + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + required: true + validation: + function: 'verify.ValidateGCEName' + - name: 'ipCidrRange' + type: String + description: | + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + required: true + validation: + function: 'verify.ValidateIpCidrRange' + - name: 'privateIpGoogleAccess' + type: Boolean + description: | + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + default_from_api: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/setPrivateIpGoogleAccess' + update_verb: 'POST' + - name: 'privateIpv6GoogleAccess' + type: String + description: The private IPv6 google access type for the VMs in this subnet. + default_from_api: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + fingerprint_name: 'fingerprint' + - name: 'region' + type: ResourceRef + description: | + The GCP region for this subnetwork. + required: false + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' + - name: 'logConfig' + type: NestedObject + description: | + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet `purpose` field is set to subnetwork is + `REGIONAL_MANAGED_PROXY` or `GLOBAL_MANAGED_PROXY`. + send_empty_value: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + update_id: 'logConfig' + fingerprint_name: 'fingerprint' + custom_flatten: 'templates/terraform/custom_flatten/go/subnetwork_log_config.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/subnetwork_log_config.go.tmpl' + properties: + - name: 'aggregationInterval' + type: Enum + description: | + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. + at_least_one_of: + - 'log_config.0.aggregation_interval' + - 'log_config.0.flow_sampling' + - 'log_config.0.metadata' + - 'log_config.0.filterExpr' + default_value: "INTERVAL_5_SEC" + enum_values: + - 'INTERVAL_5_SEC' + - 'INTERVAL_30_SEC' + - 'INTERVAL_1_MIN' + - 'INTERVAL_5_MIN' + - 'INTERVAL_10_MIN' + - 'INTERVAL_15_MIN' + - name: 'flowSampling' + type: Double + description: | + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + at_least_one_of: + - 'log_config.0.aggregation_interval' + - 'log_config.0.flow_sampling' + - 'log_config.0.metadata' + - 'log_config.0.filterExpr' + default_value: 0.5 + - name: 'metadata' + type: Enum + description: | + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. + at_least_one_of: + - 'log_config.0.aggregation_interval' + - 'log_config.0.flow_sampling' + - 'log_config.0.metadata' + - 'log_config.0.filterExpr' + default_value: "INCLUDE_ALL_METADATA" + enum_values: + - 'EXCLUDE_ALL_METADATA' + - 'INCLUDE_ALL_METADATA' + - 'CUSTOM_METADATA' + - name: 'metadataFields' + type: Array + description: | + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + is_set: true + item_type: + type: String + - name: 'filterExpr' + type: String + description: | + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + at_least_one_of: + - 'log_config.0.aggregation_interval' + - 'log_config.0.flow_sampling' + - 'log_config.0.metadata' + - 'log_config.0.filterExpr' + default_value: "true" + - name: 'stackType' + type: Enum + description: | + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. + default_from_api: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + fingerprint_name: 'fingerprint' + enum_values: + - 'IPV4_ONLY' + - 'IPV4_IPV6' + - name: 'ipv6AccessType' + type: Enum + description: | + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + fingerprint_name: 'fingerprint' + enum_values: + - 'EXTERNAL' + - 'INTERNAL' + - name: 'ipv6CidrRange' + type: String + description: | + The range of internal IPv6 addresses that are owned by this subnetwork. + output: true + - name: 'internalIpv6Prefix' + type: String + description: | + The internal IPv6 address range that is assigned to this subnetwork. + output: true + - name: 'externalIpv6Prefix' + type: String + description: | + The range of external IPv6 addresses that are owned by this subnetwork. + default_from_api: true + - name: 'allowSubnetCidrRoutesOverlap' + type: Boolean + description: | + Typically packets destined to IPs within the subnetwork range that do not match + existing resources are dropped and prevented from leaving the VPC. + Setting this field to true will allow these packets to match dynamic routes injected + via BGP even if their destinations match existing subnet ranges. + min_version: 'beta' + default_from_api: true + send_empty_value: true + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}' + update_verb: 'PATCH' + fingerprint_name: 'fingerprint' diff --git a/mmv1/products/compute/go_TargetGrpcProxy.yaml b/mmv1/products/compute/go_TargetGrpcProxy.yaml new file mode 100644 index 000000000000..74b096d7d4b5 --- /dev/null +++ b/mmv1/products/compute/go_TargetGrpcProxy.yaml @@ -0,0 +1,118 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetGrpcProxy' +kind: 'compute#targetGrpcProxy' +description: | + Represents a Target gRPC Proxy resource. A target gRPC proxy is a component + of load balancers intended for load balancing gRPC traffic. Global forwarding + rules reference a target gRPC proxy. The Target gRPC Proxy references + a URL map which specifies how traffic routes to gRPC backend services. +references: + guides: + 'Using Target gRPC Proxies': 'https://cloud.google.com/traffic-director/docs/proxyless-overview' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/targetGrpcProxies' +docs: +base_url: 'projects/{{project}}/global/targetGrpcProxies' +has_self_link: true +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'target_grpc_proxy_basic' + primary_resource_id: 'default' + vars: + proxy_name: 'proxy' + urlmap_name: 'urlmap' + backend_name: 'backend' + healthcheck_name: 'healthcheck' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource + is created. The name must be 1-63 characters long, and comply + with RFC1035. Specifically, the name must be 1-63 characters long + and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + immutable: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'selfLinkWithId' + type: String + description: 'Server-defined URL with id for the resource.' + output: true + - name: 'urlMap' + type: String + description: | + URL to the UrlMap resource that defines the mapping from URL to + the BackendService. The protocol field in the BackendService + must be set to GRPC. + immutable: true + update_id: 'urlMap' + fingerprint_name: 'fingerprint' + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'validateForProxyless' + type: Boolean + description: | + If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to + immutable: true + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + output: true diff --git a/mmv1/products/compute/go_TargetHttpProxy.yaml b/mmv1/products/compute/go_TargetHttpProxy.yaml new file mode 100644 index 000000000000..aceddd3b42da --- /dev/null +++ b/mmv1/products/compute/go_TargetHttpProxy.yaml @@ -0,0 +1,119 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetHttpProxy' +kind: 'compute#targetHttpProxy' +description: | + Represents a TargetHttpProxy resource, which is used by one or more global + forwarding rule to route incoming HTTP requests to a URL map. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetHttpProxies' +docs: +base_url: 'projects/{{project}}/global/targetHttpProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'target_http_proxy_basic' + primary_resource_id: 'default' + vars: + target_http_proxy_name: 'test-proxy' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + - name: 'target_http_proxy_http_keep_alive_timeout' + primary_resource_id: 'default' + vars: + target_http_proxy_name: 'test-http-keep-alive-timeout-proxy' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + - name: 'target_http_proxy_https_redirect' + primary_resource_id: 'default' + vars: + target_http_proxy_name: 'test-https-redirect-proxy' + url_map_name: 'url-map' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - name: 'urlMap' + type: ResourceRef + description: | + A reference to the UrlMap resource that defines the mapping from URL + to the BackendService. + required: true + update_url: 'projects/{{project}}/targetHttpProxies/{{name}}/setUrlMap' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'UrlMap' + imports: 'selfLink' + - name: 'proxyBind' + type: Boolean + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + default_from_api: true + - name: 'httpKeepAliveTimeoutSec' + type: Integer + description: | + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (610 seconds) will be used. For Global + external HTTP(S) load balancer, the minimum allowed value is 5 seconds and + the maximum allowed value is 1200 seconds. For Global external HTTP(S) + load balancer (classic), this option is not available publicly. diff --git a/mmv1/products/compute/go_TargetHttpsProxy.yaml b/mmv1/products/compute/go_TargetHttpsProxy.yaml new file mode 100644 index 000000000000..f37b0918cc8e --- /dev/null +++ b/mmv1/products/compute/go_TargetHttpsProxy.yaml @@ -0,0 +1,233 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetHttpsProxy' +kind: 'compute#targetHttpsProxy' +description: | + Represents a TargetHttpsProxy resource, which is used by one or more + global forwarding rule to route incoming HTTPS requests to a URL map. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies' +docs: +base_url: 'projects/{{project}}/global/targetHttpsProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + encoder: 'templates/terraform/encoders/go/compute_target_https_proxy.go.tmpl' + update_encoder: 'templates/terraform/encoders/go/compute_target_https_proxy.go.tmpl' + decoder: 'templates/terraform/decoders/go/compute_target_https_proxy.go.tmpl' +examples: + - name: 'target_https_proxy_basic' + primary_resource_id: 'default' + vars: + target_https_proxy_name: 'test-proxy' + ssl_certificate_name: 'my-certificate' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + - name: 'target_https_proxy_http_keep_alive_timeout' + primary_resource_id: 'default' + vars: + target_https_proxy_name: 'test-http-keep-alive-timeout-proxy' + ssl_certificate_name: 'my-certificate' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + - name: 'target_https_proxy_mtls' + primary_resource_id: 'default' + min_version: 'beta' + vars: + target_https_proxy_name: 'test-mtls-proxy' + ssl_certificate_name: 'my-certificate' + url_map_name: 'url-map' + backend_service_name: 'backend-service' + http_health_check_name: 'http-health-check' + server_tls_policy_name: 'my-tls-policy' + trust_config_name: 'my-trust-config' + - name: 'target_https_proxy_certificate_manager_certificate' + primary_resource_id: 'default' + vars: + target_https_proxy_name: 'target-http-proxy' + certificate_manager_certificate_name: 'my-certificate' + url_map_name: 'url-map' + backend_service_name: 'backend-service' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'quicOverride' + type: Enum + description: | + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, Google manages whether QUIC is used. + update_url: 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setQuicOverride' + update_verb: 'POST' + custom_flatten: 'templates/terraform/custom_flatten/go/default_if_empty.tmpl' + default_value: "NONE" + enum_values: + - 'NONE' + - 'ENABLE' + - 'DISABLE' + - name: 'tlsEarlyData' + type: Enum + description: | + Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. + Early Data allows a TLS resumption handshake to include the initial application payload + (a HTTP request) alongside the handshake, reducing the effective round trips to “zero”. + This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). + default_from_api: true + enum_values: + - 'STRICT' + - 'PERMISSIVE' + - 'DISABLED' + - name: 'certificateManagerCertificates' + type: Array + description: | + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Certificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED. + For EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead. + sslCertificates and certificateManagerCertificates fields can not be defined together. + Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the self_link `projects/{project}/locations/{location}/certificates/{resourceName}` + update_url: 'projects/{{project}}/targetHttpsProxies/{{name}}/setSslCertificates' + update_verb: 'POST' + conflicts: + - ssl_certificates + diff_suppress_func: 'tpgresource.CompareResourceNames' + custom_expand: 'templates/terraform/custom_expand/go/certificate_manager_certificate_construct_full_url.go.tmpl' + item_type: + type: String + - name: 'sslCertificates' + type: Array + description: | + URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates can not be defined together. + update_url: 'projects/{{project}}/targetHttpsProxies/{{name}}/setSslCertificates' + update_verb: 'POST' + conflicts: + - certificate_manager_certificates + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'sslCertificate' + type: ResourceRef + description: 'The SSL certificate URL used by this TargetHttpsProxy' + resource: 'SslCertificate' + imports: 'selfLink' + - name: 'certificateMap' + type: String + description: | + A reference to the CertificateMap resource uri that identifies a certificate map + associated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. + For INTERNAL_MANAGED, use certificate_manager_certificates instead. + Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. + update_url: 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setCertificateMap' + update_verb: 'POST' + - name: 'sslPolicy' + type: ResourceRef + description: | + A reference to the SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + update_url: 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setSslPolicy' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'SslPolicy' + imports: 'selfLink' + - name: 'urlMap' + type: ResourceRef + description: | + A reference to the UrlMap resource that defines the mapping from URL + to the BackendService. + required: true + update_url: 'projects/{{project}}/targetHttpsProxies/{{name}}/setUrlMap' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'UrlMap' + imports: 'selfLink' + - name: 'proxyBind' + type: Boolean + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + default_from_api: true + - name: 'httpKeepAliveTimeoutSec' + type: Integer + description: | + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (610 seconds) will be used. For Global + external HTTP(S) load balancer, the minimum allowed value is 5 seconds and + the maximum allowed value is 1200 seconds. For Global external HTTP(S) + load balancer (classic), this option is not available publicly. + - name: 'serverTlsPolicy' + type: ResourceRef + description: | + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + resource: 'SslPolicy' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_TargetInstance.yaml b/mmv1/products/compute/go_TargetInstance.yaml new file mode 100644 index 000000000000..3f9b985e344b --- /dev/null +++ b/mmv1/products/compute/go_TargetInstance.yaml @@ -0,0 +1,143 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetInstance' +kind: 'compute#targetInstance' +description: | + Represents a TargetInstance resource which defines an endpoint instance + that terminates traffic of certain protocols. In particular, they are used + in Protocol Forwarding, where forwarding rules can send packets to a + non-NAT'ed target instance. Each target instance contains a single + virtual machine instance that receives and handles traffic from the + corresponding forwarding rules. +references: + guides: + 'Using Protocol Forwarding': 'https://cloud.google.com/compute/docs/protocol-forwarding' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetInstances' +docs: +base_url: 'projects/{{project}}/zones/{{zone}}/targetInstances' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + post_create: 'templates/terraform/post_create/go/compute_target_instance_security_policy.go.tmpl' +examples: + - name: 'target_instance_basic' + primary_resource_id: 'default' + vars: + target_name: 'target' + instance_name: 'target-vm' + - name: 'target_instance_custom_network' + primary_resource_id: 'custom_network' + min_version: 'beta' + vars: + target_name: 'custom-network' + instance_name: 'custom-network-target-vm' + - name: 'target_instance_with_security_policy' + primary_resource_id: 'default' + min_version: 'beta' + vars: + network_name: 'custom-default-network' + subnetname_name: 'custom-default-subnet' + instance_name: 'target-vm' + region_sec_policy: 'region-secpolicy' + target_name: 'target-instance' +parameters: + - name: 'zone' + type: ResourceRef + description: | + URL of the zone where the target instance resides. + required: false + immutable: true + default_from_api: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Zone' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'network' + type: String + description: + 'The URL of the network this target instance uses to forward traffic. If + not specified, the traffic will be forwarded to the network that the + default network interface belongs to.' + min_version: 'beta' + immutable: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + - name: 'instance' + type: ResourceRef + description: | + The Compute instance VM handling traffic for this target instance. + Accepts the instance self-link, relative path + (e.g. `projects/project/zones/zone/instances/instance`) or name. If + name is given, the zone will default to the given zone or + the provider-default zone and the project will default to the + provider-level project. + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + custom_expand: 'templates/terraform/custom_expand/go/self_link_from_name.tmpl' + resource: 'Instance' + imports: 'selfLink' + - name: 'natPolicy' + type: Enum + description: | + NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. + immutable: true + default_value: "NO_NAT" + enum_values: + - 'NO_NAT' + - name: 'securityPolicy' + type: String + description: | + The resource URL for the security policy associated with this target instance. + min_version: 'beta' + update_url: 'projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}/setSecurityPolicy' + update_verb: 'POST' diff --git a/mmv1/products/compute/go_TargetSslProxy.yaml b/mmv1/products/compute/go_TargetSslProxy.yaml new file mode 100644 index 000000000000..f77aac55132b --- /dev/null +++ b/mmv1/products/compute/go_TargetSslProxy.yaml @@ -0,0 +1,146 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetSslProxy' +kind: 'compute#targetSslProxy' +description: | + Represents a TargetSslProxy resource, which is used by one or more + global forwarding rule to route incoming SSL requests to a backend + service. +references: + guides: + 'Setting Up SSL proxy for Google Cloud Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetSslProxies' +docs: +base_url: 'projects/{{project}}/global/targetSslProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'target_ssl_proxy_basic' + primary_resource_id: 'default' + vars: + target_ssl_proxy_name: 'test-proxy' + ssl_certificate_name: 'default-cert' + backend_service_name: 'backend-service' + health_check_name: 'health-check' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to + the backend. + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setProxyHeader' + update_verb: 'POST' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'backendService' + type: ResourceRef + description: | + A reference to the BackendService resource. + api_name: service + required: true + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setBackendService' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'sslCertificates' + type: Array + description: | + A list of SslCertificate resources that are used to authenticate + connections between users and the load balancer. At least one + SSL certificate must be specified. + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setSslCertificates' + update_verb: 'POST' + exactly_one_of: + - 'sslCertificates' + - 'certificateMap' + custom_expand: 'templates/terraform/custom_expand/go/array_resourceref_with_validation.go.tmpl' + item_type: + name: 'sslCertificate' + type: ResourceRef + description: 'The SSL certificates used by this TargetSslProxy' + resource: 'SslCertificate' + imports: 'selfLink' + - name: 'certificateMap' + type: String + description: | + A reference to the CertificateMap resource uri that identifies a certificate map + associated with the given target proxy. This field can only be set for global target proxies. + Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setCertificateMap' + update_verb: 'POST' + exactly_one_of: + - 'sslCertificates' + - 'certificateMap' + - name: 'sslPolicy' + type: ResourceRef + description: | + A reference to the SslPolicy resource that will be associated with + the TargetSslProxy resource. If not set, the TargetSslProxy + resource will not have any SSL policy configured. + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setSslPolicy' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'SslPolicy' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_TargetTcpProxy.yaml b/mmv1/products/compute/go_TargetTcpProxy.yaml new file mode 100644 index 000000000000..e135ab5eed35 --- /dev/null +++ b/mmv1/products/compute/go_TargetTcpProxy.yaml @@ -0,0 +1,111 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetTcpProxy' +kind: 'compute#targetTcpProxy' +description: | + Represents a TargetTcpProxy resource, which is used by one or more + global forwarding rule to route incoming TCP requests to a Backend + service. +references: + guides: + 'Setting Up TCP proxy for Google Cloud Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/tcp-proxy' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetTcpProxies' +docs: +base_url: 'projects/{{project}}/global/targetTcpProxies' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'target_tcp_proxy_basic' + primary_resource_id: 'default' + vars: + target_tcp_proxy_name: 'test-proxy' + backend_service_name: 'backend-service' + health_check_name: 'health-check' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'description' + type: String + description: 'An optional description of this resource.' + immutable: true + - name: 'proxyId' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - name: 'proxyHeader' + type: Enum + description: | + Specifies the type of proxy header to append before sending data to + the backend. + update_url: 'projects/{{project}}/global/targetTcpProxies/{{name}}/setProxyHeader' + update_verb: 'POST' + default_value: "NONE" + enum_values: + - 'NONE' + - 'PROXY_V1' + - name: 'backendService' + type: ResourceRef + description: | + A reference to the BackendService resource. + api_name: service + required: true + update_url: 'projects/{{project}}/global/targetTcpProxies/{{name}}/setBackendService' + update_verb: 'POST' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'proxyBind' + type: Boolean + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + default_from_api: true diff --git a/mmv1/products/compute/go_UrlMap.yaml b/mmv1/products/compute/go_UrlMap.yaml new file mode 100644 index 000000000000..c6febafa9843 --- /dev/null +++ b/mmv1/products/compute/go_UrlMap.yaml @@ -0,0 +1,2762 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'UrlMap' +kind: 'compute#urlMap' +description: | + UrlMaps are used to route requests to a backend service based on rules + that you define for the host and path of an incoming URL. +references: + guides: + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/urlMaps' +docs: +base_url: 'projects/{{project}}/global/urlMaps' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: +examples: + - name: 'url_map_bucket_and_service' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + login_backend_service_name: 'login' + http_health_check_name: 'health-check' + backend_bucket_name: 'static-asset-backend-bucket' + storage_bucket_name: 'static-asset-bucket' + - name: 'url_map_traffic_director_route' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + home_backend_service_name: 'home' + health_check_name: 'health-check' + - name: 'url_map_traffic_director_route_partial' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + home_backend_service_name: 'home' + health_check_name: 'health-check' + - name: 'url_map_traffic_director_path' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + home_backend_service_name: 'home' + health_check_name: 'health-check' + - name: 'url_map_traffic_director_path_partial' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + home_backend_service_name: 'home' + health_check_name: 'health-check' + - name: 'url_map_header_based_routing' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + default_backend_service_name: 'default' + service_a_backend_service_name: 'service-a' + service_b_backend_service_name: 'service-b' + health_check_name: 'health-check' + - name: 'url_map_parameter_based_routing' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + default_backend_service_name: 'default' + service_a_backend_service_name: 'service-a' + service_b_backend_service_name: 'service-b' + health_check_name: 'health-check' + - name: 'external_http_lb_mig_backend' + primary_resource_id: 'default' + vars: + lb_backend_template: 'lb-backend-template' + lb_backend_example: 'lb-backend-example' + fw_allow_health_check: 'fw-allow-health-check' + lb_ipv4_1: 'lb-ipv4-1' + http_basic_check: 'http-basic-check' + web_backend_service: 'web-backend-service' + web_map_http: 'web-map-http' + http_lb_proxy: 'http-lb-proxy' + http_content_rule: 'http-content-rule' + ignore_read_extra: + - 'metadata' + - 'metadata_startup_script' + skip_test: true + skip_docs: true + - name: 'url_map_path_template_match' + primary_resource_id: 'urlmap' + vars: + url_map_name: 'urlmap' + cart_backend_service_name: 'cart-service' + user_backend_service_name: 'user-service' + http_health_check_name: 'health-check' + backend_bucket_name: 'static-asset-backend-bucket' + storage_bucket_name: 'static-asset-bucket' + - name: 'url_map_custom_error_response_policy' + primary_resource_id: 'urlmap' + min_version: 'beta' + vars: + url_map_name: 'urlmap' + backend_service_name: 'login' + http_health_check_name: 'health-check' + storage_bucket_name: 'static-asset-bucket' + error_backend_bucket_name: 'error-backend-bucket' +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'defaultService' + type: ResourceRef + description: |- + The backend service or backend bucket to use when none of the given rules match. + exactly_one_of: + - 'default_service' + - 'default_url_redirect' + - 'default_route_action.0.weighted_backend_services' + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create + the resource. + - name: 'map_id' + type: Integer + description: 'The unique identifier for the resource.' + api_name: id + output: true + - name: 'fingerprint' + type: Fingerprint + description: | + Fingerprint of this resource. A hash of the contents stored in this object. This + field is used in optimistic locking. + output: true + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + at_least_one_of: + - 'header_action.0.request_headers_to_add' + - 'header_action.0.request_headers_to_remove' + - 'header_action.0.response_headers_to_add' + - 'header_action.0.response_headers_to_remove' + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + at_least_one_of: + - 'header_action.0.request_headers_to_add' + - 'header_action.0.request_headers_to_remove' + - 'header_action.0.response_headers_to_add' + - 'header_action.0.response_headers_to_remove' + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + at_least_one_of: + - 'header_action.0.request_headers_to_add' + - 'header_action.0.request_headers_to_remove' + - 'header_action.0.response_headers_to_add' + - 'header_action.0.response_headers_to_remove' + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + at_least_one_of: + - 'header_action.0.request_headers_to_add' + - 'header_action.0.request_headers_to_remove' + - 'header_action.0.response_headers_to_add' + - 'header_action.0.response_headers_to_remove' + item_type: + type: String + - name: 'host_rule' + type: Array + description: | + The list of HostRules to use against the URL. + api_name: hostRules + is_set: true + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create + the resource. + - name: 'hosts' + type: Array + description: | + The list of host patterns to match. They must be valid hostnames, except * will + match any string of ([a-z0-9-.]*). In that case, * must be the first character + and must be followed in the pattern by either - or .. + is_set: true + required: true + item_type: + type: String + - name: 'pathMatcher' + type: String + description: | + The name of the PathMatcher to use to match the path portion of the URL if the + hostRule matches the URL's host portion. + required: true + - name: 'name' + type: String + description: | + Name of the resource. Provided by the client when the resource is created. The + name must be 1-63 characters long, and comply with RFC1035. Specifically, the + name must be 1-63 characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase + letter, and all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + immutable: true + - name: 'path_matcher' + type: Array + description: | + The list of named PathMatchers to use against the URL. + api_name: pathMatchers + item_type: + type: NestedObject + properties: + - name: 'defaultService' + type: ResourceRef + description: The backend service or backend bucket to use when none of the given paths match. + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'description' + type: String + description: | + An optional description of this resource. Provide this property when you create + the resource. + - name: 'defaultCustomErrorResponsePolicy' + type: NestedObject + description: | + defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + + This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. + + For example, consider a UrlMap with the following configuration: + + UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors + A RouteRule for /coming_soon/ is configured for the error code 404. + If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. + + When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. + + defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers. + min_version: 'beta' + properties: + - name: 'errorResponseRule' + type: Array + description: | + Specifies rules for returning error responses. + In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. + For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). + If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. + api_name: errorResponseRules + item_type: + type: NestedObject + properties: + - name: 'matchResponseCodes' + type: Array + description: | + Valid values include: + - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. + - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. + - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. + Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. + item_type: + type: String + - name: 'path' + type: String + description: | + The full path to a file within backendBucket . For example: /errors/defaultError.html + path must start with a leading slash. path cannot have trailing slashes. + If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. + The value must be from 1 to 1024 characters + - name: 'overrideResponseCode' + type: Integer + description: | + The HTTP status code returned with the response containing the custom error content. + If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. + - name: 'errorService' + type: ResourceRef + description: | + The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: + https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket + compute/v1/projects/project/global/backendBuckets/myBackendBucket + global/backendBuckets/myBackendBucket + If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. + If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). + resource: 'BackendBucket' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'name' + type: String + description: | + The name to which this PathMatcher is referred by the HostRule. + required: true + - name: 'path_rule' + type: Array + description: | + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + api_name: pathRules + item_type: + type: NestedObject + properties: + - name: 'service' + type: ResourceRef + description: The backend service or backend bucket to use if any of the given paths match. + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'paths' + type: Array + description: | + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + is_set: true + required: true + item_type: + type: String + - name: 'customErrorResponsePolicy' + type: NestedObject + description: | + customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. + For example, consider a UrlMap with the following configuration: + UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors + A PathRule for /coming_soon/ is configured for the error code 404. + If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. + customErrorResponsePolicy is supported only for global external Application Load Balancers. + min_version: 'beta' + properties: + - name: 'errorResponseRule' + type: Array + description: | + Specifies rules for returning error responses. + In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. + For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). + If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. + api_name: errorResponseRules + item_type: + type: NestedObject + properties: + - name: 'matchResponseCodes' + type: Array + description: | + Valid values include: + + - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. + - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. + - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. + + Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. + item_type: + type: String + - name: 'path' + type: String + description: | + The full path to a file within backendBucket . For example: /errors/defaultError.html + path must start with a leading slash. path cannot have trailing slashes. + If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. + The value must be from 1 to 1024 characters + - name: 'overrideResponseCode' + type: Integer + description: | + The HTTP status code returned with the response containing the custom error content. + If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. + - name: 'errorService' + type: ResourceRef + description: | + The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: + + https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket + compute/v1/projects/project/global/backendBuckets/myBackendBucket + global/backendBuckets/myBackendBucket + + If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. + If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). + resource: 'BackendBucket' + imports: 'selfLink' + - name: 'routeAction' + type: NestedObject + description: | + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + default_value: false + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + If true, specifies the CORS policy is disabled. + required: true + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + required: true + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + required: true + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + required: true + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + required: true + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - name: 'backendService' + type: ResourceRef + description: | + The BackendService resource being mirrored to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + properties: + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'retryConditions' + type: Array + description: | + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + for example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable + item_type: + type: String + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - name: 'hostRewrite' + type: String + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - name: 'pathPrefixRewrite' + type: String + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The default BackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + required: true + - name: 'urlRedirect' + type: NestedObject + description: | + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + required: true + - name: 'routeRules' + type: Array + description: | + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + item_type: + type: NestedObject + properties: + - name: 'priority' + type: Integer + description: | + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + required: true + - name: 'service' + type: ResourceRef + description: | + The backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'matchRules' + type: Array + description: | + The rules for determining a match. + item_type: + type: NestedObject + properties: + - name: 'fullPathMatch' + type: String + description: | + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + - name: 'headerMatches' + type: Array + description: | + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + item_type: + type: NestedObject + properties: + - name: 'exactMatch' + type: String + description: | + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - name: 'headerName' + type: String + description: | + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + required: true + - name: 'invertMatch' + type: Boolean + description: | + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + default_value: false + - name: 'prefixMatch' + type: String + description: | + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - name: 'presentMatch' + type: Boolean + description: | + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - name: 'rangeMatch' + type: NestedObject + description: | + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] - -3 will match. - 0 will + not match. - 0.25 will not match. - -3someString will not match. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + properties: + - name: 'rangeEnd' + type: Integer + description: | + The end of the range (exclusive). + required: true + - name: 'rangeStart' + type: Integer + description: | + The start of the range (inclusive). + required: true + - name: 'regexMatch' + type: String + description: | + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + - name: 'suffixMatch' + type: String + description: | + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - name: 'ignoreCase' + type: Boolean + description: | + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + default_value: false + - name: 'metadataFilters' + type: Array + description: | + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + item_type: + type: NestedObject + properties: + - name: 'filterLabels' + type: Array + description: | + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + required: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + required: true + - name: 'value' + type: String + description: | + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + required: true + min_size: 1 + max_size: 64 + - name: 'filterMatchCriteria' + type: Enum + description: | + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + - MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + - MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. + required: true + enum_values: + - 'MATCH_ALL' + - 'MATCH_ANY' + - name: 'prefixMatch' + type: String + description: | + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + - name: 'queryParameterMatches' + type: Array + description: | + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + item_type: + type: NestedObject + properties: + - name: 'exactMatch' + type: String + description: | + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + - name: 'name' + type: String + description: | + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + required: true + - name: 'presentMatch' + type: Boolean + description: | + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + - name: 'regexMatch' + type: String + description: | + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + - name: 'regexMatch' + type: String + description: | + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + - name: 'pathTemplateMatch' + type: String + description: | + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + - name: 'routeAction' + type: NestedObject + description: | + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + default_value: false + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + default_value: false + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - name: 'backendService' + type: ResourceRef + description: | + The BackendService resource being mirrored to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + properties: + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. + required: true + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction + is not set, will use the largest timeout among all backend services associated with the route. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'retryConditions' + type: Array + description: | + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + for example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable + item_type: + type: String + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + required: true + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - name: 'hostRewrite' + type: String + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - name: 'pathPrefixRewrite' + type: String + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - name: 'pathTemplateRewrite' + type: String + description: | + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The default BackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header. + required: true + - name: 'headerValue' + type: String + description: | + The value of the header to add. + required: true + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + required: true + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + item_type: + type: String + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + required: true + - name: 'urlRedirect' + type: NestedObject + description: | + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. If set + to false, the URL scheme of the redirected request will remain the same as that + of the request. This must only be set for UrlMaps used in TargetHttpProxys. + Setting this true for TargetHttpsProxy is not permitted. Defaults to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. Only one of pathRedirect or prefixRedirect must be + specified. The value must be between 1 and 1024 characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. Defaults to false. + default_value: false + - name: 'defaultUrlRedirect' + type: NestedObject + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + required: true + - name: 'defaultRouteAction' + type: NestedObject + description: | + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The full or partial URL to the default BackendService resource. Before forwarding the + request to backendService, the loadbalancer applies any relevant headerActions + specified as part of this backendServiceWeight. + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000 + validation: + function: 'validation.IntBetween(0, 1000)' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + item_type: + type: String + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header to add. + - name: 'headerValue' + type: String + description: | + The value of the header to add. + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header to add. + - name: 'headerValue' + type: String + description: | + The value of the header to add. + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, prior to forwarding the request to the matched service. + properties: + - name: 'pathPrefixRewrite' + type: String + description: | + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + - name: 'hostRewrite' + type: String + description: | + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + default_from_api: true + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + properties: + - name: 'retryConditions' + type: Array + description: | + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable + item_type: + type: String + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. + validation: + function: 'validation.IntAtLeast(1)' + default_value: 1 + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + - name: 'backendService' + type: ResourceRef + description: | + The full or partial URL to the BackendService resource being mirrored to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + properties: + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + item_type: + type: String + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + item_type: + type: String + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + default_value: false + - name: 'disabled' + type: Boolean + description: | + If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. + default_value: false + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + validation: + function: 'validation.FloatBetween(0, 100)' + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault injection. + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + validation: + function: 'validation.IntBetween(200, 599)' + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + validation: + function: 'validation.FloatBetween(0, 100)' + - name: 'defaultCustomErrorResponsePolicy' + type: NestedObject + description: | + defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + + This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. + + For example, consider a UrlMap with the following configuration: + + UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors + A RouteRule for /coming_soon/ is configured for the error code 404. + If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. + + When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. + + defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers. + min_version: 'beta' + properties: + - name: 'errorResponseRule' + type: Array + description: | + Specifies rules for returning error responses. + In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. + For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). + If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. + api_name: errorResponseRules + item_type: + type: NestedObject + properties: + - name: 'matchResponseCodes' + type: Array + description: | + Valid values include: + - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. + - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. + - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. + Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. + item_type: + type: String + - name: 'path' + type: String + description: | + The full path to a file within backendBucket. For example: /errors/defaultError.html + path must start with a leading slash. path cannot have trailing slashes. + If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. + The value must be from 1 to 1024 characters. + - name: 'overrideResponseCode' + type: Integer + description: | + The HTTP status code returned with the response containing the custom error content. + If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. + - name: 'errorService' + type: ResourceRef + description: | + The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: + + https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket + compute/v1/projects/project/global/backendBuckets/myBackendBucket + global/backendBuckets/myBackendBucket + + If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. + If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). + resource: 'BackendBucket' + imports: 'selfLink' + - name: 'test' + type: Array + description: | + The list of expected URL mapping tests. Request to update this UrlMap will + succeed only if all of the test cases pass. You can specify a maximum of 100 + tests per UrlMap. + api_name: tests + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + Description of this test case. + - name: 'host' + type: String + description: | + Host portion of the URL. + required: true + - name: 'path' + type: String + description: | + Path portion of the URL. + required: true + - name: 'service' + type: ResourceRef + description: The backend service or backend bucket link that should be matched by this test. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'defaultUrlRedirect' + type: NestedObject + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + conflicts: + - default_route_action + exactly_one_of: + - 'default_service' + - 'default_url_redirect' + - 'default_route_action.0.weighted_backend_services' + properties: + - name: 'hostRedirect' + type: String + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - name: 'httpsRedirect' + type: Boolean + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + default_value: false + - name: 'pathRedirect' + type: String + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - name: 'prefixRedirect' + type: String + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - name: 'redirectResponseCode' + type: Enum + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + enum_values: + - 'FOUND' + - 'MOVED_PERMANENTLY_DEFAULT' + - 'PERMANENT_REDIRECT' + - 'SEE_OTHER' + - 'TEMPORARY_REDIRECT' + skip_docs_values: true + - name: 'stripQuery' + type: Boolean + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. The default is set to false. + This field is required to ensure an empty block is not set. The normal default value is false. + required: true + - name: 'defaultRouteAction' + type: NestedObject + description: | + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions + like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. + If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService + is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + conflicts: + - default_url_redirect + properties: + - name: 'weightedBackendServices' + type: Array + description: | + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + exactly_one_of: + - 'default_service' + - 'default_url_redirect' + - 'default_route_action.0.weighted_backend_services' + item_type: + type: NestedObject + properties: + - name: 'backendService' + type: ResourceRef + description: | + The full or partial URL to the default BackendService resource. Before forwarding the + request to backendService, the loadbalancer applies any relevant headerActions + specified as part of this backendServiceWeight. + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'weight' + type: Integer + description: | + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000 + validation: + function: 'validation.IntBetween(0, 1000)' + - name: 'headerAction' + type: NestedObject + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + - name: 'requestHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + item_type: + type: String + - name: 'requestHeadersToAdd' + type: Array + description: | + Headers to add to a matching request prior to forwarding the request to the backendService. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header to add. + - name: 'headerValue' + type: String + description: | + The value of the header to add. + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - name: 'responseHeadersToRemove' + type: Array + description: | + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + item_type: + type: String + - name: 'responseHeadersToAdd' + type: Array + description: | + Headers to add the response prior to sending the response back to the client. + item_type: + type: NestedObject + properties: + - name: 'headerName' + type: String + description: | + The name of the header to add. + - name: 'headerValue' + type: String + description: | + The value of the header to add. + - name: 'replace' + type: Boolean + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - name: 'urlRewrite' + type: NestedObject + description: | + The spec to modify the URL of the request, prior to forwarding the request to the matched service. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'pathPrefixRewrite' + type: String + description: | + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + at_least_one_of: + - 'default_route_action.0.url_rewrite.0.path_prefix_rewrite' + - 'default_route_action.0.url_rewrite.0.host_rewrite' + - name: 'hostRewrite' + type: String + description: | + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + at_least_one_of: + - 'default_route_action.0.url_rewrite.0.path_prefix_rewrite' + - 'default_route_action.0.url_rewrite.0.host_rewrite' + - name: 'timeout' + type: NestedObject + description: | + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + default_from_api: true + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - 'default_route_action.0.timeout.0.seconds' + - 'default_route_action.0.timeout.0.nanos' + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - 'default_route_action.0.timeout.0.seconds' + - 'default_route_action.0.timeout.0.nanos' + - name: 'retryPolicy' + type: NestedObject + description: | + Specifies the retry policy associated with this route. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'retryConditions' + type: Array + description: | + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable + at_least_one_of: + - 'default_route_action.0.retry_policy.0.retry_conditions' + - 'default_route_action.0.retry_policy.0.num_retries' + - 'default_route_action.0.retry_policy.0.per_try_timeout' + item_type: + type: String + - name: 'numRetries' + type: Integer + description: | + Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.retry_conditions' + - 'default_route_action.0.retry_policy.0.num_retries' + - 'default_route_action.0.retry_policy.0.per_try_timeout' + validation: + function: 'validation.IntAtLeast(1)' + default_value: 1 + - name: 'perTryTimeout' + type: NestedObject + description: | + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.retry_conditions' + - 'default_route_action.0.retry_policy.0.num_retries' + - 'default_route_action.0.retry_policy.0.per_try_timeout' + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.seconds' + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.nanos' + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.seconds' + - 'default_route_action.0.retry_policy.0.per_try_timeout.0.nanos' + - name: 'requestMirrorPolicy' + type: NestedObject + description: | + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'backendService' + type: ResourceRef + description: | + The full or partial URL to the BackendService resource being mirrored to. + required: true + custom_expand: 'templates/terraform/custom_expand/go/reference_to_backend.tmpl' + resource: 'BackendService' + imports: 'selfLink' + - name: 'corsPolicy' + type: NestedObject + description: | + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'allowOrigins' + type: Array + description: | + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'allowOriginRegexes' + type: Array + description: | + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'allowMethods' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Methods header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'allowHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Allow-Headers header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'exposeHeaders' + type: Array + description: | + Specifies the content for the Access-Control-Expose-Headers header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + item_type: + type: String + - name: 'maxAge' + type: Integer + description: | + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + - name: 'allowCredentials' + type: Boolean + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + default_value: false + - name: 'disabled' + type: Boolean + description: | + If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. + at_least_one_of: + - 'default_route_action.0.cors_policy.0.allow_origins' + - 'default_route_action.0.cors_policy.0.allow_origin_regexes' + - 'default_route_action.0.cors_policy.0.allow_methods' + - 'default_route_action.0.cors_policy.0.allow_headers' + - 'default_route_action.0.cors_policy.0.expose_headers' + - 'default_route_action.0.cors_policy.0.max_age' + - 'default_route_action.0.cors_policy.0.allow_credentials' + - 'default_route_action.0.cors_policy.0.disabled' + default_value: false + - name: 'faultInjectionPolicy' + type: NestedObject + description: | + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + at_least_one_of: + - 'default_route_action.0.weighted_backend_services' + - 'default_route_action.0.url_rewrite' + - 'default_route_action.0.timeout' + - 'default_route_action.0.retry_policy' + - 'default_route_action.0.request_mirror_policy' + - 'default_route_action.0.cors_policy' + - 'default_route_action.0.fault_injection_policy' + properties: + - name: 'delay' + type: NestedObject + description: | + The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay' + - 'default_route_action.0.fault_injection_policy.0.abort' + properties: + - name: 'fixedDelay' + type: NestedObject + description: | + Specifies the value of the fixed delay interval. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay' + - 'default_route_action.0.fault_injection_policy.0.delay.0.percentage' + properties: + - name: 'seconds' + type: String + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds' + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos' + - name: 'nanos' + type: Integer + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds' + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos' + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay' + - 'default_route_action.0.fault_injection_policy.0.delay.0.percentage' + validation: + function: 'validation.FloatBetween(0, 100)' + - name: 'abort' + type: NestedObject + description: | + The specification for how client requests are aborted as part of fault injection. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.delay' + - 'default_route_action.0.fault_injection_policy.0.abort' + properties: + - name: 'httpStatus' + type: Integer + description: | + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.abort.0.http_status' + - 'default_route_action.0.fault_injection_policy.0.abort.0.percentage' + validation: + function: 'validation.IntBetween(200, 599)' + - name: 'percentage' + type: Double + description: | + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - 'default_route_action.0.fault_injection_policy.0.abort.0.http_status' + - 'default_route_action.0.fault_injection_policy.0.abort.0.percentage' + validation: + function: 'validation.FloatBetween(0, 100)' diff --git a/mmv1/products/compute/TargetVpnGateway.yaml b/mmv1/products/compute/go_VpnGateway.yaml similarity index 67% rename from mmv1/products/compute/TargetVpnGateway.yaml rename to mmv1/products/compute/go_VpnGateway.yaml index 7087bb6be486..54202d714178 100644 --- a/mmv1/products/compute/TargetVpnGateway.yaml +++ b/mmv1/products/compute/go_VpnGateway.yaml @@ -1,4 +1,4 @@ -# Copyright 2023 Google Inc. +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,43 +11,45 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- !ruby/object:Api::Resource +# Warning: This is a temporary file, and should not be edited directly +--- name: 'VpnGateway' kind: 'compute#targetVpnGateway' -base_url: projects/{{project}}/regions/{{region}}/targetVpnGateways -collection_url_key: 'items' -immutable: true -has_self_link: true description: | Represents a VPN gateway running in GCP. This virtual device is managed by Google, but used only by you. -references: !ruby/object:Api::Resource::ReferenceLinks - api: https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation +references: + guides: + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways' +docs: + warning: | + Classic VPN is deprecating certain functionality on October 31, 2021. For more information, + see the [Classic VPN partial deprecation page](https://cloud.google.com/network-connectivity/docs/vpn/deprecations/classic-vpn-deprecation). +base_url: 'projects/{{project}}/regions/{{region}}/targetVpnGateways' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' kind: 'compute#operation' path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result + result: path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error + resource_inside_response: false + error: path: 'error/errors' message: 'message' -docs: !ruby/object:Provider::Terraform::Docs - warning: | - Classic VPN is deprecating certain functionality on October 31, 2021. For more information, - see the [Classic VPN partial deprecation page](https://cloud.google.com/network-connectivity/docs/vpn/deprecations/classic-vpn-deprecation). +collection_url_key: 'items' +custom_code: examples: - - !ruby/object:Provider::Terraform::Examples - name: 'target_vpn_gateway_basic' + - name: 'target_vpn_gateway_basic' primary_resource_id: 'target_gateway' vars: target_vpn_gateway_name: 'vpn-1' @@ -59,27 +61,27 @@ examples: vpn_tunnel_name: 'tunnel1' route_name: 'route1' parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' + - name: 'region' + type: ResourceRef description: | The region this gateway should sit in. required: false default_from_api: true - custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' - custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' + - name: 'creationTimestamp' + type: Time description: 'Creation timestamp in RFC3339 text format.' output: true - - !ruby/object:Api::Type::String - name: 'description' + - name: 'description' + type: String description: 'An optional description of this resource.' immutable: true - - !ruby/object:Api::Type::String - name: 'name' + - name: 'name' + type: String description: | Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with @@ -90,17 +92,17 @@ properties: character, which cannot be a dash. required: true immutable: true - - !ruby/object:Api::Type::Integer - name: 'gateway_id' - api_name: 'id' + - name: 'gateway_id' + type: Integer description: 'The unique identifier for the resource.' + api_name: id output: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' + - name: 'network' + type: ResourceRef description: | The network this VPN gateway is accepting traffic for. required: true - custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.erb' immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Network' + imports: 'selfLink' diff --git a/mmv1/products/compute/go_VpnTunnel.yaml b/mmv1/products/compute/go_VpnTunnel.yaml new file mode 100644 index 000000000000..366e8934e306 --- /dev/null +++ b/mmv1/products/compute/go_VpnTunnel.yaml @@ -0,0 +1,230 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'VpnTunnel' +kind: 'compute#vpnTunnel' +description: 'VPN tunnel resource.' +references: + guides: + 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' + 'Networks and Tunnel Routing': 'https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels' +has_self_link: true +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + constants: 'templates/terraform/constants/go/vpn_tunnel.tmpl' + encoder: 'templates/terraform/encoders/go/vpn_tunnel.go.tmpl' + post_create: 'templates/terraform/post_create/go/labels.tmpl' +examples: + - name: 'vpn_tunnel_basic' + primary_resource_id: 'tunnel1' + vars: + vpn_tunnel_name: 'tunnel-1' + target_vpn_gateway_name: 'vpn-1' + network_name: 'network-1' + address_name: 'vpn-static-ip' + esp_forwarding_rule_name: 'fr-esp' + udp500_forwarding_rule_name: 'fr-udp500' + udp4500_forwarding_rule_name: 'fr-udp4500' + route_name: 'route1' +parameters: + - name: 'region' + type: ResourceRef + description: + 'The region where the tunnel is located. If unset, is set to the region of + `target_vpn_gateway`.' + required: false + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'name' +properties: + - name: 'tunnel_id' + type: String + description: + 'The unique identifier for the resource. This identifier is defined by the + server.' + api_name: id + output: true + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'name' + type: String + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 + characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character + must be a lowercase letter, and all following characters must + be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + - name: 'description' + type: String + description: | + An optional description of this resource. + immutable: true + - name: 'targetVpnGateway' + type: ResourceRef + description: | + URL of the Target VPN gateway with which this VPN tunnel is + associated. + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'VpnGateway' + imports: 'selfLink' + - name: 'vpnGateway' + type: ResourceRef + description: | + URL of the VPN gateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is created. + This field must reference a `google_compute_ha_vpn_gateway` resource. + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'HaVpnGateway' + imports: 'selfLink' + - name: 'vpnGatewayInterface' + type: Integer + description: | + The interface ID of the VPN gateway with which this VPN tunnel is associated. + immutable: true + send_empty_value: true + - name: 'peerExternalGateway' + type: ResourceRef + description: | + URL of the peer side external VPN gateway to which this VPN tunnel is connected. + immutable: true + conflicts: + - peer_gcp_gateway + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'ExternalVpnGateway' + imports: 'selfLink' + - name: 'peerExternalGatewayInterface' + type: Integer + description: | + The interface ID of the external VPN gateway to which this VPN tunnel is connected. + send_empty_value: true + - name: 'peerGcpGateway' + type: ResourceRef + description: | + URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. + If provided, the VPN tunnel will automatically use the same vpn_gateway_interface + ID in the peer GCP VPN gateway. + This field must reference a `google_compute_ha_vpn_gateway` resource. + conflicts: + - peer_external_gateway + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'HaVpnGateway' + imports: 'selfLink' + - name: 'router' + type: ResourceRef + description: | + URL of router resource to be used for dynamic routing. + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/compute_full_url.tmpl' + resource: 'Router' + imports: 'selfLink' + - name: 'peerIp' + type: String + description: | + IP address of the peer VPN gateway. Only IPv4 is supported. + default_from_api: true + validation: + function: 'validatePeerAddr' + - name: 'sharedSecret' + type: String + description: | + Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + required: true + ignore_read: true + sensitive: true + - name: 'sharedSecretHash' + type: String + description: | + Hash of the shared secret. + output: true + - name: 'ikeVersion' + type: Integer + description: | + IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + default_value: 2 + - name: 'localTrafficSelector' + type: Array + description: | + Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example `192.168.0.0/16`. The ranges should be disjoint. + Only IPv4 is supported. + is_set: true + default_from_api: true + item_type: + type: String + - name: 'remoteTrafficSelector' + type: Array + description: | + Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example `192.168.0.0/16`. The ranges should be disjoint. + Only IPv4 is supported. + is_set: true + default_from_api: true + item_type: + type: String + - name: 'labels' + type: KeyValueLabels + description: Labels to apply to this VpnTunnel. + immutable: false + update_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}/setLabels' + update_verb: 'POST' + - name: 'labelFingerprint' + type: Fingerprint + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + output: true + update_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}/setLabels' + update_verb: 'POST' + key_expander: '' + - name: 'detailedStatus' + type: String + description: 'Detailed status message for the VPN tunnel.' + output: true diff --git a/mmv1/products/compute/go_Zone.yaml b/mmv1/products/compute/go_Zone.yaml new file mode 100644 index 000000000000..a88b4719203a --- /dev/null +++ b/mmv1/products/compute/go_Zone.yaml @@ -0,0 +1,117 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Zone' +kind: 'compute#zone' +description: 'Represents a Zone resource.' +# Used as a resource reference +exclude: true +readonly: true +docs: +base_url: 'projects/{{project}}/zones' +has_self_link: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +custom_code: +parameters: +properties: + - name: 'creationTimestamp' + type: Time + description: 'Creation timestamp in RFC3339 text format.' + output: true + - name: 'deprecated' + type: NestedObject + description: 'The deprecation status associated with this machine type.' + output: true + properties: + - name: 'deleted' + type: Time + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DELETED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - name: 'deprecated' + type: Time + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DEPRECATED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - name: 'obsolete' + type: Time + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to OBSOLETE. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - name: 'replacement' + type: String + description: | + The URL of the suggested replacement for a deprecated resource. + The suggested replacement resource must be the same kind of + resource as the deprecated resource. + output: true + - name: 'state' + type: Enum + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource + using a DEPRECATED resource will return successfully, but with a + warning indicating the deprecated resource and recommending its + replacement. Operations which use OBSOLETE or DELETED resources + will be rejected and result in an error. + output: true + enum_values: + - 'DEPRECATED' + - 'OBSOLETE' + - 'DELETED' + - name: 'description' + type: String + description: 'An optional textual description of the resource.' + output: true + - name: 'id' + type: Integer + description: 'The unique identifier for the resource.' + output: true + - name: 'name' + type: String + description: 'Name of the resource.' + - name: 'region' + type: ResourceRef + description: 'The region where the zone is located.' + output: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Region' + imports: 'selfLink' + - name: 'status' + type: Enum + description: 'The status of the zone.' + output: true + enum_values: + - 'UP' + - 'DOWN' + - name: 'availableCpuPlatforms' + type: Array + description: 'The available CPU platforms in this zone' + output: true + item_type: + type: String diff --git a/mmv1/products/compute/go_product.yaml b/mmv1/products/compute/go_product.yaml new file mode 100644 index 000000000000..b239add11991 --- /dev/null +++ b/mmv1/products/compute/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Compute' +display_name: 'Compute Engine' +versions: + - name: 'ga' + base_url: 'https://compute.googleapis.com/compute/v1/' + - name: 'beta' + base_url: 'https://compute.googleapis.com/compute/beta/' +scopes: + - 'https://www.googleapis.com/auth/compute' diff --git a/mmv1/products/containeranalysis/go_Note.yaml b/mmv1/products/containeranalysis/go_Note.yaml new file mode 100644 index 000000000000..77758fa8c219 --- /dev/null +++ b/mmv1/products/containeranalysis/go_Note.yaml @@ -0,0 +1,160 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Note' +description: | + A Container Analysis note is a high-level piece of metadata that + describes a type of analysis that can be done for a resource. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/container-analysis/' + 'Creating Attestations (Occurrences)': 'https://cloud.google.com/binary-authorization/docs/making-attestations' + api: 'https://cloud.google.com/container-analysis/api/reference/rest/' +docs: +id_format: 'projects/{{project}}/notes/{{name}}' +base_url: 'projects/{{project}}/notes?noteId={{name}}' +self_link: 'projects/{{project}}/notes/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'projects/{{project}}/notes/{{name}}' +import_format: + - 'projects/{{project}}/notes/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + allowed_iam_role: 'roles/containeranalysis.notes.occurrences.viewer' + parent_resource_attribute: 'note' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/notes/{{name}}' + - '{{name}}' +custom_code: + encoder: 'templates/terraform/encoders/go/containeranalysis_attestation_field_name.go.tmpl' + decoder: 'templates/terraform/decoders/go/containeranalysis_attestation_field_name.go.tmpl' +examples: + - name: 'container_analysis_note_basic' + primary_resource_id: 'note' + primary_resource_name: 'fmt.Sprintf("tf-test-attestor-note%s", context["random_suffix"])' + vars: + note_name: 'attestor-note' + - name: 'container_analysis_note_attestation_full' + primary_resource_id: 'note' + vars: + note_name: 'attestor-note' +parameters: +properties: + - name: 'name' + type: String + description: | + The name of the note. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'shortDescription' + type: String + description: | + A one sentence description of the note. + - name: 'longDescription' + type: String + description: | + A detailed description of the note + - name: 'kind' + type: Enum + description: | + The type of analysis this note describes + output: true + enum_values: + - 'NOTE_KIND_UNSPECIFIED' + - 'VULNERABILITY' + - 'BUILD' + - 'IMAGE' + - 'PACKAGE' + - 'DEPLOYMENT' + - 'DISCOVERY' + - 'ATTESTATION' + - 'UPGRADE' + - name: 'relatedUrl' + type: Array + description: | + URLs associated with this note and related metadata. + is_set: true + item_type: + type: NestedObject + properties: + - name: 'url' + type: String + description: | + Specific URL associated with the resource. + required: true + - name: 'label' + type: String + description: | + Label to describe usage of the URL + - name: 'expirationTime' + type: Time + description: | + Time of expiration for this note. Leave empty if note does not expire. + - name: 'createTime' + type: Time + description: The time this note was created. + output: true + - name: 'updateTime' + type: Time + description: The time this note was last updated. + output: true + - name: 'relatedNoteNames' + type: Array + description: | + Names of other notes related to this note. + is_set: true + item_type: + type: String + - name: 'attestationAuthority' + type: NestedObject + description: | + Note kind that represents a logical attestation "role" or "authority". + For example, an organization might have one AttestationAuthority for + "QA" and one for "build". This Note is intended to act strictly as a + grouping mechanism for the attached Occurrences (Attestations). This + grouping mechanism also provides a security boundary, since IAM ACLs + gate the ability for a principle to attach an Occurrence to a given + Note. It also provides a single point of lookup to find all attached + Attestation Occurrences, even if they don't all live in the same + project. + required: true + properties: + - name: 'hint' + type: NestedObject + description: | + This submessage provides human-readable hints about the purpose of + the AttestationAuthority. Because the name of a Note acts as its + resource reference, it is important to disambiguate the canonical + name of the Note (which might be a UUID for security purposes) + from "readable" names more suitable for debug output. Note that + these hints should NOT be used to look up AttestationAuthorities + in security sensitive contexts, such as when looking up + Attestations to verify. + required: true + properties: + - name: 'humanReadableName' + type: String + description: | + The human readable name of this Attestation Authority, for + example "qa". + required: true diff --git a/mmv1/products/containeranalysis/go_Occurrence.yaml b/mmv1/products/containeranalysis/go_Occurrence.yaml new file mode 100644 index 000000000000..68e851d77f4e --- /dev/null +++ b/mmv1/products/containeranalysis/go_Occurrence.yaml @@ -0,0 +1,147 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Occurrence' +description: | + An occurrence is an instance of a Note, or type of analysis that + can be done for a resource. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/container-analysis/' + api: 'https://cloud.google.com/container-analysis/api/reference/rest/' +docs: +id_format: 'projects/{{project}}/occurrences/{{name}}' +base_url: 'projects/{{project}}/occurrences' +self_link: 'projects/{{project}}/occurrences/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: '{{note_name}}' +import_format: + - 'projects/{{project}}/occurrences/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + encoder: 'templates/terraform/encoders/go/containeranalysis_occurrence.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/containeranalysis_occurrence.go.tmpl' + decoder: 'templates/terraform/decoders/go/containeranalysis_occurrence.go.tmpl' +examples: + - name: 'container_analysis_occurrence_kms' + primary_resource_id: 'occurrence' + vars: + note_name: 'attestation-note' + attestor: 'attestor' + skip_test: true +parameters: +properties: + - name: 'name' + type: String + description: | + The name of the occurrence. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'resourceUri' + type: String + description: | + Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + required: true + immutable: true + - name: 'noteName' + type: String + description: | + The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + required: true + immutable: true + - name: 'kind' + type: String + description: | + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + output: true + - name: 'remediation' + type: String + description: | + A description of actions that can be taken to remedy the note. + - name: 'createTime' + type: Time + description: The time when the repository was created. + output: true + - name: 'updateTime' + type: Time + description: The time when the repository was last updated. + output: true + - name: 'attestation' + type: NestedObject + description: | + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + required: true + properties: + - name: 'serializedPayload' + type: String + description: | + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + required: true + - name: 'signatures' + type: Array + description: | + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + is_set: true + required: true + item_type: + type: NestedObject + properties: + - name: 'signature' + type: String + description: | + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + - name: 'publicKeyId' + type: String + description: | + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA` + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" + required: true diff --git a/mmv1/products/containeranalysis/go_product.yaml b/mmv1/products/containeranalysis/go_product.yaml new file mode 100644 index 000000000000..3a11f455fccd --- /dev/null +++ b/mmv1/products/containeranalysis/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ContainerAnalysis' +display_name: 'Container Registry' +versions: + - name: 'ga' + base_url: 'https://containeranalysis.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://containeranalysis.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/containerattached/Cluster.yaml b/mmv1/products/containerattached/Cluster.yaml index ae12ea757bed..57fc7ca4962d 100644 --- a/mmv1/products/containerattached/Cluster.yaml +++ b/mmv1/products/containerattached/Cluster.yaml @@ -71,7 +71,7 @@ examples: ignore_read_extra: - 'deletion_policy' custom_code: !ruby/object:Provider::Terraform::CustomCode - constants: templates/terraform/constants/containerattached_cluster_diff.go + constants: templates/terraform/constants/containerattached_cluster_diff.go.erb pre_update: templates/terraform/pre_update/containerattached_update.go.erb pre_delete: templates/terraform/pre_delete/container_attached_deletion_policy.go.erb virtual_fields: diff --git a/mmv1/products/containerattached/go_Cluster.yaml b/mmv1/products/containerattached/go_Cluster.yaml new file mode 100644 index 000000000000..325185195113 --- /dev/null +++ b/mmv1/products/containerattached/go_Cluster.yaml @@ -0,0 +1,356 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Cluster' +description: | + An Anthos cluster running on customer owned infrastructure. +references: + guides: + 'API reference': 'https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters' + 'Multicloud overview': 'https://cloud.google.com/anthos/clusters/docs/multi-cloud' + api: 'https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/attachedClusters' +self_link: 'projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/attachedClusters?attached_cluster_id={{name}}' +update_url: 'projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' +update_verb: 'PATCH' +update_mask: true +delete_url: 'projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' +import_format: + - 'projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + full_url: 'https://{{location}}-gkemulticloud.googleapis.com/v1/{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error/errors' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/containerattached_cluster_diff.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/containerattached_update.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/container_attached_deletion_policy.go.tmpl' +examples: + - name: 'container_attached_cluster_basic' + primary_resource_id: 'primary' + primary_resource_name: 'fmt.Sprintf("basic%s", context["random_suffix"])' + vars: + name: 'basic' + - name: 'container_attached_cluster_full' + primary_resource_id: 'primary' + primary_resource_name: 'fmt.Sprintf("basic%s", context["random_suffix"])' + vars: + name: 'basic' + - name: 'container_attached_cluster_ignore_errors' + primary_resource_id: 'primary' + primary_resource_name: 'fmt.Sprintf("basic%s", context["random_suffix"])' + vars: + name: 'basic' + ignore_read_extra: + - 'deletion_policy' +virtual_fields: + - name: 'deletion_policy' + description: 'Policy to determine what flags to send on delete.' + type: Enum + default_value: "DELETE" +parameters: +properties: + - name: 'location' + type: String + description: | + The location for the resource + url_param_only: true + required: true + immutable: true + - name: 'name' + type: String + description: | + The name of this resource. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'description' + type: String + description: | + A human readable description of this attached cluster. Cannot be longer + than 255 UTF-8 encoded bytes. + - name: 'oidcConfig' + type: NestedObject + description: | + OIDC discovery information of the target cluster. + + Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + API server. This fields indicates how GCP services + validate KSA tokens in order to allow system workloads (such as GKE Connect + and telemetry agents) to authenticate back to GCP. + + Both clusters with public and private issuer URLs are supported. + Clusters with public issuers only need to specify the `issuer_url` field + while clusters with private issuers need to provide both + `issuer_url` and `jwks`. + required: true + properties: + - name: 'issuerUrl' + type: String + description: | + A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` + required: true + immutable: true + - name: 'jwks' + type: String + description: | + OIDC verification keys in JWKS format (RFC 7517). + immutable: true + - name: 'platformVersion' + type: String + description: | + The platform version for the cluster (e.g. `1.23.0-gke.1`). + required: true + - name: 'distribution' + type: String + description: | + The Kubernetes distribution of the underlying attached cluster. Supported values: + "eks", "aks". + required: true + immutable: true + - name: 'clusterRegion' + type: String + description: | + Output only. The region where this cluster runs. + + For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region. + output: true + - name: 'fleet' + type: NestedObject + description: | + Fleet configuration. + required: true + properties: + - name: 'membership' + type: String + description: | + The name of the managed Hub Membership resource associated to this + cluster. Membership names are formatted as + projects//locations/global/membership/. + output: true + - name: 'project' + type: String + description: | + The number of the Fleet host project where this cluster will be registered. + required: true + immutable: true + validation: + regex: '^projects/[0-9]+$' + - name: 'state' + type: String + description: | + The current state of the cluster. Possible values: + STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, + DEGRADED + output: true + - name: 'uid' + type: String + description: | + A globally unique identifier for the cluster. + output: true + - name: 'reconciling' + type: Boolean + description: | + If set, there are currently changes in flight to the cluster. + output: true + - name: 'createTime' + type: String + description: | + Output only. The time at which this cluster was created. + output: true + - name: 'updateTime' + type: String + description: | + The time at which this cluster was last updated. + output: true + - name: 'kubernetesVersion' + type: String + description: | + The Kubernetes version of the cluster. + output: true + - name: 'annotations' + type: KeyValueAnnotations + description: | + Optional. Annotations on the cluster. This field has the same + restrictions as Kubernetes annotations. The total size of all keys and + values combined is limited to 256k. Key can have 2 segments: prefix (optional) + and name (required), separated by a slash (/). Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + - name: 'workloadIdentityConfig' + type: NestedObject + description: | + Workload Identity settings. + output: true + properties: + - name: 'identityProvider' + type: String + description: | + The ID of the OIDC Identity Provider (IdP) associated to + the Workload Identity Pool. + - name: 'issuerUri' + type: String + description: | + The OIDC issuer URL for this cluster. + - name: 'workloadPool' + type: String + description: | + The Workload Identity Pool associated to the cluster. + - name: 'loggingConfig' + type: NestedObject + description: | + Logging configuration. + # If the user doesn't specify a loggingConfig, the server will supply a default value. Instead of + # letting that happen and allowing the config and state to get mismatched, just manually send an + # empty object if the user doesn't set anything and require the user to explicitly set the field if a + # value is desired. + # If the loggingConfig passed to the server is empty, an empty object is returned, so the diff in that + # case needs to be ignored. + send_empty_value: true + allow_empty_object: true + diff_suppress_func: 'suppressAttachedClustersLoggingConfigDiff' + custom_expand: 'templates/terraform/custom_expand/go/containerattached_cluster_empty_logging.go.tmpl' + properties: + - name: 'componentConfig' + type: NestedObject + description: | + The configuration of the logging components + send_empty_value: true + allow_empty_object: true + properties: + - name: 'enableComponents' + type: Array + description: | + The components to be enabled. + send_empty_value: true + allow_empty_object: true + item_type: + type: Enum + description: | + The components of the logging configuration. + enum_values: + - 'SYSTEM_COMPONENTS' + - 'WORKLOADS' + - name: 'errors' + type: Array + description: | + A set of errors found in the cluster. + output: true + item_type: + description: | + Describes errors found on attached clusters. + type: NestedObject + properties: + - name: 'message' + type: String + description: | + Human-friendly description of the error. + - name: 'authorization' + type: NestedObject + description: | + Configuration related to the cluster RBAC settings. + custom_flatten: 'templates/terraform/custom_flatten/go/containerattached_cluster_authorization_user.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/containerattached_cluster_authorization_user.go.tmpl' + properties: + - name: 'adminUsers' + type: Array + description: | + Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the users. Up to ten admin users can be provided. + + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + item_type: + type: String + - name: 'adminGroups' + type: Array + description: | + Groups that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the groups. Up to ten admin groups can be provided. + + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + item_type: + type: String + - name: 'monitoringConfig' + type: NestedObject + description: | + Monitoring configuration. + default_from_api: true + allow_empty_object: true + properties: + - name: 'managedPrometheusConfig' + type: NestedObject + description: | + Enable Google Cloud Managed Service for Prometheus in the cluster. + allow_empty_object: true + properties: + - name: 'enabled' + type: Boolean + description: | + Enable Managed Collection. + - name: 'binaryAuthorization' + type: NestedObject + description: | + Binary Authorization configuration. + default_from_api: true + allow_empty_object: true + properties: + - name: 'evaluationMode' + type: Enum + description: | + Configure Binary Authorization evaluation mode. + enum_values: + - 'DISABLED' + - 'PROJECT_SINGLETON_POLICY_ENFORCE' + - name: 'proxyConfig' + type: NestedObject + description: | + Support for proxy configuration. + properties: + - name: 'kubernetesSecret' + type: NestedObject + description: | + The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + properties: + - name: 'name' + type: String + description: | + Name of the kubernetes secret containing the proxy config. + required: true + - name: 'namespace' + type: String + description: | + Namespace of the kubernetes secret containing the proxy config. + required: true diff --git a/mmv1/products/containerattached/go_product.yaml b/mmv1/products/containerattached/go_product.yaml new file mode 100644 index 000000000000..17c5a7046f57 --- /dev/null +++ b/mmv1/products/containerattached/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ContainerAttached' +display_name: 'ContainerAttached' +versions: + - name: 'ga' + base_url: 'https://{{location}}-gkemulticloud.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/databasemigrationservice/go_ConnectionProfile.yaml b/mmv1/products/databasemigrationservice/go_ConnectionProfile.yaml new file mode 100644 index 000000000000..be3934a600a5 --- /dev/null +++ b/mmv1/products/databasemigrationservice/go_ConnectionProfile.yaml @@ -0,0 +1,758 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ConnectionProfile' +description: 'A connection profile definition.' +references: + guides: + 'Database Migration': 'https://cloud.google.com/database-migration/docs/' + api: 'https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles/create' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/connectionProfiles' +self_link: 'projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/connectionProfiles?connectionProfileId={{connection_profile_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}' +timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'database_migration_service_connection_profile_cloudsql' + primary_resource_id: 'cloudsqlprofile' + vars: + sqldb: 'my-database' + sqldb_cert: 'my-cert' + sqldb_user: 'my-username' + sqldb_pass: 'my-password' + from_profile: 'my-fromprofileid' + to_profile: 'my-toprofileid' + ignore_read_extra: + - 'mysql.0.password' + - 'mysql.0.ssl.0.ca_certificate' + - 'mysql.0.ssl.0.client_certificate' + - 'mysql.0.ssl.0.client_key' + - name: 'database_migration_service_connection_profile_postgres' + primary_resource_id: 'postgresprofile' + vars: + sqldb: 'my-database' + sqldb_cert: 'my-cert' + sqldb_user: 'my-username' + sqldb_pass: 'my-password' + profile: 'my-profileid' + ignore_read_extra: + - 'postgresql.0.password' + - 'postgresql.0.ssl.0.ca_certificate' + - 'postgresql.0.ssl.0.client_certificate' + - 'postgresql.0.ssl.0.client_key' + - name: 'database_migration_service_connection_profile_oracle' + primary_resource_id: 'oracleprofile' + vars: + profile: 'my-profileid' + ignore_read_extra: + - 'oracle.0.password' + skip_test: true + - name: 'database_migration_service_connection_profile_alloydb' + primary_resource_id: 'alloydbprofile' + vars: + profile: 'my-profileid' + global_address_name: 'private-ip-alloc' + network_name: 'vpc-network' + ignore_read_extra: + - 'alloydb.0.settings.0.initial_user.0.password' + skip_test: true +parameters: + - name: 'connectionProfileId' + type: String + description: | + The ID of the connection profile. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The location where the connection profile should reside. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}. + output: true + - name: 'displayName' + type: String + description: | + The connection profile display name. + - name: 'createTime' + type: Time + description: | + Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'. + output: true + - name: 'labels' + type: KeyValueLabels + description: | + The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs. + immutable: false + - name: 'state' + type: Enum + description: | + The current connection profile state. + output: true + enum_values: + - 'DRAFT' + - 'READY' + - 'FAILED' + - name: 'error' + type: NestedObject + description: | + Output only. The error details in case of state FAILED. + output: true + properties: + - name: 'code' + type: Integer + description: | + The status code, which should be an enum value of google.rpc.Code. + output: true + - name: 'message' + type: String + description: | + Human readable message indicating details about the current status. + output: true + - name: 'details' + type: Array + description: | + A list of messages that carry the error details. + output: true + item_type: + type: KeyValuePairs + - name: 'dbprovider' + type: Enum + description: | + The database provider. + api_name: provider + output: true + enum_values: + - 'CLOUDSQL' + - 'RDS' + - 'AURORA' + - 'ALLOYDB' + - name: 'mysql' + type: NestedObject + description: | + Specifies connection parameters required specifically for MySQL databases. + exactly_one_of: + - 'mysql' + - 'postgresql' + - 'oracle' + - 'cloudsql' + - 'alloydb' + properties: + - name: 'host' + type: String + description: | + Required. The IP or hostname of the source MySQL database. + required: true + - name: 'port' + type: Integer + description: | + Required. The network port of the source MySQL database. + required: true + - name: 'username' + type: String + description: | + Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. + required: true + - name: 'password' + type: String + description: | + Required. Input only. The password for the user that Database Migration Service will be using to connect to the database. + This field is not returned on request, and the value is encrypted when stored in Database Migration Service. + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_mysql_password.go.tmpl' + - name: 'passwordSet' + type: Boolean + description: | + Output only. Indicates If this connection profile password is stored. + output: true + - name: 'ssl' + type: NestedObject + description: | + SSL configuration for the destination to connect to the source database. + properties: + - name: 'type' + type: Enum + description: | + The current connection profile state. + output: true + enum_values: + - 'SERVER_ONLY' + - 'SERVER_CLIENT' + - name: 'clientKey' + type: String + description: | + Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'clientCertificate' field is mandatory. + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_mysql_ssl_client_key.go.tmpl' + - name: 'clientCertificate' + type: String + description: | + Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server. + If this field is used then the 'clientKey' field is mandatory + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_mysql_ssl_client_certificate.go.tmpl' + - name: 'caCertificate' + type: String + description: | + Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate. + The replica will use this certificate to verify it's connecting to the right host. + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_mysql_ssl_ca_certificate.go.tmpl' + - name: 'cloudSqlId' + type: String + description: | + If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source. + - name: 'postgresql' + type: NestedObject + description: | + Specifies connection parameters required specifically for PostgreSQL databases. + exactly_one_of: + - 'mysql' + - 'postgresql' + - 'oracle' + - 'cloudsql' + - 'alloydb' + properties: + - name: 'host' + type: String + description: | + Required. The IP or hostname of the source MySQL database. + required: true + - name: 'port' + type: Integer + description: | + Required. The network port of the source MySQL database. + required: true + - name: 'username' + type: String + description: | + Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. + required: true + - name: 'password' + type: String + description: | + Required. Input only. The password for the user that Database Migration Service will be using to connect to the database. + This field is not returned on request, and the value is encrypted when stored in Database Migration Service. + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_postgresql_password.go.tmpl' + - name: 'passwordSet' + type: Boolean + description: | + Output only. Indicates If this connection profile password is stored. + output: true + - name: 'ssl' + type: NestedObject + description: | + SSL configuration for the destination to connect to the source database. + properties: + - name: 'type' + type: Enum + description: | + The current connection profile state. + output: true + enum_values: + - 'SERVER_ONLY' + - 'SERVER_CLIENT' + - name: 'clientKey' + type: String + description: | + Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'clientCertificate' field is mandatory. + immutable: true + sensitive: true + required_with: + - 'client_certificate' + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_postgresql_ssl_client_key.go.tmpl' + - name: 'clientCertificate' + type: String + description: | + Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server. + If this field is used then the 'clientKey' field is mandatory + immutable: true + sensitive: true + required_with: + - 'client_key' + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_postgresql_ssl_client_certificate.go.tmpl' + - name: 'caCertificate' + type: String + description: | + Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate. + The replica will use this certificate to verify it's connecting to the right host. + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_postgresql_ssl_ca_certificate.go.tmpl' + - name: 'cloudSqlId' + type: String + description: | + If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source. + - name: 'networkArchitecture' + type: Enum + description: | + Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with. + output: true + enum_values: + - 'NETWORK_ARCHITECTURE_OLD_CSQL_PRODUCER' + - 'NETWORK_ARCHITECTURE_NEW_CSQL_PRODUCER' + - name: 'oracle' + type: NestedObject + description: | + Specifies connection parameters required specifically for Oracle databases. + exactly_one_of: + - 'mysql' + - 'postgresql' + - 'oracle' + - 'cloudsql' + - 'alloydb' + properties: + - name: 'host' + type: String + description: | + Required. The IP or hostname of the source Oracle database. + required: true + - name: 'port' + type: Integer + description: | + Required. The network port of the source Oracle database. + required: true + - name: 'username' + type: String + description: | + Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. + required: true + - name: 'password' + type: String + description: | + Required. Input only. The password for the user that Database Migration Service will be using to connect to the database. + This field is not returned on request, and the value is encrypted when stored in Database Migration Service. + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_oracle_password.go.tmpl' + - name: 'passwordSet' + type: Boolean + description: | + Output only. Indicates If this connection profile password is stored. + output: true + - name: 'databaseService' + type: String + description: | + Required. Database service for the Oracle connection. + required: true + - name: 'ssl' + type: NestedObject + description: | + SSL configuration for the destination to connect to the source database. + properties: + - name: 'type' + type: Enum + description: | + The current connection profile state. + output: true + enum_values: + - 'SERVER_ONLY' + - 'SERVER_CLIENT' + - name: 'clientKey' + type: String + description: | + Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'clientCertificate' field is mandatory. + immutable: true + sensitive: true + required_with: + - 'client_certificate' + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_oracle_ssl_client_key.go.tmpl' + - name: 'clientCertificate' + type: String + description: | + Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server. + If this field is used then the 'clientKey' field is mandatory + immutable: true + sensitive: true + required_with: + - 'client_key' + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_oracle_ssl_client_certificate.go.tmpl' + - name: 'caCertificate' + type: String + description: | + Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate. + The replica will use this certificate to verify it's connecting to the right host. + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_oracle_ssl_ca_certificate.go.tmpl' + - name: 'staticServiceIpConnectivity' + type: NestedObject + description: | + This object has no nested fields. + + Static IP address connectivity configured on service project. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'static_service_ip_connectivity' + - 'forward_ssh_connectivity' + - 'private_connectivity' + properties: + [] + - name: 'forwardSshConnectivity' + type: NestedObject + description: | + SSL configuration for the destination to connect to the source database. + exactly_one_of: + - 'static_service_ip_connectivity' + - 'forward_ssh_connectivity' + - 'private_connectivity' + properties: + - name: 'hostname' + type: String + description: | + Required. Hostname for the SSH tunnel. + required: true + - name: 'username' + type: String + description: | + Required. Username for the SSH tunnel. + required: true + - name: 'port' + type: Integer + description: | + Port for the SSH tunnel, default value is 22. + required: true + - name: 'password' + type: String + description: | + Input only. SSH password. Only one of `password` and `private_key` can be configured. + immutable: true + sensitive: true + exactly_one_of: + - 'forward_ssh_connectivity.0.password' + - 'forward_ssh_connectivity.0.private_key' + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_oracle_forward_ssh_password.go.tmpl' + - name: 'privateKey' + type: String + description: | + Input only. SSH private key. Only one of `password` and `private_key` can be configured. + immutable: true + sensitive: true + exactly_one_of: + - 'oracle.0.forward_ssh_connectivity.0.password' + - 'oracle.0.forward_ssh_connectivity.0.private_key' + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_oracle_forward_ssh_private_key.go.tmpl' + - name: 'privateConnectivity' + type: NestedObject + description: | + Configuration for using a private network to communicate with the source database + exactly_one_of: + - 'oracle.0.static_service_ip_connectivity' + - 'oracle.0.forward_ssh_connectivity' + - 'oracle.0.private_connectivity' + properties: + - name: 'privateConnection' + type: String + description: | + Required. The resource name (URI) of the private connection. + required: true + - name: 'cloudsql' + type: NestedObject + description: | + Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance. + exactly_one_of: + - 'mysql' + - 'postgresql' + - 'oracle' + - 'cloudsql' + - 'alloydb' + properties: + - name: 'cloudSqlId' + type: String + description: | + Output only. The Cloud SQL instance ID that this connection profile is associated with. + output: true + - name: 'settings' + type: NestedObject + description: | + Immutable. Metadata used to create the destination Cloud SQL database. + immutable: true + properties: + - name: 'databaseVersion' + type: String + description: | + The database engine type and version. + Currently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion + - name: 'userLabels' + type: KeyValuePairs + description: | + The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs. + - name: 'tier' + type: String + description: | + The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances). + For more information, see https://cloud.google.com/sql/docs/mysql/instance-settings + - name: 'storageAutoResizeLimit' + type: String + description: | + The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit. + - name: 'activationPolicy' + type: Enum + description: | + The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. + enum_values: + - 'ALWAYS' + - 'NEVER' + - name: 'ipConfig' + type: NestedObject + description: | + The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled. + properties: + - name: 'enableIpv4' + type: Boolean + description: | + Whether the instance should be assigned an IPv4 address or not. + - name: 'privateNetwork' + type: String + description: | + The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. + This setting can be updated, but it cannot be removed after it is set. + - name: 'requireSsl' + type: Boolean + description: | + Whether SSL connections over IP should be enforced or not. + - name: 'authorizedNetworks' + type: Array + description: | + The list of external networks that are allowed to connect to the instance using the IP. + item_type: + type: NestedObject + properties: + - name: 'value' + type: String + description: | + The allowlisted value for the access control list. + required: true + - name: 'label' + type: String + description: | + A label to identify this entry. + - name: 'expireTime' + type: Time + description: | + The time when this access control entry expires in RFC 3339 format. + exactly_one_of: + - 'expire_time' + - 'ttl' + - name: 'ttl' + type: Time + description: | + Input only. The time-to-leave of this access control entry. + immutable: true + - name: 'autoStorageIncrease' + type: Boolean + description: | + If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity. + If the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB. + - name: 'databaseFlags' + type: KeyValuePairs + description: | + The database flags passed to the Cloud SQL instance at startup. + - name: 'dataDiskType' + type: Enum + description: | + The type of storage. + enum_values: + - 'PD_SSD' + - 'PD_HDD' + - name: 'dataDiskSizeGb' + type: String + description: | + The storage capacity available to the database, in GB. The minimum (and default) size is 10GB. + - name: 'zone' + type: String + description: | + The Google Cloud Platform zone where your Cloud SQL datdabse instance is located. + - name: 'sourceId' + type: String + description: | + The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID + required: true + - name: 'rootPassword' + type: String + description: | + Input only. Initial root password. + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_cloudsql_settings_root_password.go.tmpl' + - name: 'rootPasswordSet' + type: Boolean + description: | + Output only. Indicates If this connection profile root password is stored. + output: true + - name: 'collation' + type: String + description: | + The Cloud SQL default instance level collation. + - name: 'cmekKeyName' + type: String + description: | + The KMS key name used for the csql instance. + - name: 'edition' + type: Enum + description: | + The edition of the given Cloud SQL instance. + enum_values: + - 'ENTERPRISE' + - 'ENTERPRISE_PLUS' + - name: 'privateIp' + type: String + description: | + Output only. The Cloud SQL database instance's private IP. + output: true + - name: 'publicIp' + type: String + description: | + Output only. The Cloud SQL database instance's public IP. + output: true + - name: 'alloydb' + type: NestedObject + description: | + Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster. + exactly_one_of: + - 'mysql' + - 'postgresql' + - 'oracle' + - 'cloudsql' + - 'alloydb' + properties: + - name: 'clusterId' + type: String + description: | + Required. The AlloyDB cluster ID that this connection profile is associated with. + required: true + - name: 'settings' + type: NestedObject + description: | + Immutable. Metadata used to create the destination AlloyDB cluster. + immutable: true + properties: + - name: 'initialUser' + type: NestedObject + description: | + Required. Input only. Initial user to setup during cluster creation. + required: true + immutable: true + properties: + - name: 'user' + type: String + description: | + The database username. + required: true + - name: 'password' + type: String + description: | + The initial password for the user. + required: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/database_migration_service_connection_profile_alloydb_settings_initial_user_password.go.tmpl' + - name: 'passwordSet' + type: Boolean + description: | + Output only. Indicates if the initialUser.password field has been set. + output: true + - name: 'vpcNetwork' + type: String + description: | + Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster. + It is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster. + required: true + - name: 'labels' + type: KeyValuePairs + description: | + Labels for the AlloyDB cluster created by DMS. + - name: 'primaryInstanceSettings' + type: NestedObject + description: | + Settings for the cluster's primary instance + properties: + - name: 'id' + type: String + description: | + The database username. + required: true + - name: 'machineConfig' + type: NestedObject + description: | + Configuration for the machines that host the underlying database engine. + required: true + immutable: true + properties: + - name: 'cpuCount' + type: Integer + description: | + The number of CPU's in the VM instance. + required: true + - name: 'databaseFlags' + type: KeyValuePairs + description: | + Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used. + - name: 'labels' + type: KeyValuePairs + description: | + Labels for the AlloyDB primary instance created by DMS. + - name: 'privateIp' + type: String + description: | + Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application. + output: true diff --git a/mmv1/products/databasemigrationservice/go_PrivateConnection.yaml b/mmv1/products/databasemigrationservice/go_PrivateConnection.yaml new file mode 100644 index 000000000000..aab6d6f0caa8 --- /dev/null +++ b/mmv1/products/databasemigrationservice/go_PrivateConnection.yaml @@ -0,0 +1,118 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PrivateConnection' +description: | + The PrivateConnection resource is used to establish private connectivity between Database Migration Service and a customer's network. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/database-migration/docs/oracle-to-postgresql/create-private-connectivity-configuration' + api: 'https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.privateConnections' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/privateConnections' +self_link: 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/privateConnections?privateConnectionId={{private_connection_id}}' +immutable: true +import_format: + - 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' +timeouts: + insert_minutes: 60 + update_minutes: 20 + delete_minutes: 60 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + resource_inside_response: false +custom_code: +examples: + - name: 'database_migration_service_private_connection' + primary_resource_id: 'default' + vars: + private_connection_id: 'my-connection' + network_name: 'my-network' + test_vars_overrides: + 'network_name': 'acctest.BootstrapSharedTestNetwork(t, "dbms-privateconnection")' +parameters: + - name: 'privateConnectionId' + type: String + description: | + The private connectivity identifier. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The name of the location this private connection is located in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: The resource's name. + output: true + - name: 'labels' + type: KeyValueLabels + description: Labels. + immutable: false + - name: 'displayName' + type: String + description: Display name. + default_from_api: true + - name: 'state' + type: String + description: | + State of the PrivateConnection. + output: true + - name: 'error' + type: NestedObject + description: | + The PrivateConnection error in case of failure. + output: true + properties: + - name: 'message' + type: String + description: | + A message containing more information about the error that occurred. + - name: 'details' + type: KeyValuePairs + description: | + A list of messages that carry the error details. + - name: 'vpcPeeringConfig' + type: NestedObject + description: | + The VPC Peering configuration is used to create VPC peering + between databasemigrationservice and the consumer's VPC. + required: true + properties: + - name: 'vpcName' + type: String + description: | + Fully qualified name of the VPC that Database Migration Service will peer to. + Format: projects/{project}/global/{networks}/{name} + required: true + - name: 'subnet' + type: String + description: | + A free subnet for peering. (CIDR of /29) + required: true diff --git a/mmv1/products/databasemigrationservice/go_product.yaml b/mmv1/products/databasemigrationservice/go_product.yaml new file mode 100644 index 000000000000..b76fd0b91286 --- /dev/null +++ b/mmv1/products/databasemigrationservice/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DatabaseMigrationService' +display_name: 'DatabaseMigrationService' +versions: + - name: 'ga' + base_url: 'https://datamigration.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/datacatalog/Entry.yaml b/mmv1/products/datacatalog/Entry.yaml index e7b469c3af6f..0cc23ef521c3 100644 --- a/mmv1/products/datacatalog/Entry.yaml +++ b/mmv1/products/datacatalog/Entry.yaml @@ -12,7 +12,7 @@ # limitations under the License. --- !ruby/object:Api::Resource -name: Entry +name: "Entry" base_url: '{{entry_group}}/entries' create_url: '{{entry_group}}/entries?entryId={{entry_id}}' self_link: '{{name}}' diff --git a/mmv1/products/datacatalog/go_Entry.yaml b/mmv1/products/datacatalog/go_Entry.yaml new file mode 100644 index 000000000000..f9bd9a07d813 --- /dev/null +++ b/mmv1/products/datacatalog/go_Entry.yaml @@ -0,0 +1,252 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Entry' +description: | + Entry Metadata. A Data Catalog Entry resource represents another resource in Google Cloud Platform + (such as a BigQuery dataset or a Pub/Sub topic) or outside of Google Cloud Platform. Clients can use + the linkedResource field in the Entry resource to refer to the original resource ID of the source system. + + An Entry resource contains resource details, such as its schema. An Entry can also be used to attach + flexible metadata, such as a Tag. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/data-catalog/docs' + api: 'https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries' +docs: +base_url: '{{entry_group}}/entries' +self_link: '{{name}}' +create_url: '{{entry_group}}/entries?entryId={{entry_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + custom_import: 'templates/terraform/custom_import/go/data_catalog_entry.go.tmpl' +supports_indirect_user_project_override: true +examples: + - name: 'data_catalog_entry_basic' + primary_resource_id: 'basic_entry' + vars: + entry_id: 'my_entry' + entry_group_id: 'my_group' + - name: 'data_catalog_entry_fileset' + primary_resource_id: 'basic_entry' + vars: + entry_id: 'my_entry' + entry_group_id: 'my_group' + - name: 'data_catalog_entry_full' + primary_resource_id: 'basic_entry' + vars: + entry_id: 'my_entry' + entry_group_id: 'my_group' +parameters: + - name: 'entryGroup' + type: String + description: | + The name of the entry group this entry is in. + url_param_only: true + required: true + immutable: true + - name: 'entryId' + type: String + description: | + The id of the entry to create. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + output: true + - name: 'linkedResource' + type: String + description: | + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. + default_from_api: true + - name: 'displayName' + type: String + description: | + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + - name: 'description' + type: String + description: | + Entry description, which can consist of several sentences or paragraphs that describe entry contents. + # This is a string instead of a NestedObject because schemas contain ColumnSchemas, which can contain nested ColumnSchemas. + # We'll have people provide the json blob for the schema instead. + - name: 'schema' + type: String + description: | + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'type' + type: Enum + description: | + The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. + immutable: true + exactly_one_of: + - 'type' + - 'user_specified_type' + enum_values: + - 'FILESET' + - name: 'userSpecifiedType' + type: String + description: | + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + exactly_one_of: + - 'type' + - 'user_specified_type' + validation: + regex: '^[A-z_][A-z0-9_]{0,63}$' + - name: 'integratedSystem' + type: String + description: | + This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub. + output: true + - name: 'userSpecifiedSystem' + type: String + description: | + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + validation: + regex: '^[A-z_][A-z0-9_]{0,63}$' + - name: 'gcsFilesetSpec' + type: NestedObject + description: | + Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET. + properties: + - name: 'filePatterns' + type: Array + description: | + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt + required: true + item_type: + type: String + - name: 'sampleGcsFileSpecs' + type: Array + description: | + Sample files contained in this fileset, not all files contained in this fileset are represented here. + output: true + item_type: + type: NestedObject + properties: + - name: 'filePath' + type: String + description: | + The full file path + output: true + - name: 'sizeBytes' + type: Integer + description: | + The size of the file, in bytes. + output: true + - name: 'bigqueryTableSpec' + type: NestedObject + description: | + Specification that applies to a BigQuery table. This is only valid on entries of type TABLE. + output: true + properties: + - name: 'tableSourceType' + type: String + description: | + The table source type. + output: true + - name: 'viewSpec' + type: NestedObject + description: | + Table view specification. This field should only be populated if tableSourceType is BIGQUERY_VIEW. + output: true + properties: + - name: 'viewQuery' + type: String + description: | + The query that defines the table view. + output: true + - name: 'tableSpec' + type: NestedObject + description: | + Spec of a BigQuery table. This field should only be populated if tableSourceType is BIGQUERY_TABLE. + output: true + properties: + - name: 'groupedEntry' + type: String + description: | + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + output: true + - name: 'bigqueryDateShardedSpec' + type: NestedObject + description: | + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + output: true + properties: + - name: 'dataset' + type: String + description: | + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId} + output: true + - name: 'tablePrefix' + type: String + description: | + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + output: true + - name: 'shardCount' + type: Integer + description: | + Total number of shards. + output: true diff --git a/mmv1/products/datacatalog/go_EntryGroup.yaml b/mmv1/products/datacatalog/go_EntryGroup.yaml new file mode 100644 index 000000000000..d276ff2cb1e4 --- /dev/null +++ b/mmv1/products/datacatalog/go_EntryGroup.yaml @@ -0,0 +1,90 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EntryGroup' +description: | + An EntryGroup resource represents a logical grouping of zero or more Data Catalog Entry resources. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/data-catalog/docs' + api: 'https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/entryGroups' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/{{region}}/entryGroups?entryGroupId={{entry_group_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'entry_group' + base_url: 'projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}' + - '{{entry_group}}' +custom_code: + custom_import: 'templates/terraform/custom_import/go/data_catalog_entry_group.go.tmpl' +examples: + - name: 'data_catalog_entry_group_basic' + primary_resource_id: 'basic_entry_group' + primary_resource_name: 'fmt.Sprintf("tf_test_my_group%s", context["random_suffix"])' + vars: + entry_group_id: 'my_group' + - name: 'data_catalog_entry_group_full' + primary_resource_id: 'basic_entry_group' + primary_resource_name: 'fmt.Sprintf("tf_test_my_group%s", context["random_suffix"])' + vars: + entry_group_id: 'my_group' +parameters: + - name: 'region' + type: String + description: | + EntryGroup location region. + url_param_only: true + required: false + immutable: true + ignore_read: true + default_from_api: true + - name: 'entryGroupId' + type: String + description: | + The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + url_param_only: true + required: true + immutable: true + validation: + regex: '^[A-z_][A-z0-9_]{0,63}$' +properties: + - name: 'name' + type: String + description: | + The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId} + output: true + - name: 'displayName' + type: String + description: | + A short name to identify the entry group, for example, "analytics data - jan 2011". + - name: 'description' + type: String + description: | + Entry group description, which can consist of several sentences or paragraphs that describe entry group contents. diff --git a/mmv1/products/datacatalog/go_PolicyTag.yaml b/mmv1/products/datacatalog/go_PolicyTag.yaml new file mode 100644 index 000000000000..92deaa1204cf --- /dev/null +++ b/mmv1/products/datacatalog/go_PolicyTag.yaml @@ -0,0 +1,97 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PolicyTag' +description: | + Denotes one policy tag in a taxonomy. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/data-catalog/docs' + api: 'https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies.policyTags' +docs: +base_url: '{{taxonomy}}/policyTags' +self_link: '{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + skip_import_test: true + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'policy_tag' + base_url: '{{%policy_tag}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - '{{%policy_tag}}' +custom_code: + custom_import: 'templates/terraform/custom_import/go/extract_taxonomy.go.tmpl' +examples: + - name: 'data_catalog_taxonomies_policy_tag_basic' + primary_resource_id: 'basic_policy_tag' + primary_resource_name: 'fmt.Sprintf("tf_test_my_policy_tag%s", context["random_suffix"])' + vars: + taxonomy_display_name: 'taxonomy_display_name' + - name: 'data_catalog_taxonomies_policy_tag_child_policies' + primary_resource_id: 'child_policy' + primary_resource_name: 'fmt.Sprintf("tf_test_my_child_tag%s", context["random_suffix"])' + vars: + taxonomy_display_name: 'taxonomy_display_name' +parameters: + - name: 'taxonomy' + type: String + description: | + Taxonomy the policy tag is associated with + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}" + output: true + - name: 'displayName' + type: String + description: | + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + required: true + - name: 'description' + type: String + description: | + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + - name: 'parentPolicyTag' + type: String + description: | + Resource name of this policy tag's parent policy tag. + If empty, it means this policy tag is a top level policy tag. + If not set, defaults to an empty string. + - name: 'childPolicyTags' + type: Array + description: | + Resource names of child policy tags of this policy tag. + output: true + item_type: + type: String diff --git a/mmv1/products/datacatalog/go_Tag.yaml b/mmv1/products/datacatalog/go_Tag.yaml new file mode 100644 index 000000000000..c8b65f6a3cef --- /dev/null +++ b/mmv1/products/datacatalog/go_Tag.yaml @@ -0,0 +1,180 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Tag' +description: | + Tags are used to attach custom metadata to Data Catalog resources. Tags conform to the specifications within their tag template. + + See [Data Catalog IAM](https://cloud.google.com/data-catalog/docs/concepts/iam) for information on the permissions needed to create or view tags. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/data-catalog/docs' + api: 'https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.tags' +docs: +id_format: '{{name}}' +base_url: '{{parent}}/tags' +self_link: '{{parent}}/tags' +update_url: '{{name}}' +update_verb: 'PATCH' +update_mask: true + +read_query_params: '?pageSize=1000' +delete_url: '{{name}}' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +nested_query: + keys: + - tags + is_list_of_ids: false + modify_by_patch: false +custom_code: + encoder: 'templates/terraform/encoders/go/data_catalog_tag.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/data_catalog_tag.go.tmpl' +examples: + - name: 'data_catalog_entry_tag_basic' + primary_resource_id: 'basic_tag' + vars: + entry_group_id: 'my_entry_group' + entry_id: 'my_entry' + tag_template_id: 'my_template' + force_delete: 'false' + test_vars_overrides: + 'force_delete': 'true' + - name: 'data_catalog_entry_group_tag' + primary_resource_id: 'entry_group_tag' + vars: + entry_group_id: 'my_entry_group' + first_entry: 'first_entry' + second_entry: 'second_entry' + tag_template_id: 'my_template' + force_delete: 'false' + test_vars_overrides: + 'force_delete': 'true' + - name: 'data_catalog_entry_tag_full' + primary_resource_id: 'basic_tag' + vars: + entry_group_id: 'my_entry_group' + entry_id: 'my_entry' + tag_template_id: 'my_template' + force_delete: 'false' + test_vars_overrides: + 'force_delete': 'true' + skip_vcr: true + - name: 'data_catalog_entry_tag_false' + primary_resource_id: 'basic_tag' + vars: + entry_group_id: 'my_entry_group' + entry_id: 'my_entry' + tag_template_id: 'my_template' + force_delete: 'false' + test_vars_overrides: + 'force_delete': 'true' + skip_docs: true +parameters: + - name: 'parent' + type: String + description: | + The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + output: true + - name: 'template' + type: String + description: | + The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + required: true + immutable: true + - name: 'template_displayname' + type: String + description: | + The display name of the tag template. + api_name: templateDisplayName + output: true + - name: 'fields' + type: Map + description: | + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + required: true + key_name: 'field_name' + value_type: + name: field_value + type: NestedObject + properties: + - name: 'display_name' + type: String + description: | + The display name of this field + output: true + - name: 'order' + type: Integer + description: | + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + output: true + - name: 'doubleValue' + type: Double + description: | + Holds the value for a tag field with double type. + - name: 'stringValue' + type: String + description: | + Holds the value for a tag field with string type. + - name: 'boolValue' + type: Boolean + description: | + Holds the value for a tag field with boolean type. + send_empty_value: true + - name: 'timestampValue' + type: String + description: | + Holds the value for a tag field with timestamp type. + - name: 'enumValue' + type: NestedObject + description: | + Holds the value for a tag field with enum type. This value must be one of the allowed values in the definition of this enum. + custom_flatten: 'templates/terraform/custom_flatten/go/data_catalog_tag.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/data_catalog_tag.go.tmpl' + flatten_object: true + properties: + - name: 'enum_value' + type: String + description: | + The display name of the enum value. + api_name: displayName + - name: 'column' + type: String + description: | + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use `.` to separate the column names. Example: + `outer_column.inner_column` diff --git a/mmv1/products/datacatalog/go_TagTemplate.yaml b/mmv1/products/datacatalog/go_TagTemplate.yaml new file mode 100644 index 000000000000..7afcb63f0870 --- /dev/null +++ b/mmv1/products/datacatalog/go_TagTemplate.yaml @@ -0,0 +1,172 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TagTemplate' +description: | + A tag template defines a tag, which can have one or more typed fields. + The template is used to create and attach the tag to GCP resources. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/data-catalog/docs' + api: 'https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.tagTemplates' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/tagTemplates' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/{{region}}/tagTemplates?tagTemplateId={{tag_template_id}}' +update_verb: 'PATCH' +delete_url: '{{name}}?force={{force_delete}}' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'tag_template' + base_url: 'projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}' + - '{{tag_template}}' +custom_code: + constants: 'templates/terraform/constants/go/tagtemplate_fields.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/tagtemplate_fields.go.tmpl' + post_update: 'templates/terraform/post_update/go/tagtemplate_fields.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/data_catalog_tag_template.go.tmpl' +skip_sweeper: true +examples: + - name: 'data_catalog_tag_template_basic' + primary_resource_id: 'basic_tag_template' + primary_resource_name: 'fmt.Sprintf("tf_test_my_template%s", context["random_suffix"])' + vars: + tag_template_id: 'my_template' + force_delete: 'false' + test_vars_overrides: + 'force_delete': 'true' +parameters: + - name: 'region' + type: String + description: | + Template location region. + url_param_only: true + required: false + immutable: true + ignore_read: true + default_from_api: true + - name: 'tagTemplateId' + type: String + description: | + The id of the tag template to create. + url_param_only: true + required: true + immutable: true + validation: + regex: '^[a-z_][a-z0-9_]{0,63}$' + - name: 'forceDelete' + type: Boolean + description: | + This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template. + url_param_only: true + default_value: false +properties: + - name: 'name' + type: String + description: | + The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + output: true + - name: 'displayName' + type: String + description: | + The display name for this template. + - name: 'fields' + type: Map + description: | + Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it. + required: true + key_name: 'field_id' + value_type: + name: field + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field} + output: true + - name: 'displayName' + type: String + description: | + The display name for this field. + default_from_api: true + - name: 'description' + type: String + description: | + A description for this field. + default_from_api: true + - name: 'type' + type: NestedObject + description: | + The type of value this tag field can contain. + required: true + properties: + - name: 'primitiveType' + type: Enum + description: | + Represents primitive types - string, bool etc. + Exactly one of `primitive_type` or `enum_type` must be set + default_from_api: true + enum_values: + - 'DOUBLE' + - 'STRING' + - 'BOOL' + - 'TIMESTAMP' + - name: 'enumType' + type: NestedObject + description: | + Represents an enum type. + Exactly one of `primitive_type` or `enum_type` must be set + properties: + - name: 'allowedValues' + type: Array + description: | + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + is_set: true + required: true + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: | + The display name of the enum value. + required: true + - name: 'isRequired' + type: Boolean + description: | + Whether this is a required field. Defaults to false. + default_from_api: true + - name: 'order' + type: Integer + description: | + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + default_from_api: true diff --git a/mmv1/products/datacatalog/go_Taxonomy.yaml b/mmv1/products/datacatalog/go_Taxonomy.yaml new file mode 100644 index 000000000000..22beae77f4e8 --- /dev/null +++ b/mmv1/products/datacatalog/go_Taxonomy.yaml @@ -0,0 +1,95 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Taxonomy' +description: | + A collection of policy tags that classify data along a common axis. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/data-catalog/docs' + api: 'https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies' +docs: +base_url: 'projects/{{project}}/locations/{{region}}/taxonomies' +self_link: '{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + skip_import_test: true + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'taxonomy' + base_url: 'projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}' + - '{{taxonomy}}' +custom_code: + custom_import: 'templates/terraform/custom_import/go/data_catalog_taxonomy.go.tmpl' +sweeper: + sweepable_identifier_field: displayName +examples: + - name: 'data_catalog_taxonomy_basic' + primary_resource_id: 'basic_taxonomy' + primary_resource_name: 'fmt.Sprintf("tf_test_my_taxonomy%s", context["random_suffix"])' + vars: + display_name: 'my_taxonomy' +parameters: + - name: 'region' + type: String + description: | + Taxonomy location region. + url_param_only: true + required: false + immutable: true + default_from_api: true +properties: + - name: 'name' + type: String + description: | + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + output: true + - name: 'displayName' + type: String + description: | + User defined name of this taxonomy. + The taxonomy display name must be unique within an organization. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + required: true + - name: 'description' + type: String + description: | + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + - name: 'activatedPolicyTypes' + type: Array + description: | + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. + item_type: + type: Enum + description: 'Defines policy types where policy tag can be used for' + enum_values: + - 'POLICY_TYPE_UNSPECIFIED' + - 'FINE_GRAINED_ACCESS_CONTROL' diff --git a/mmv1/products/datacatalog/go_product.yaml b/mmv1/products/datacatalog/go_product.yaml new file mode 100644 index 000000000000..c719c19116c1 --- /dev/null +++ b/mmv1/products/datacatalog/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DataCatalog' +display_name: 'Data catalog' +versions: + - name: 'ga' + base_url: 'https://datacatalog.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://datacatalog.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/dataform/ReleaseConfig.yaml b/mmv1/products/dataform/RepositoryReleaseConfig.yaml similarity index 100% rename from mmv1/products/dataform/ReleaseConfig.yaml rename to mmv1/products/dataform/RepositoryReleaseConfig.yaml diff --git a/mmv1/products/dataform/WorkflowConfig.yaml b/mmv1/products/dataform/RepositoryWorkflowConfig.yaml similarity index 100% rename from mmv1/products/dataform/WorkflowConfig.yaml rename to mmv1/products/dataform/RepositoryWorkflowConfig.yaml diff --git a/mmv1/products/dataform/go_Repository.yaml b/mmv1/products/dataform/go_Repository.yaml new file mode 100644 index 000000000000..9525a76fc97c --- /dev/null +++ b/mmv1/products/dataform/go_Repository.yaml @@ -0,0 +1,170 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Repository' +description: |- + A resource represents a Dataform Git repository +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dataform/docs/' + api: 'https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories' +docs: +id_format: 'projects/{{project}}/locations/{{region}}/repositories/{{name}}' +base_url: 'projects/{{project}}/locations/{{region}}/repositories' +create_url: 'projects/{{project}}/locations/{{region}}/repositories?repositoryId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{region}}/repositories/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'repository' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + min_version: 'beta' +custom_code: +examples: + - name: 'dataform_repository' + primary_resource_id: 'dataform_repository' + primary_resource_name: 'fmt.Sprintf("tf_test_dataform_repository%s", context["random_suffix"])' + min_version: 'beta' + vars: + dataform_repository_name: 'dataform_repository' + data: 'secret-data' + secret_name: 'my-secret' + skip_test: true + - name: 'dataform_repository_with_cloudsource_repo' + primary_resource_id: 'dataform_repository' + primary_resource_name: 'fmt.Sprintf("tf_test_dataform_repository%s", context["random_suffix"])' + min_version: 'beta' + vars: + git_repository_name: 'my/repository' + dataform_repository_name: 'dataform_repository' + data: 'secret-data' + secret_name: 'my-secret' + skip_docs: true + - name: 'dataform_repository_with_cloudsource_repo_and_ssh' + primary_resource_id: 'dataform_repository' + min_version: 'beta' + vars: + git_repository_name: 'my/repository' + dataform_repository_name: 'dataform_repository' + data: 'secret-data' + secret_name: 'my-secret' + skip_docs: true +parameters: + - name: 'region' + type: String + description: 'A reference to the region' + min_version: 'beta' + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: The repository's name. + min_version: 'beta' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'gitRemoteSettings' + type: NestedObject + description: + Optional. If set, configures this repository to be linked to a Git remote. + min_version: 'beta' + properties: + - name: 'url' + type: String + description: The Git remote's URL. + min_version: 'beta' + required: true + - name: 'defaultBranch' + type: String + description: The Git remote's default branch name. + min_version: 'beta' + required: true + - name: 'authenticationTokenSecretVersion' + type: String + description: + The name of the Secret Manager secret version to use as an + authentication token for Git operations. This secret is for assigning with HTTPS only(for SSH use `ssh_authentication_config`). Must be in the format + projects/*/secrets/*/versions/*. + min_version: 'beta' + exactly_one_of: + - 'gitRemoteSettings.0.authenticationTokenSecretVersion' + - 'gitRemoteSettings.0.sshAuthenticationConfig' + - name: 'sshAuthenticationConfig' + type: NestedObject + description: Authentication fields for remote uris using SSH protocol. + min_version: 'beta' + exactly_one_of: + - 'gitRemoteSettings.0.authenticationTokenSecretVersion' + - 'gitRemoteSettings.0.sshAuthenticationConfig' + properties: + - name: 'userPrivateKeySecretVersion' + type: String + description: The name of the Secret Manager secret version to use as a ssh private key for Git operations. Must be in the format projects/*/secrets/*/versions/*. + min_version: 'beta' + required: true + - name: 'hostPublicKey' + type: String + description: Content of a public SSH key to verify an identity of a remote Git host. + min_version: 'beta' + required: true + - name: 'tokenStatus' + type: String + description: | + Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus + min_version: 'beta' + output: true + - name: 'workspaceCompilationOverrides' + type: NestedObject + description: If set, fields of workspaceCompilationOverrides override the default compilation settings that are specified in dataform.json when creating workspace-scoped compilation results. + min_version: 'beta' + properties: + - name: 'defaultDatabase' + type: String + description: The default database (Google Cloud project ID). + min_version: 'beta' + - name: 'schemaSuffix' + type: String + description: The suffix that should be appended to all schema (BigQuery dataset ID) names. + min_version: 'beta' + - name: 'tablePrefix' + type: String + description: The prefix that should be prepended to all table names. + min_version: 'beta' + - name: 'serviceAccount' + type: String + description: The service account to run workflow invocations under. + min_version: 'beta' + - name: 'npmrcEnvironmentVariablesSecretVersion' + type: String + description: Optional. The name of the Secret Manager secret version to be used to interpolate variables into the .npmrc file for package installation operations. Must be in the format projects/*/secrets/*/versions/*. The file itself must be in a JSON format. + min_version: 'beta' + - name: 'displayName' + type: String + description: Optional. The repository's user-friendly name. + min_version: 'beta' + - name: 'labels' + type: KeyValueLabels + description: | + Optional. Repository user labels. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + min_version: 'beta' + immutable: false diff --git a/mmv1/products/dataform/go_RepositoryReleaseConfig.yaml b/mmv1/products/dataform/go_RepositoryReleaseConfig.yaml new file mode 100644 index 000000000000..f26abafab494 --- /dev/null +++ b/mmv1/products/dataform/go_RepositoryReleaseConfig.yaml @@ -0,0 +1,173 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RepositoryReleaseConfig' +description: |- + A resource represents a Dataform release configuration +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dataform/docs/release-configurations' + api: 'https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories.releaseConfigs' +docs: +id_format: 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}' +base_url: 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs' +create_url: 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs?releaseConfigId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/releaseConfigs/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'dataform_repository_release_config' + primary_resource_id: 'release' + min_version: 'beta' + vars: + release_name: 'my_release' + git_repository_name: 'my/repository' + dataform_repository_name: 'dataform_repository' + data: 'secret-data' + secret_name: 'my_secret' +parameters: + - name: 'region' + type: String + description: 'A reference to the region' + min_version: 'beta' + url_param_only: true + immutable: true + - name: 'repository' + type: String + description: 'A reference to the Dataform repository' + min_version: 'beta' + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: The release's name. + min_version: 'beta' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'gitCommitish' + type: String + description: + Git commit/tag/branch name at which the repository should be compiled. + Must exist in the remote repository. + min_version: 'beta' + required: true + - name: 'cronSchedule' + type: String + description: + Optional. Optional schedule (in cron format) for automatic creation of compilation results. + min_version: 'beta' + - name: 'timeZone' + type: String + description: + Optional. Specifies the time zone to be used when interpreting cronSchedule. + Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). + If left unspecified, the default is UTC. + min_version: 'beta' + - name: 'codeCompilationConfig' + type: NestedObject + description: + Optional. If set, fields of codeCompilationConfig override the default compilation + settings that are specified in dataform.json. + min_version: 'beta' + properties: + - name: 'defaultDatabase' + type: String + description: Optional. The default database (Google Cloud project ID). + min_version: 'beta' + - name: 'defaultSchema' + type: String + description: Optional. The default schema (BigQuery dataset ID). + min_version: 'beta' + - name: 'defaultLocation' + type: String + description: |- + Optional. The default BigQuery location to use. Defaults to "US". + See the BigQuery docs for a full list of locations: https://cloud.google.com/bigquery/docs/locations. + min_version: 'beta' + - name: 'assertionSchema' + type: String + description: Optional. The default schema (BigQuery dataset ID) for assertions. + min_version: 'beta' + - name: 'vars' + type: KeyValuePairs + description: |- + Optional. User-defined variables that are made available to project code during compilation. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + min_version: 'beta' + - name: 'databaseSuffix' + type: String + description: Optional. The suffix that should be appended to all database (Google Cloud project ID) names. + min_version: 'beta' + - name: 'schemaSuffix' + type: String + description: Optional. The suffix that should be appended to all schema (BigQuery dataset ID) names. + min_version: 'beta' + - name: 'tablePrefix' + type: String + description: Optional. The prefix that should be prepended to all table names. + min_version: 'beta' + - name: 'recentScheduledReleaseRecords' + type: Array + description: + Records of the 10 most recent scheduled release attempts, + ordered in in descending order of releaseTime. + Updated whenever automatic creation of a compilation result is triggered by cronSchedule. + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'releaseTime' + type: String + description: The timestamp of this release attempt. + min_version: 'beta' + output: true + - name: 'compilationResult' + type: String + description: + The name of the created compilation result, if one was successfully created. + Must be in the format projects/*/locations/*/repositories/*/compilationResults/*. + min_version: 'beta' + output: true + - name: 'errorStatus' + type: NestedObject + description: + The error status encountered upon this attempt to create the compilation + result, if the attempt was unsuccessful. + min_version: 'beta' + output: true + properties: + - name: 'code' + type: Integer + description: The status code, which should be an enum value of google.rpc.Code. + min_version: 'beta' + output: true + - name: 'message' + type: String + description: + A developer-facing error message, which should be in English. + Any user-facing error message should be localized and sent in + the google.rpc.Status.details field, or localized by the client. + min_version: 'beta' + output: true diff --git a/mmv1/products/dataform/go_RepositoryWorkflowConfig.yaml b/mmv1/products/dataform/go_RepositoryWorkflowConfig.yaml new file mode 100644 index 000000000000..25ab291d16cd --- /dev/null +++ b/mmv1/products/dataform/go_RepositoryWorkflowConfig.yaml @@ -0,0 +1,180 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RepositoryWorkflowConfig' +description: |- + A resource represents a Dataform workflow configuration +min_version: 'beta' +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dataform/docs/workflow-configurations' + api: 'https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories.workflowConfigs' +docs: +id_format: 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}' +base_url: 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs' +create_url: 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs?workflowConfigId={{name}}' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/locations/{{region}}/repositories/{{repository}}/workflowConfigs/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'dataform_repository_workflow_config' + primary_resource_id: 'workflow' + min_version: 'beta' + vars: + workflow_name: 'my_workflow' + release_name: 'my_release' + service_account_name: 'dataform-sa' + git_repository_name: 'my/repository' + dataform_repository_name: 'dataform_repository' + data: 'secret-data' + secret_name: 'my_secret' +parameters: + - name: 'region' + type: String + description: 'A reference to the region' + min_version: 'beta' + url_param_only: true + immutable: true + - name: 'repository' + type: String + description: 'A reference to the Dataform repository' + min_version: 'beta' + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: The workflow's name. + min_version: 'beta' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'releaseConfig' + type: String + description: + The name of the release config whose releaseCompilationResult should be executed. + Must be in the format projects/*/locations/*/repositories/*/releaseConfigs/*. + min_version: 'beta' + required: true + - name: 'invocationConfig' + type: NestedObject + description: + Optional. If left unset, a default InvocationConfig will be used. + min_version: 'beta' + properties: + - name: 'includedTargets' + type: Array + description: Optional. The set of action identifiers to include. + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'database' + type: String + description: The action's database (Google Cloud project ID). + min_version: 'beta' + - name: 'schema' + type: String + description: + The action's schema (BigQuery dataset ID), within database. + min_version: 'beta' + - name: 'name' + type: String + description: + The action's name, within database and schema. + min_version: 'beta' + - name: 'includedTags' + type: Array + description: Optional. The set of tags to include. + min_version: 'beta' + item_type: + type: String + - name: 'transitiveDependenciesIncluded' + type: Boolean + description: Optional. When set to true, transitive dependencies of included actions will be executed. + min_version: 'beta' + - name: 'transitiveDependentsIncluded' + type: Boolean + description: Optional. When set to true, transitive dependents of included actions will be executed. + min_version: 'beta' + - name: 'fullyRefreshIncrementalTablesEnabled' + type: Boolean + description: Optional. When set to true, any incremental tables will be fully refreshed. + min_version: 'beta' + - name: 'serviceAccount' + type: String + description: Optional. The service account to run workflow invocations under. + min_version: 'beta' + - name: 'cronSchedule' + type: String + description: + Optional. Optional schedule (in cron format) for automatic creation of compilation results. + min_version: 'beta' + - name: 'timeZone' + type: String + description: + Optional. Specifies the time zone to be used when interpreting cronSchedule. + Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). + If left unspecified, the default is UTC. + min_version: 'beta' + - name: 'recentScheduledExecutionRecords' + type: Array + description: + Records of the 10 most recent scheduled execution attempts, + ordered in in descending order of executionTime. + Updated whenever automatic creation of a workflow invocation is triggered by cronSchedule. + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'executionTime' + type: String + description: The timestamp of this workflow attempt. + min_version: 'beta' + output: true + - name: 'workflowInvocation' + type: String + description: + The name of the created workflow invocation, if one was successfully created. + In the format projects/*/locations/*/repositories/*/workflowInvocations/*. + min_version: 'beta' + output: true + - name: 'errorStatus' + type: NestedObject + description: + The error status encountered upon this attempt to create the workflow invocation, + if the attempt was unsuccessful. + min_version: 'beta' + output: true + properties: + - name: 'code' + type: Integer + description: The status code, which should be an enum value of google.rpc.Code. + min_version: 'beta' + output: true + - name: 'message' + type: String + description: + A developer-facing error message, which should be in English. + Any user-facing error message should be localized and sent in + the google.rpc.Status.details field, or localized by the client. + min_version: 'beta' + output: true diff --git a/mmv1/products/dataform/go_product.yaml b/mmv1/products/dataform/go_product.yaml new file mode 100644 index 000000000000..a7baa9abcdf3 --- /dev/null +++ b/mmv1/products/dataform/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Dataform' +display_name: 'Dataform' +versions: + - name: 'beta' + base_url: 'https://dataform.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/datafusion/Instance.yaml b/mmv1/products/datafusion/Instance.yaml index ccd0efd1c762..e8e0d553ab73 100644 --- a/mmv1/products/datafusion/Instance.yaml +++ b/mmv1/products/datafusion/Instance.yaml @@ -59,6 +59,18 @@ examples: test_vars_overrides: # Mark for testing to avoid service networking connection usage that is not cleaned up prober_test_run: '`options = { prober_test_run = "true" }`' + - !ruby/object:Provider::Terraform::Examples + name: 'data_fusion_instance_psc' + primary_resource_id: 'psc_instance' + vars: + instance_name: 'psc-instance' + network_name: 'datafusion-psc-network' + subnet_name: 'datafusion-psc-subnet' + attachment_name: 'datafusion-psc-attachment' + prober_test_run: '' + test_vars_overrides: + # Mark for testing to avoid service networking connection usage that is not cleaned up + prober_test_run: '`options = { prober_test_run = "true" }`' - !ruby/object:Provider::Terraform::Examples name: 'data_fusion_instance_cmek' primary_resource_id: 'cmek' @@ -237,7 +249,6 @@ properties: description: | The IP range in CIDR notation to use for the managed Data Fusion instance nodes. This range must not overlap with any other ranges used in the Data Fusion instance network. - required: true immutable: true - !ruby/object:Api::Type::String name: 'network' @@ -245,8 +256,46 @@ properties: Name of the network in the project with which the tenant project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} - required: true immutable: true + - !ruby/object:Api::Type::Enum + name: 'connectionType' + description: | + Optional. Type of connection for establishing private IP connectivity between the Data Fusion customer project VPC and + the corresponding tenant project from a predefined list of available connection modes. + If this field is unspecified for a private instance, VPC peering is used. + values: + - :VPC_PEERING + - :PRIVATE_SERVICE_CONNECT_INTERFACES + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'privateServiceConnectConfig' + description: | + Optional. Configuration for Private Service Connect. + This is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'networkAttachment' + description: | + Optional. The reference to the network attachment used to establish private connectivity. + It will be of the form projects/{project-id}/regions/{region}/networkAttachments/{network-attachment-id}. + This is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES. + immutable: true + - !ruby/object:Api::Type::String + name: 'unreachableCidrBlock' + description: | + Optional. Input only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC. + The size of this block should be at least /25. This range should not overlap with the primary address range of any subnetwork used by the network attachment. + This range can be used for other purposes in the consumer VPC as long as there is no requirement for CDF to reach destinations using these addresses. + If this value is not provided, the server chooses a non RFC 1918 address range. The format of this field is governed by RFC 4632. + ignore_read: true + immutable: true + - !ruby/object:Api::Type::String + name: 'effectiveUnreachableCidrBlock' + description: | + Output only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC. + The size of this block is /25. The format of this field is governed by RFC 4632. + output: true - !ruby/object:Api::Type::String name: 'zone' description: | diff --git a/mmv1/products/datafusion/go_instance.yaml b/mmv1/products/datafusion/go_Instance.yaml similarity index 63% rename from mmv1/products/datafusion/go_instance.yaml rename to mmv1/products/datafusion/go_Instance.yaml index 33cfefff7faf..a4db1f7fef0f 100644 --- a/mmv1/products/datafusion/go_instance.yaml +++ b/mmv1/products/datafusion/go_Instance.yaml @@ -30,7 +30,7 @@ timeouts: delete_minutes: 50 autogen_async: true async: - type: "OpAsync" + type: 'OpAsync' operation: base_url: '{{op_id}}' path: 'name' @@ -53,7 +53,7 @@ custom_code: examples: - name: 'data_fusion_instance_basic' primary_resource_id: 'basic_instance' - primary_resource_name: 'basic_instance' + primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: instance_name: 'my-instance' prober_test_run: '' @@ -61,7 +61,6 @@ examples: 'prober_test_run': '`options = { prober_test_run = "true" }`' - name: 'data_fusion_instance_full' primary_resource_id: 'extended_instance' - primary_resource_name: 'extended_instance' vars: instance_name: 'my-instance' ip_alloc: 'datafusion-ip-alloc' @@ -69,14 +68,22 @@ examples: prober_test_run: '' test_vars_overrides: 'prober_test_run': '`options = { prober_test_run = "true" }`' + - name: 'data_fusion_instance_psc' + primary_resource_id: 'psc_instance' + vars: + instance_name: 'psc-instance' + network_name: 'datafusion-psc-network' + subnet_name: 'datafusion-psc-subnet' + attachment_name: 'datafusion-psc-attachment' + prober_test_run: '' + test_vars_overrides: + 'prober_test_run': '`options = { prober_test_run = "true" }`' - name: 'data_fusion_instance_cmek' primary_resource_id: 'cmek' - primary_resource_name: 'cmek' vars: instance_name: 'my-instance' - name: 'data_fusion_instance_enterprise' primary_resource_id: 'enterprise_instance' - primary_resource_name: 'enterprise_instance' vars: instance_name: 'my-instance' prober_test_run: '' @@ -84,18 +91,17 @@ examples: 'prober_test_run': '`options = { prober_test_run = "true" }`' - name: 'data_fusion_instance_event' primary_resource_id: 'event' - primary_resource_name: 'event' vars: instance_name: 'my-instance' - name: 'data_fusion_instance_zone' primary_resource_id: 'zone' - primary_resource_name: 'zone' vars: instance_name: 'my-instance' parameters: - name: 'region' type: String - description: "The region of the Data Fusion instance." + description: | + The region of the Data Fusion instance. url_param_only: true required: false immutable: true @@ -104,14 +110,16 @@ parameters: properties: - name: 'name' type: String - description: "The ID of the instance or a fully qualified identifier for the instance." + description: | + The ID of the instance or a fully qualified identifier for the instance. required: true immutable: true custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' - name: 'description' type: String - description: "An optional description of the instance." + description: | + An optional description of the instance. immutable: true - name: 'type' type: Enum @@ -134,13 +142,16 @@ properties: - 'DEVELOPER' - name: 'enableStackdriverLogging' type: Boolean - description: "Option to enable Stackdriver Logging." + description: | + Option to enable Stackdriver Logging. - name: 'enableStackdriverMonitoring' type: Boolean - description: "Option to enable Stackdriver Monitoring." + description: | + Option to enable Stackdriver Monitoring. - name: 'enableRbac' type: Boolean - description: "Option to enable granular role-based access control." + description: | + Option to enable granular role-based access control. - name: 'labels' type: KeyValueLabels description: | @@ -149,7 +160,8 @@ properties: immutable: false - name: 'options' type: KeyValuePairs - description: "Map of additional options used to configure the behavior of Data Fusion instance." + description: | + Map of additional options used to configure the behavior of Data Fusion instance. immutable: true default_from_api: true diff_suppress_func: 'instanceOptionsDiffSuppress' @@ -183,19 +195,23 @@ properties: - 'RESTARTING' - name: 'stateMessage' type: String - description: "Additional information about the current state of this Data Fusion instance if available." + description: | + Additional information about the current state of this Data Fusion instance if available. output: true - name: 'serviceEndpoint' type: String - description: "Endpoint on which the Data Fusion UI and REST APIs are accessible." + description: | + Endpoint on which the Data Fusion UI and REST APIs are accessible. output: true - name: 'version' type: String - description: "Current version of the Data Fusion." + description: | + Current version of the Data Fusion. default_from_api: true - name: 'serviceAccount' type: String - description: "Service account which will be used to access resources in the customer project." + description: | + Service account which will be used to access resources in the customer project. min_version: 'beta' output: true deprecation_message: '`service_account` is deprecated and will be removed in a future major release. Instead, use `tenant_project_id` to extract the tenant project ID.' @@ -208,19 +224,23 @@ properties: immutable: true - name: 'dataprocServiceAccount' type: String - description: "User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines." + description: | + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. immutable: true - name: 'tenantProjectId' type: String - description: "The name of the tenant project." + description: | + The name of the tenant project. output: true - name: 'gcsBucket' type: String - description: "Cloud Storage bucket generated by Data Fusion in the customer project." + description: | + Cloud Storage bucket generated by Data Fusion in the customer project. output: true - name: 'networkConfig' type: NestedObject - description: "Network configuration options. These are required when a private Data Fusion instance is to be created." + description: | + Network configuration options. These are required when a private Data Fusion instance is to be created. immutable: true properties: - name: 'ipAllocation' @@ -228,7 +248,6 @@ properties: description: | The IP range in CIDR notation to use for the managed Data Fusion instance nodes. This range must not overlap with any other ranges used in the Data Fusion instance network. - required: true immutable: true - name: 'network' type: String @@ -236,46 +255,93 @@ properties: Name of the network in the project with which the tenant project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} - required: true immutable: true + - name: 'connectionType' + type: Enum + description: | + Optional. Type of connection for establishing private IP connectivity between the Data Fusion customer project VPC and + the corresponding tenant project from a predefined list of available connection modes. + If this field is unspecified for a private instance, VPC peering is used. + immutable: true + enum_values: + - 'VPC_PEERING' + - 'PRIVATE_SERVICE_CONNECT_INTERFACES' + - name: 'privateServiceConnectConfig' + type: NestedObject + description: | + Optional. Configuration for Private Service Connect. + This is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES. + immutable: true + properties: + - name: 'networkAttachment' + type: String + description: | + Optional. The reference to the network attachment used to establish private connectivity. + It will be of the form projects/{project-id}/regions/{region}/networkAttachments/{network-attachment-id}. + This is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES. + immutable: true + - name: 'unreachableCidrBlock' + type: String + description: | + Optional. Input only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC. + The size of this block should be at least /25. This range should not overlap with the primary address range of any subnetwork used by the network attachment. + This range can be used for other purposes in the consumer VPC as long as there is no requirement for CDF to reach destinations using these addresses. + If this value is not provided, the server chooses a non RFC 1918 address range. The format of this field is governed by RFC 4632. + immutable: true + ignore_read: true + - name: 'effectiveUnreachableCidrBlock' + type: String + description: | + Output only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC. + The size of this block is /25. The format of this field is governed by RFC 4632. + output: true - name: 'zone' type: String - description: "Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field." + description: | + Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field. immutable: true default_from_api: true - name: 'displayName' type: String - description: "Display name for an instance." + description: | + Display name for an instance. immutable: true - name: 'apiEndpoint' type: String - description: "Endpoint on which the REST APIs is accessible." + description: | + Endpoint on which the REST APIs is accessible. output: true - name: 'p4ServiceAccount' type: String - description: "P4 service account for the customer project." + description: | + P4 service account for the customer project. output: true - name: 'cryptoKeyConfig' type: NestedObject - description: "The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature." + description: | + The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature. immutable: true properties: - name: 'keyReference' type: String - description: "The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*." + description: | + The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*. required: true immutable: true - name: 'eventPublishConfig' type: NestedObject - description: "Option to enable and pass metadata for event publishing." + description: | + Option to enable and pass metadata for event publishing. properties: - name: 'enabled' type: Boolean - description: "Option to enable Event Publishing." + description: | + Option to enable Event Publishing. required: true - name: 'topic' type: String - description: "The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}" + description: | + The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id} required: true immutable: true - name: 'accelerators' @@ -286,10 +352,12 @@ properties: If accelerators are enabled it is possible a permadiff will be created with the Options field. Users will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes). item_type: + type: NestedObject properties: - name: 'acceleratorType' type: Enum - description: "The type of an accelator for a CDF instance." + description: | + The type of an accelator for a CDF instance. required: true enum_values: - 'CDC' @@ -303,4 +371,3 @@ properties: enum_values: - 'ENABLED' - 'DISABLED' - type: NestedObject diff --git a/mmv1/products/datapipeline/go_Pipeline.yaml b/mmv1/products/datapipeline/go_Pipeline.yaml new file mode 100644 index 000000000000..73850acb358f --- /dev/null +++ b/mmv1/products/datapipeline/go_Pipeline.yaml @@ -0,0 +1,410 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Pipeline' +description: | + The main pipeline entity and all the necessary metadata for launching and managing linked jobs. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dataflow' + api: 'https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines' +docs: +id_format: 'projects/{{project}}/locations/{{region}}/pipelines/{{name}}' +base_url: 'projects/{{project}}/locations/{{region}}/pipelines' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{region}}/pipelines/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'data_pipeline_pipeline' + primary_resource_id: 'primary' + primary_resource_name: 'fmt.Sprintf("tf-test-my-pipeline%s", context["random_suffix"])' + vars: + pipeline_name: 'my-pipeline' + account_id: 'my-account' + ignore_read_extra: + - 'schedule_info.0.next_job_time' +parameters: + - name: 'region' + type: String + description: 'A reference to the region' + url_param_only: true +properties: + - name: 'name' + type: String + description: | + "The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID." + "- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects." + "LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions." + "PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location." + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_). + - name: 'type' + type: Enum + description: | + The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype + required: true + enum_values: + - 'PIPELINE_TYPE_UNSPECIFIED' + - 'PIPELINE_TYPE_BATCH' + - 'PIPELINE_TYPE_STREAMING' + - name: 'state' + type: Enum + description: | + The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state + required: true + immutable: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'STATE_RESUMING' + - 'STATE_ACTIVE' + - 'STATE_STOPPING' + - 'STATE_ARCHIVED' + - 'STATE_PAUSED' + - name: 'createTime' + type: String + description: | + The timestamp when the pipeline was initially created. Set by the Data Pipelines service. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastUpdateTime' + type: String + description: | + The timestamp when the pipeline was last modified. Set by the Data Pipelines service. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'workload' + type: NestedObject + description: | + Workload information for creating new jobs. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload + properties: + - name: 'dataflowLaunchTemplateRequest' + type: NestedObject + description: | + Template information and additional parameters needed to launch a Dataflow job using the standard launch API. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest + properties: + - name: 'projectId' + type: String + description: | + The ID of the Cloud Platform project that the job belongs to. + required: true + - name: 'validateOnly' + type: Boolean + description: | + - name: 'launchParameters' + type: NestedObject + description: | + The parameters of the template to launch. This should be part of the body of the POST request. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters + properties: + - name: 'jobName' + type: String + description: | + The job name to use for the created job. + required: true + - name: 'parameters' + type: KeyValuePairs + description: | + The runtime parameters to pass to the job. + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'environment' + type: NestedObject + description: | + The runtime environment for the job. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment + properties: + - name: 'numWorkers' + type: Integer + description: | + The initial number of Compute Engine instances for the job. + - name: 'maxWorkers' + type: Integer + description: | + The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000. + - name: 'zone' + type: String + description: | + The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence. + - name: 'serviceAccountEmail' + type: String + description: | + The email address of the service account to run the job as. + - name: 'tempLocation' + type: String + description: | + The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://. + - name: 'bypassTempDirValidation' + type: Boolean + description: | + Whether to bypass the safety checks for the job's temporary directory. Use with caution. + - name: 'machineType' + type: String + description: | + The machine type to use for the job. Defaults to the value from the template if not specified. + - name: 'additionalExperiments' + type: Array + description: | + Additional experiment flags for the job. + item_type: + type: String + - name: 'network' + type: String + description: | + Network to which VMs will be assigned. If empty or unspecified, the service will use the network "default". + default_from_api: true + - name: 'subnetwork' + type: String + description: | + Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form "https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK" or "regions/REGION/subnetworks/SUBNETWORK". If the subnetwork is located in a Shared VPC network, you must use the complete URL. + - name: 'additionalUserLabels' + type: KeyValuePairs + description: | + Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs. + 'Example: { "name": "wrench", "mass": "1kg", "count": "3" }.' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'kmsKeyName' + type: String + description: | + 'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/' + - name: 'ipConfiguration' + type: Enum + description: | + Configuration for VM IPs. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration + enum_values: + - 'WORKER_IP_UNSPECIFIED' + - 'WORKER_IP_PUBLIC' + - 'WORKER_IP_PRIVATE' + - name: 'workerRegion' + type: String + description: | + The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. "us-west1". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region. + - name: 'workerZone' + type: String + description: | + The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. "us-west1-a". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence. + - name: 'enableStreamingEngine' + type: Boolean + description: | + Whether to enable Streaming Engine for the job. + - name: 'update' + type: Boolean + description: | + If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state. + - name: 'transformNameMapping' + type: KeyValuePairs + description: | + Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline. + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'location' + type: String + description: | + The regional endpoint to which to direct the request. + - name: 'gcsPath' + type: String + description: | + A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'. + - name: 'dataflowFlexTemplateRequest' + type: NestedObject + description: | + Template information and additional parameters needed to launch a Dataflow job using the flex launch API. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest + properties: + - name: 'projectId' + type: String + description: | + The ID of the Cloud Platform project that the job belongs to. + required: true + - name: 'launchParameter' + type: NestedObject + description: | + Parameter to launch a job from a Flex Template. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter + required: true + properties: + - name: 'jobName' + type: String + description: | + The job name to use for the created job. For an update job request, the job name should be the same as the existing running job. + required: true + - name: 'parameters' + type: KeyValuePairs + description: | + 'The parameters for the Flex Template. Example: {"numWorkers":"5"}' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'launchOptions' + type: KeyValuePairs + description: | + Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters. + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'environment' + type: NestedObject + description: | + The runtime environment for the Flex Template job. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment + properties: + - name: 'numWorkers' + type: Integer + description: | + The initial number of Compute Engine instances for the job. + - name: 'maxWorkers' + type: Integer + description: | + The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000. + - name: 'zone' + type: String + description: | + The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence. + - name: 'serviceAccountEmail' + type: String + description: | + The email address of the service account to run the job as. + - name: 'tempLocation' + type: String + description: | + The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://. + - name: 'machineType' + type: String + description: | + The machine type to use for the job. Defaults to the value from the template if not specified. + - name: 'additionalExperiments' + type: Array + description: | + Additional experiment flags for the job. + item_type: + type: String + - name: 'network' + type: String + description: | + Network to which VMs will be assigned. If empty or unspecified, the service will use the network "default". + - name: 'subnetwork' + type: String + description: | + Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form "https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK" or "regions/REGION/subnetworks/SUBNETWORK". If the subnetwork is located in a Shared VPC network, you must use the complete URL. + - name: 'additionalUserLabels' + type: KeyValuePairs + description: | + Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs. + 'Example: { "name": "wrench", "mass": "1kg", "count": "3" }.' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'kmsKeyName' + type: String + description: | + 'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/' + - name: 'ipConfiguration' + type: Enum + description: | + Configuration for VM IPs. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration + enum_values: + - 'WORKER_IP_UNSPECIFIED' + - 'WORKER_IP_PUBLIC' + - 'WORKER_IP_PRIVATE' + - name: 'workerRegion' + type: String + description: | + The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. "us-west1". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region. + - name: 'workerZone' + type: String + description: | + The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. "us-west1-a". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence. + - name: 'enableStreamingEngine' + type: Boolean + description: | + Whether to enable Streaming Engine for the job. + - name: 'flexrsGoal' + type: Enum + description: | + Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal + enum_values: + - 'FLEXRS_UNSPECIFIED' + - 'FLEXRS_SPEED_OPTIMIZED' + - 'FLEXRS_COST_OPTIMIZED' + - name: 'update' + type: Boolean + description: | + Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job. + - name: 'transformNameMappings' + type: KeyValuePairs + description: | + 'Use this to pass transform name mappings for streaming update jobs. Example: {"oldTransformName":"newTransformName",...}' + 'An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.' + - name: 'containerSpecGcsPath' + type: String + description: | + Cloud Storage path to a file with a JSON-serialized ContainerSpec as content. + - name: 'location' + type: String + description: | + The regional endpoint to which to direct the request. For example, us-central1, us-west1. + required: true + - name: 'validateOnly' + type: Boolean + description: | + If true, the request is validated but not actually executed. Defaults to false. + - name: 'scheduleInfo' + type: NestedObject + description: | + Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally. + https://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec + properties: + - name: 'schedule' + type: String + description: | + Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler. + - name: 'timeZone' + type: String + description: | + Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed. + default_value: "UTC" + - name: 'nextJobTime' + type: String + description: | + When the next Scheduler job is going to run. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'jobCount' + type: Integer + description: | + Number of jobs. + output: true + - name: 'schedulerServiceAccountEmail' + type: String + description: | + Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used. + immutable: true + default_from_api: true + - name: 'pipelineSources' + type: KeyValuePairs + description: | + The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + immutable: true diff --git a/mmv1/products/datapipeline/go_product.yaml b/mmv1/products/datapipeline/go_product.yaml new file mode 100644 index 000000000000..ef537231d988 --- /dev/null +++ b/mmv1/products/datapipeline/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DataPipeline' +display_name: 'DataPipeline' +versions: + - name: 'ga' + base_url: 'https://datapipelines.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/dataplex/Datascan.yaml b/mmv1/products/dataplex/Datascan.yaml index c3900509e163..c1c71bed0dc2 100644 --- a/mmv1/products/dataplex/Datascan.yaml +++ b/mmv1/products/dataplex/Datascan.yaml @@ -428,6 +428,16 @@ properties: required: true description: | The SQL expression. + - !ruby/object:Api::Type::NestedObject + name: 'sqlAssertion' + description: | + Table rule which evaluates whether any row matches invalid state. + properties: + - !ruby/object:Api::Type::String + name: 'sqlStatement' + required: true + description: | + The SQL statement. - !ruby/object:Api::Type::NestedObject name: 'dataProfileSpec' allow_empty_object: true diff --git a/mmv1/products/dataplex/go_AspectType.yaml b/mmv1/products/dataplex/go_AspectType.yaml new file mode 100644 index 000000000000..a5f93176cba3 --- /dev/null +++ b/mmv1/products/dataplex/go_AspectType.yaml @@ -0,0 +1,138 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AspectType' +description: | + An Aspect Type is a template for creating Aspects. +docs: +base_url: 'projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}' +self_link: 'projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/aspectTypes?aspectTypeId={{aspect_type_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}' +timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +iam_policy: + skip_import_test: true + method_name_separator: ':' + parent_resource_attribute: 'aspect_type_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/aspectTypes/{{aspect_type_id}}' + - '{{aspect_type_id}}' +custom_code: +examples: + - name: 'dataplex_aspect_type_basic' + primary_resource_id: 'test_aspect_type_basic' + primary_resource_name: 'fmt.Sprintf("tf-test-aspect-type%s", context["random_suffix"])' + vars: + aspect_type_name: 'aspect-type-basic' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_aspect_type_full' + primary_resource_id: 'test_aspect_type_full' + primary_resource_name: 'fmt.Sprintf("tf-test-aspect-type%s", context["random_suffix"])' + vars: + aspect_type_name: 'aspect-type-full' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: + - name: 'location' + type: String + description: | + The location where aspect type will be created in. + url_param_only: true + immutable: true + - name: 'aspectTypeId' + type: String + description: | + The aspect type id of the aspect type. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The relative resource name of the AspectType, of the form: projects/{project_number}/locations/{location_id}/aspectTypes/{aspect_type_id} + output: true + - name: 'uid' + type: String + description: | + System generated globally unique ID for the AspectType. This ID will be different if the AspectType is deleted and re-created with the same name. + output: true + - name: 'createTime' + type: Time + description: | + The time when the AspectType was created. + output: true + - name: 'updateTime' + type: Time + description: | + The time when the AspectType was last updated. + output: true + - name: 'description' + type: String + description: | + Description of the AspectType. + - name: 'displayName' + type: String + description: | + User friendly display name. + - name: 'labels' + type: KeyValueLabels + description: | + User-defined labels for the AspectType. + immutable: false + - name: 'metadataTemplate' + type: String + description: | + MetadataTemplate of the Aspect. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'transferStatus' + type: Enum + description: | + Denotes the transfer status of the Aspect Type. It is unspecified + for Aspect Type created from Dataplex API. + output: true + enum_values: + - 'TRANSFER_STATUS_UNSPECIFIED' + - 'TRANSFER_STATUS_MIGRATED' + - 'TRANSFER_STATUS_TRANSFERRED' diff --git a/mmv1/products/dataplex/go_Asset.yaml b/mmv1/products/dataplex/go_Asset.yaml new file mode 100644 index 000000000000..cf983c3187c4 --- /dev/null +++ b/mmv1/products/dataplex/go_Asset.yaml @@ -0,0 +1,47 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Asset' +description: | + Only used to generate IAM resources +exclude_resource: true +docs: +base_url: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'asset' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}' + - '{{name}}' +custom_code: +examples: + - name: 'dataplex_asset_primary' + primary_resource_id: 'example' + primary_resource_name: 'fmt.Sprintf("tf-test-lake%s", context["random_suffix"]), fmt.Sprintf("tf-test-zone%s", context["random_suffix"]), fmt.Sprintf("tf-test-asset%s", context["random_suffix"])' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: +properties: + - name: 'name' + type: String + description: | + Dummy property. + output: true diff --git a/mmv1/products/dataplex/go_Datascan.yaml b/mmv1/products/dataplex/go_Datascan.yaml new file mode 100644 index 000000000000..04e2f29b6bc9 --- /dev/null +++ b/mmv1/products/dataplex/go_Datascan.yaml @@ -0,0 +1,505 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Datascan' +description: | + Represents a user-visible job which provides the insights for the related data source. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dataplex/docs' + api: 'https://cloud.google.com/dataplex/docs/reference/rest' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/dataScans' +self_link: 'projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/dataScans?dataScanId={{data_scan_id}}' +update_verb: 'PATCH' +update_mask: true + +read_query_params: '?view=FULL' +import_format: + - 'projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}' + - '{{data_scan_id}}' +timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'data_scan_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}' + - '{{data_scan_id}}' +custom_code: +examples: + - name: 'dataplex_datascan_basic_profile' + primary_resource_id: 'basic_profile' + primary_resource_name: 'fmt.Sprintf("tf-test-dataprofile-basic%s", context["random_suffix"])' + vars: + datascan_name: 'dataprofile-basic' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_datascan_full_profile' + primary_resource_id: 'full_profile' + vars: + dataset_name: 'dataplex_dataset' + datascan_name: 'dataprofile-full' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_datascan_basic_quality' + primary_resource_id: 'basic_quality' + vars: + datascan_name: 'dataquality-basic' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_datascan_full_quality' + primary_resource_id: 'full_quality' + vars: + datascan_name: 'dataquality-full' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: + - name: 'location' + type: String + description: | + The location where the data scan should reside. + url_param_only: true + required: true + immutable: true + - name: 'dataScanId' + type: String + description: | + DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region. + output: true + - name: 'uid' + type: String + description: | + System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name. + output: true + - name: 'description' + type: String + description: | + Description of the scan. + - name: 'displayName' + type: String + description: | + User friendly display name. + - name: 'labels' + type: KeyValueLabels + description: | + User-defined labels for the scan. A list of key->value pairs. + immutable: false + - name: 'state' + type: Enum + description: | + Current state of the DataScan. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'ACTIVE' + - 'CREATING' + - 'DELETING' + - 'ACTION_REQUIRED' + - name: 'createTime' + type: String + description: | + The time when the scan was created. + output: true + - name: 'updateTime' + type: String + description: | + The time when the scan was last updated. + output: true + - name: 'data' + type: NestedObject + description: | + The data source for DataScan. + required: true + immutable: true + properties: + - name: 'entity' + type: String + description: | + The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan. + immutable: true + exactly_one_of: + - 'data.0.entity' + - 'data.0.resource' + - name: 'resource' + type: String + description: | + The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be: + (Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type "TABLE" for DataProfileScan/DataQualityScan. + immutable: true + exactly_one_of: + - 'data.0.entity' + - 'data.0.resource' + - name: 'executionSpec' + type: NestedObject + description: | + DataScan execution settings. + required: true + properties: + - name: 'trigger' + type: NestedObject + description: | + Spec related to how often and when a scan should be triggered. + required: true + properties: + - name: 'onDemand' + type: NestedObject + description: | + The scan runs once via dataScans.run API. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'execution_spec.0.trigger.0.on_demand' + - 'execution_spec.0.trigger.0.schedule' + properties: + [] + - name: 'schedule' + type: NestedObject + description: | + The scan is scheduled to run periodically. + exactly_one_of: + - 'execution_spec.0.trigger.0.on_demand' + - 'execution_spec.0.trigger.0.schedule' + properties: + - name: 'cron' + type: String + description: + Cron schedule for running scans periodically. This field is + required for Schedule scans. + required: true + - name: 'field' + type: String + description: | + The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table. + immutable: true + - name: 'executionStatus' + type: NestedObject + description: | + Status of the data scan execution. + output: true + properties: + - name: 'latestJobEndTime' + type: String + description: | + The time when the latest DataScanJob started. + output: true + - name: 'latestJobStartTime' + type: String + description: | + The time when the latest DataScanJob ended. + output: true + - name: 'type' + type: Enum + description: | + The type of DataScan. + output: true + enum_values: + - 'DATA_SCAN_TYPE_UNSPECIFIED' + - 'DATA_QUALITY' + - 'DATA_PROFILE' + - name: 'dataQualitySpec' + type: NestedObject + description: | + DataQualityScan related setting. + exactly_one_of: + - 'data_quality_spec' + - 'data_profile_spec' + properties: + - name: 'samplingPercent' + type: Double + description: | + The percentage of the records to be selected from the dataset for DataScan. + Value can range between 0.0 and 100.0 with up to 3 significant decimal digits. + Sampling is not applied if `sampling_percent` is not specified, 0 or 100. + - name: 'rowFilter' + type: String + description: | + A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 >= 0 AND col2 < 10 + - name: 'postScanActions' + type: NestedObject + description: | + Actions to take upon job completion. + properties: + - name: 'bigqueryExport' + type: NestedObject + description: | + If set, results will be exported to the provided BigQuery table. + properties: + - name: 'resultsTable' + type: String + description: | + The BigQuery table to export DataQualityScan results to. + Format://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID + - name: 'rules' + type: Array + description: | + The list of rules to evaluate against a data source. At least one rule is required. + item_type: + type: NestedObject + properties: + - name: 'column' + type: String + description: | + The unnested column which this rule is evaluated against. + - name: 'ignoreNull' + type: Boolean + description: | + Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules. + - name: 'dimension' + type: String + description: | + The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are ["COMPLETENESS", "ACCURACY", "CONSISTENCY", "VALIDITY", "UNIQUENESS", "INTEGRITY"] + required: true + - name: 'threshold' + type: Double + description: | + The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0). + - name: 'name' + type: String + description: | + A mutable name for the rule. + The name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-). + The maximum length is 63 characters. + Must start with a letter. + Must end with a number or a letter. + - name: 'description' + type: String + description: | + Description of the rule. + The maximum length is 1,024 characters. + - name: 'rangeExpectation' + type: NestedObject + description: | + ColumnMap rule which evaluates whether each column value lies between a specified range. + properties: + - name: 'minValue' + type: String + description: | + The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided. + - name: 'maxValue' + type: String + description: | + The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided. + - name: 'strictMinEnabled' + type: Boolean + description: | + Whether each value needs to be strictly greater than ('>') the minimum, or if equality is allowed. + Only relevant if a minValue has been defined. Default = false. + default_value: false + - name: 'strictMaxEnabled' + type: Boolean + description: | + Whether each value needs to be strictly lesser than ('<') the maximum, or if equality is allowed. + Only relevant if a maxValue has been defined. Default = false. + default_value: false + - name: 'nonNullExpectation' + type: NestedObject + description: | + ColumnMap rule which evaluates whether each column value is null. + send_empty_value: true + allow_empty_object: true + properties: + [] + - name: 'setExpectation' + type: NestedObject + description: | + ColumnMap rule which evaluates whether each column value is contained by a specified set. + properties: + - name: 'values' + type: Array + description: | + Expected values for the column value. + required: true + item_type: + type: String + - name: 'regexExpectation' + type: NestedObject + description: | + ColumnMap rule which evaluates whether each column value matches a specified regex. + properties: + - name: 'regex' + type: String + description: | + A regular expression the column value is expected to match. + required: true + - name: 'uniquenessExpectation' + type: NestedObject + description: | + Row-level rule which evaluates whether each column value is unique. + send_empty_value: true + allow_empty_object: true + properties: + [] + - name: 'statisticRangeExpectation' + type: NestedObject + description: | + ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range. + properties: + - name: 'statistic' + type: Enum + description: | + column statistics. + required: true + enum_values: + - 'STATISTIC_UNDEFINED' + - 'MEAN' + - 'MIN' + - 'MAX' + - name: 'minValue' + type: String + description: | + The minimum column statistic value allowed for a row to pass this validation. + At least one of minValue and maxValue need to be provided. + - name: 'maxValue' + type: String + description: | + The maximum column statistic value allowed for a row to pass this validation. + At least one of minValue and maxValue need to be provided. + - name: 'strictMinEnabled' + type: Boolean + description: | + Whether column statistic needs to be strictly greater than ('>') the minimum, or if equality is allowed. + Only relevant if a minValue has been defined. Default = false. + default_value: false + - name: 'strictMaxEnabled' + type: Boolean + description: | + Whether column statistic needs to be strictly lesser than ('<') the maximum, or if equality is allowed. + Only relevant if a maxValue has been defined. Default = false. + default_value: false + - name: 'rowConditionExpectation' + type: NestedObject + description: | + Table rule which evaluates whether each row passes the specified condition. + properties: + - name: 'sqlExpression' + type: String + description: | + The SQL expression. + required: true + - name: 'tableConditionExpectation' + type: NestedObject + description: | + Table rule which evaluates whether the provided expression is true. + properties: + - name: 'sqlExpression' + type: String + description: | + The SQL expression. + required: true + - name: 'sqlAssertion' + type: NestedObject + description: | + Table rule which evaluates whether any row matches invalid state. + properties: + - name: 'sqlStatement' + type: String + description: | + The SQL statement. + required: true + min_size: 1 + - name: 'dataProfileSpec' + type: NestedObject + description: | + DataProfileScan related setting. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'data_quality_spec' + - 'data_profile_spec' + properties: + - name: 'samplingPercent' + type: Double + description: | + The percentage of the records to be selected from the dataset for DataScan. + Value can range between 0.0 and 100.0 with up to 3 significant decimal digits. + Sampling is not applied if `sampling_percent` is not specified, 0 or 100. + - name: 'rowFilter' + type: String + description: | + A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 >= 0 AND col2 < 10 + - name: 'postScanActions' + type: NestedObject + description: | + Actions to take upon job completion. + properties: + - name: 'bigqueryExport' + type: NestedObject + description: | + If set, results will be exported to the provided BigQuery table. + properties: + - name: 'resultsTable' + type: String + description: | + The BigQuery table to export DataProfileScan results to. + Format://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID + - name: 'includeFields' + type: NestedObject + description: | + The fields to include in data profile. + If not specified, all fields at the time of profile scan job execution are included, except for ones listed in `exclude_fields`. + properties: + - name: 'fieldNames' + type: Array + description: | + Expected input is a list of fully qualified names of fields as in the schema. + Only top-level field names for nested fields are supported. + For instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'. + item_type: + type: String + - name: 'excludeFields' + type: NestedObject + description: | + The fields to exclude from data profile. + If specified, the fields will be excluded from data profile, regardless of `include_fields` value. + properties: + - name: 'fieldNames' + type: Array + description: | + Expected input is a list of fully qualified names of fields as in the schema. + Only top-level field names for nested fields are supported. + For instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'. + item_type: + type: String diff --git a/mmv1/products/dataplex/go_EntryGroup.yaml b/mmv1/products/dataplex/go_EntryGroup.yaml new file mode 100644 index 000000000000..277c3c61a44c --- /dev/null +++ b/mmv1/products/dataplex/go_EntryGroup.yaml @@ -0,0 +1,129 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EntryGroup' +description: | + An Entry Group represents a logical grouping of one or more Entries. +docs: +base_url: 'projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}' +self_link: 'projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/entryGroups?entryGroupId={{entry_group_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}' +timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +iam_policy: + skip_import_test: true + method_name_separator: ':' + parent_resource_attribute: 'entry_group_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/entryGroups/{{entry_group_id}}' + - '{{entry_group_id}}' +custom_code: +examples: + - name: 'dataplex_entry_group_basic' + primary_resource_id: 'test_entry_group_basic' + primary_resource_name: 'fmt.Sprintf("tf-test-entry-group%s", context["random_suffix"])' + vars: + entry_group_name: 'entry-group-basic' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_entry_group_full' + primary_resource_id: 'test_entry_group_full' + primary_resource_name: 'fmt.Sprintf("tf-test-entry-group%s", context["random_suffix"])' + vars: + entry_group_name: 'entry-group-full' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: + - name: 'location' + type: String + description: | + The location where entry group will be created in. + url_param_only: true + immutable: true + - name: 'entryGroupId' + type: String + description: | + The entry group id of the entry group. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The relative resource name of the EntryGroup, of the form: projects/{project_number}/locations/{location_id}/entryGroups/{entry_group_id} + output: true + - name: 'uid' + type: String + description: | + System generated globally unique ID for the EntryGroup. This ID will be different if the EntryGroup is deleted and re-created with the same name. + output: true + - name: 'createTime' + type: Time + description: | + The time when the EntryGroup was created. + output: true + - name: 'updateTime' + type: Time + description: | + The time when the EntryGroup was last updated. + output: true + - name: 'description' + type: String + description: | + Description of the EntryGroup. + - name: 'displayName' + type: String + description: | + User friendly display name. + - name: 'labels' + type: KeyValueLabels + description: | + User-defined labels for the EntryGroup. + immutable: false + - name: 'transferStatus' + type: Enum + description: | + Denotes the transfer status of the Entry Group. It is unspecified + for Entry Group created from Dataplex API. + output: true + enum_values: + - 'TRANSFER_STATUS_UNSPECIFIED' + - 'TRANSFER_STATUS_MIGRATED' + - 'TRANSFER_STATUS_TRANSFERRED' diff --git a/mmv1/products/dataplex/go_EntryType.yaml b/mmv1/products/dataplex/go_EntryType.yaml new file mode 100644 index 000000000000..ec0e7fdec87d --- /dev/null +++ b/mmv1/products/dataplex/go_EntryType.yaml @@ -0,0 +1,144 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EntryType' +description: | + An Entry Type is a template for creating Entries. +docs: +base_url: 'projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}' +self_link: 'projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/entryTypes?entryTypeId={{entry_type_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}' +timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +iam_policy: + skip_import_test: true + method_name_separator: ':' + parent_resource_attribute: 'entry_type_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/entryTypes/{{entry_type_id}}' + - '{{entry_type_id}}' +custom_code: +examples: + - name: 'dataplex_entry_type_basic' + primary_resource_id: 'test_entry_type_basic' + primary_resource_name: 'fmt.Sprintf("tf-test-entry-type%s", context["random_suffix"])' + vars: + entry_type_name: 'entry-type-basic' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_entry_type_full' + primary_resource_id: 'test_entry_type_full' + primary_resource_name: 'fmt.Sprintf("tf-test-entry-type%s", context["random_suffix"])' + vars: + entry_type_name: 'entry-type-full' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: + - name: 'location' + type: String + description: | + The location where entry type will be created in. + url_param_only: true + immutable: true + - name: 'entryTypeId' + type: String + description: | + The entry type id of the entry type. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The relative resource name of the EntryType, of the form: projects/{project_number}/locations/{location_id}/entryTypes/{entry_type_id} + output: true + - name: 'uid' + type: String + description: | + System generated globally unique ID for the EntryType. This ID will be different if the EntryType is deleted and re-created with the same name. + output: true + - name: 'createTime' + type: Time + description: | + The time when the EntryType was created. + output: true + - name: 'updateTime' + type: Time + description: | + The time when the EntryType was last updated. + output: true + - name: 'description' + type: String + description: | + Description of the EntryType. + - name: 'displayName' + type: String + description: | + User friendly display name. + - name: 'labels' + type: KeyValueLabels + description: | + User-defined labels for the EntryType. + immutable: false + - name: 'typeAliases' + type: Array + description: | + Indicates the class this Entry Type belongs to, for example, TABLE, DATABASE, MODEL. + item_type: + type: String + - name: 'platform' + type: String + description: | + The platform that Entries of this type belongs to. + - name: 'system' + type: String + description: | + The system that Entries of this type belongs to. + - name: 'requiredAspects' + type: Array + description: | + AspectInfo for the entry type. + item_type: + type: NestedObject + properties: + - name: 'type' + type: String + description: | + Required aspect type for the entry type. diff --git a/mmv1/products/dataplex/go_Lake.yaml b/mmv1/products/dataplex/go_Lake.yaml new file mode 100644 index 000000000000..2258093ed721 --- /dev/null +++ b/mmv1/products/dataplex/go_Lake.yaml @@ -0,0 +1,47 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Lake' +description: | + Only used to generate IAM resources +exclude_resource: true +docs: +base_url: 'projects/{{project}}/locations/{{location}}/lakes/{{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/lakes/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'lake' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/lakes/{{name}}' + - '{{name}}' +custom_code: +examples: + - name: 'dataplex_lake_primary' + primary_resource_id: 'example' + primary_resource_name: 'fmt.Sprintf("tf-test-lake%s", context["random_suffix"])' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: +properties: + - name: 'name' + type: String + description: | + Dummy property. + output: true diff --git a/mmv1/products/dataplex/go_Task.yaml b/mmv1/products/dataplex/go_Task.yaml new file mode 100644 index 000000000000..31b40da3cf09 --- /dev/null +++ b/mmv1/products/dataplex/go_Task.yaml @@ -0,0 +1,508 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Task' +description: | + A Dataplex task represents the work that you want Dataplex to do on a schedule. It encapsulates code, parameters, and the schedule. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dataplex/docs' + api: 'https://cloud.google.com/dataplex/docs/reference/rest/v1/projects.locations.lakes.tasks' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}' +self_link: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks?task_id={{task_id}}' +update_url: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}' +update_verb: 'PATCH' +update_mask: true +delete_url: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}' +import_format: + - 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}' +timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'task_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}' + - '{{task_id}}' +custom_code: +examples: + - name: 'dataplex_task_basic' + primary_resource_id: 'example' + primary_resource_name: 'fmt.Sprintf("tf-test-lake%s", context["random_suffix"]), fmt.Sprintf("tf-test-task%s", context["random_suffix"])' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_task_spark' + primary_resource_id: 'example_spark' + primary_resource_name: 'fmt.Sprintf("tf-test-lake%s", context["random_suffix"]), fmt.Sprintf("tf-test-task%s", context["random_suffix"])' + test_env_vars: + project_name: 'PROJECT_NAME' + - name: 'dataplex_task_notebook' + primary_resource_id: 'example_notebook' + primary_resource_name: 'fmt.Sprintf("tf-test-lake%s", context["random_suffix"]), fmt.Sprintf("tf-test-task%s", context["random_suffix"])' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: + - name: 'location' + type: String + description: | + The location in which the task will be created in. + url_param_only: true + immutable: true + - name: 'lake' + type: String + description: | + The lake in which the task will be created in. + url_param_only: true + immutable: true + - name: 'taskId' + type: String + description: | + The task Id of the task. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}. + output: true + - name: 'uid' + type: String + description: | + System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name. + output: true + - name: 'createTime' + type: Time + description: | + The time when the task was created. + output: true + - name: 'updateTime' + type: Time + description: | + The time when the task was last updated. + output: true + - name: 'description' + type: String + description: | + User-provided description of the task. + - name: 'displayName' + type: String + description: | + User friendly display name. + - name: 'state' + type: Enum + description: | + Current state of the task. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'ACTIVE' + - 'CREATING' + - 'DELETING' + - 'ACTION_REQUIRED' + - name: 'labels' + type: KeyValueLabels + description: | + User-defined labels for the task. + immutable: false + - name: 'triggerSpec' + type: NestedObject + description: | + Configuration for the cluster + required: true + properties: + - name: 'type' + type: Enum + description: | + Trigger type of the user-specified Task + required: true + immutable: true + enum_values: + - 'ON_DEMAND' + - 'RECURRING' + - name: 'startTime' + type: Time + description: | + The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING. + - name: 'disabled' + type: Boolean + description: | + Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks. + - name: 'maxRetries' + type: Integer + description: | + Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task. + - name: 'schedule' + type: String + description: | + Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks. + - name: 'executionSpec' + type: NestedObject + description: | + Configuration for the cluster + required: true + properties: + - name: 'args' + type: KeyValuePairs + description: | + The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }. + - name: 'serviceAccount' + type: String + description: | + Service account to use to execute a task. If not provided, the default Compute service account for the project is used. + required: true + - name: 'project' + type: String + description: | + The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project. + - name: 'maxJobExecutionLifetime' + type: String + description: | + The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'. + - name: 'kmsKey' + type: String + description: | + The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}. + - name: 'executionStatus' + type: NestedObject + description: | + Configuration for the cluster + output: true + properties: + - name: 'updateTime' + type: String + description: | + Last update time of the status. + output: true + - name: 'latestJob' + type: NestedObject + description: | + latest job execution. + output: true + properties: + - name: 'name' + type: String + description: | + The relative resource name of the job, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/tasks/{taskId}/jobs/{jobId}. + output: true + - name: 'uid' + type: String + description: | + System generated globally unique ID for the job. + output: true + - name: 'startTime' + type: Time + description: | + The time when the job was started. + output: true + - name: 'endTime' + type: Time + description: | + The time when the job ended. + output: true + - name: 'state' + type: Enum + description: | + Execution state for the job. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'RUNNING' + - 'CANCELLING' + - 'CANCELLED' + - 'SUCCEEDED' + - 'FAILED' + - 'ABORTED' + - name: 'retryCount' + type: Integer + description: | + The number of times the job has been retried (excluding the initial attempt). + output: true + - name: 'service' + type: Enum + description: | + The underlying service running a job. + output: true + enum_values: + - 'SERVICE_UNSPECIFIED' + - 'DATAPROC' + - name: 'serviceJob' + type: String + description: | + The full resource name for the job run under a particular service. + output: true + - name: 'message' + type: String + description: | + Additional information about the current state. + output: true + - name: 'spark' + type: NestedObject + description: | + A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. + exactly_one_of: + - 'spark' + - 'notebook' + properties: + - name: 'fileUris' + type: Array + description: | + Cloud Storage URIs of files to be placed in the working directory of each executor. + item_type: + type: String + - name: 'archiveUris' + type: Array + description: | + Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + item_type: + type: String + - name: 'infrastructureSpec' + type: NestedObject + description: | + Infrastructure specification for the execution. + properties: + - name: 'batch' + type: NestedObject + description: | + Compute resources needed for a Task when using Dataproc Serverless. + properties: + - name: 'executorsCount' + type: Integer + description: | + Total number of job executors. Executor Count should be between 2 and 100. [Default=2] + default_value: 2 + - name: 'maxExecutorsCount' + type: Integer + description: | + Max configurable executors. If maxExecutorsCount > executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000] + default_value: 1000 + - name: 'containerImage' + type: NestedObject + description: | + Container Image Runtime Configuration. + properties: + - name: 'image' + type: String + description: | + Container image to use. + - name: 'javaJars' + type: Array + description: | + A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar + item_type: + type: String + - name: 'pythonPackages' + type: Array + description: | + A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz + item_type: + type: String + - name: 'properties' + type: KeyValuePairs + description: | + Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties. + - name: 'vpcNetwork' + type: NestedObject + description: | + Vpc network. + properties: + - name: 'networkTags' + type: Array + description: | + List of network tags to apply to the job. + item_type: + type: String + - name: 'network' + type: String + description: | + The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used. + exactly_one_of: + - 'network' + - 'subNetwork' + - name: 'subNetwork' + type: String + description: | + The Cloud VPC sub-network in which the job is run. + exactly_one_of: + - 'network' + - 'subNetwork' + - name: 'mainJarFileUri' + type: String + description: | + The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value). + exactly_one_of: + - 'mainJarFileUri' + - 'mainClass' + - 'pythonScriptFile' + - 'sqlScriptFile' + - 'sqlScript' + - name: 'mainClass' + type: String + description: | + The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value). + exactly_one_of: + - 'mainJarFileUri' + - 'mainClass' + - 'pythonScriptFile' + - 'sqlScriptFile' + - 'sqlScript' + - name: 'pythonScriptFile' + type: String + description: | + The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value). + exactly_one_of: + - 'mainJarFileUri' + - 'mainClass' + - 'pythonScriptFile' + - 'sqlScriptFile' + - 'sqlScript' + - name: 'sqlScriptFile' + type: String + description: | + A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';). + exactly_one_of: + - 'mainJarFileUri' + - 'mainClass' + - 'pythonScriptFile' + - 'sqlScriptFile' + - 'sqlScript' + - name: 'sqlScript' + type: String + description: | + The query text. The execution args are used to declare a set of script variables (set key='value';). + exactly_one_of: + - 'mainJarFileUri' + - 'mainClass' + - 'pythonScriptFile' + - 'sqlScriptFile' + - 'sqlScript' + - name: 'notebook' + type: NestedObject + description: | + A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. + exactly_one_of: + - 'spark' + - 'notebook' + properties: + - name: 'notebook' + type: String + description: | + Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value). + required: true + - name: 'infrastructureSpec' + type: NestedObject + description: | + Infrastructure specification for the execution. + properties: + - name: 'batch' + type: NestedObject + description: | + Compute resources needed for a Task when using Dataproc Serverless. + properties: + - name: 'executorsCount' + type: Integer + description: | + Total number of job executors. Executor Count should be between 2 and 100. [Default=2] + default_value: 2 + - name: 'maxExecutorsCount' + type: Integer + description: | + Max configurable executors. If maxExecutorsCount > executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000] + default_value: 1000 + - name: 'containerImage' + type: NestedObject + description: | + Container Image Runtime Configuration. + properties: + - name: 'image' + type: String + description: | + Container image to use. + - name: 'javaJars' + type: Array + description: | + A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar + item_type: + type: String + - name: 'pythonPackages' + type: Array + description: | + A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz + item_type: + type: String + - name: 'properties' + type: KeyValuePairs + description: | + Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties. + - name: 'vpcNetwork' + type: NestedObject + description: | + Vpc network. + properties: + - name: 'networkTags' + type: Array + description: | + List of network tags to apply to the job. + item_type: + type: String + - name: 'network' + type: String + description: | + The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used. + exactly_one_of: + - 'network' + - 'subNetwork' + - name: 'subNetwork' + type: String + description: | + The Cloud VPC sub-network in which the job is run. + exactly_one_of: + - 'network' + - 'subNetwork' + - name: 'fileUris' + type: Array + description: | + Cloud Storage URIs of files to be placed in the working directory of each executor. + item_type: + type: String + - name: 'archiveUris' + type: Array + description: | + Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + item_type: + type: String diff --git a/mmv1/products/dataplex/go_Zone.yaml b/mmv1/products/dataplex/go_Zone.yaml new file mode 100644 index 000000000000..98a1024dd790 --- /dev/null +++ b/mmv1/products/dataplex/go_Zone.yaml @@ -0,0 +1,48 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Zone' +description: | + Only used to generate IAM resources +exclude_resource: true +docs: +base_url: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'dataplex_zone' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}' + - '{{name}}' + substitute_zone_value: false +custom_code: +examples: + - name: 'dataplex_zone_primary' + primary_resource_id: 'example' + primary_resource_name: 'fmt.Sprintf("tf-test-lake%s", context["random_suffix"]), fmt.Sprintf("tf-test-zone%s", context["random_suffix"])' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: +properties: + - name: 'name' + type: String + description: | + Dummy property. + output: true diff --git a/mmv1/products/dataplex/go_product.yaml b/mmv1/products/dataplex/go_product.yaml new file mode 100644 index 000000000000..8993d5cc4eec --- /dev/null +++ b/mmv1/products/dataplex/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Dataplex' +display_name: 'Dataplex' +versions: + - name: 'ga' + base_url: 'https://dataplex.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/dataproc/go_AutoscalingPolicy.yaml b/mmv1/products/dataproc/go_AutoscalingPolicy.yaml new file mode 100644 index 000000000000..f0e4a513c67e --- /dev/null +++ b/mmv1/products/dataproc/go_AutoscalingPolicy.yaml @@ -0,0 +1,222 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AutoscalingPolicy' +description: | + Describes an autoscaling policy for Dataproc cluster autoscaler. +docs: +id_format: 'projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/autoscalingPolicies' +self_link: 'projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}' +import_format: + - 'projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'policies' +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'policy_id' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}' + - '{{policy_id}}' +custom_code: +examples: + - name: 'dataproc_autoscaling_policy_basic' + primary_resource_id: 'basic' + primary_resource_name: 'fmt.Sprintf("tf-test-dataproc-policy%s", context["random_suffix"])' + vars: + name: 'dataproc-policy' + skip_docs: true + - name: 'dataproc_autoscaling_policy' + primary_resource_id: 'asp' + vars: + name: 'dataproc-policy' +parameters: + - name: 'location' + type: String + description: | + The location where the autoscaling policy should reside. + The default value is `global`. + url_param_only: true + immutable: true + default_value: "global" +properties: + - name: 'policy_id' + type: String + description: | + The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + api_name: id + required: true + - name: 'name' + type: String + description: | + The "resource name" of the autoscaling policy. + output: true + - name: 'workerConfig' + type: NestedObject + description: | + Describes how the autoscaler will operate for primary workers. + properties: + - name: 'minInstances' + type: Integer + description: | + Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2. + default_value: 2 + - name: 'maxInstances' + type: Integer + description: | + Maximum number of instances for this group. + required: true + - name: 'weight' + type: Integer + description: | + Weight for the instance group, which is used to determine the fraction of total workers + in the cluster from this instance group. For example, if primary workers have weight 2, + and secondary workers have weight 1, the cluster will have approximately 2 primary workers + for each secondary worker. + + The cluster may not reach the specified balance if constrained by min/max bounds or other + autoscaling settings. For example, if maxInstances for secondary workers is 0, then only + primary workers will be added. The cluster can also be out of balance when created. + + If weight is not set on any instance group, the cluster will default to equal weight for + all groups: the cluster will attempt to maintain an equal number of workers in each group + within the configured size bounds for each group. If weight is set for one group only, + the cluster will default to zero weight on the unset group. For example if weight is set + only on primary workers, the cluster will use primary workers only and no secondary workers. + default_value: 1 + - name: 'secondaryWorkerConfig' + type: NestedObject + description: | + Describes how the autoscaler will operate for secondary workers. + properties: + - name: 'minInstances' + type: Integer + description: | + Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0. + at_least_one_of: + - 'secondary_worker_config.0.min_instances' + - 'secondary_worker_config.0.max_instances' + - 'secondary_worker_config.0.weight' + default_value: 0 + - name: 'maxInstances' + type: Integer + description: | + Maximum number of instances for this group. Note that by default, clusters will not use + secondary workers. Required for secondary workers if the minimum secondary instances is set. + Bounds: [minInstances, ). Defaults to 0. + at_least_one_of: + - 'secondary_worker_config.0.min_instances' + - 'secondary_worker_config.0.max_instances' + - 'secondary_worker_config.0.weight' + default_value: 0 + - name: 'weight' + type: Integer + description: | + Weight for the instance group, which is used to determine the fraction of total workers + in the cluster from this instance group. For example, if primary workers have weight 2, + and secondary workers have weight 1, the cluster will have approximately 2 primary workers + for each secondary worker. + + The cluster may not reach the specified balance if constrained by min/max bounds or other + autoscaling settings. For example, if maxInstances for secondary workers is 0, then only + primary workers will be added. The cluster can also be out of balance when created. + + If weight is not set on any instance group, the cluster will default to equal weight for + all groups: the cluster will attempt to maintain an equal number of workers in each group + within the configured size bounds for each group. If weight is set for one group only, + the cluster will default to zero weight on the unset group. For example if weight is set + only on primary workers, the cluster will use primary workers only and no secondary workers. + at_least_one_of: + - 'secondary_worker_config.0.min_instances' + - 'secondary_worker_config.0.max_instances' + - 'secondary_worker_config.0.weight' + default_value: 1 + - name: 'basicAlgorithm' + type: NestedObject + description: | + Basic algorithm for autoscaling. + properties: + - name: 'cooldownPeriod' + type: String + description: | + Duration between scaling events. A scaling period starts after the + update operation from the previous event has completed. + + Bounds: [2m, 1d]. Default: 2m. + default_value: "120s" + - name: 'yarnConfig' + type: NestedObject + description: | + YARN autoscaling configuration. + required: true + properties: + - name: 'gracefulDecommissionTimeout' + type: String + description: | + Timeout for YARN graceful decommissioning of Node Managers. Specifies the + duration to wait for jobs to complete before forcefully removing workers + (and potentially interrupting jobs). Only applicable to downscaling operations. + + Bounds: [0s, 1d]. + required: true + - name: 'scaleUpFactor' + type: Double + description: | + Fraction of average pending memory in the last cooldown period for which to + add workers. A scale-up factor of 1.0 will result in scaling up so that there + is no pending memory remaining after the update (more aggressive scaling). + A scale-up factor closer to 0 will result in a smaller magnitude of scaling up + (less aggressive scaling). + + Bounds: [0.0, 1.0]. + required: true + - name: 'scaleDownFactor' + type: Double + description: | + Fraction of average pending memory in the last cooldown period for which to + remove workers. A scale-down factor of 1 will result in scaling down so that there + is no available memory remaining after the update (more aggressive scaling). + A scale-down factor of 0 disables removing workers, which can be beneficial for + autoscaling a single job. + + Bounds: [0.0, 1.0]. + required: true + - name: 'scaleUpMinWorkerFraction' + type: Double + description: | + Minimum scale-up threshold as a fraction of total cluster size before scaling + occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster to scale. A threshold of + 0 means the autoscaler will scale up on any recommended change. + + Bounds: [0.0, 1.0]. Default: 0.0. + default_value: 0.0 + - name: 'scaleDownMinWorkerFraction' + type: Double + description: | + Minimum scale-down threshold as a fraction of total cluster size before scaling occurs. + For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must + recommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0 + means the autoscaler will scale down on any recommended change. + + Bounds: [0.0, 1.0]. Default: 0.0. + default_value: 0.0 diff --git a/mmv1/products/dataproc/go_product.yaml b/mmv1/products/dataproc/go_product.yaml new file mode 100644 index 000000000000..84783b9848aa --- /dev/null +++ b/mmv1/products/dataproc/go_product.yaml @@ -0,0 +1,24 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Dataproc' +display_name: 'Dataproc' +versions: + - name: 'ga' + base_url: 'https://dataproc.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://dataproc.googleapis.com/v1beta2/' +scopes: + - 'https://www.googleapis.com/auth/cloud-identity' diff --git a/mmv1/products/datastore/Index.yaml b/mmv1/products/datastore/Index.yaml index a88b121f13b9..1b21fdac10da 100644 --- a/mmv1/products/datastore/Index.yaml +++ b/mmv1/products/datastore/Index.yaml @@ -24,20 +24,29 @@ references: !ruby/object:Api::Resource::ReferenceLinks identity: - indexId description: | - Describes a composite index for Cloud Datastore. + Describes a composite index for Firestore in Datastore Mode. id_format: 'projects/{{project}}/indexes/{{index_id}}' error_retry_predicates: ['transport_tpg.DatastoreIndex409Contention'] autogen_async: true timeouts: !ruby/object:Api::Timeouts insert_minutes: 20 delete_minutes: 20 +deprecation_message: >- + `datastore_index` is deprecated and will be removed in a future major release. + Use `firestore_index` instead; this resource is deprecated because it only supports the (default) database. + `firestore_index` supports both Firestore in Datastore Mode and Firestore Native indexes and supports both + named and the (default) database. docs: !ruby/object:Provider::Terraform::Docs warning: | + `datastore_index` is deprecated and will be removed in a future major release. + Use `firestore_index` instead; this resource is deprecated because it only supports the (default) database. This resource creates a Datastore Index on a project that has already - enabled a Datastore-compatible database. If you haven't already enabled - one, you can create a `google_app_engine_application` resource with - `database_type` set to `"CLOUD_DATASTORE_COMPATIBILITY"` to do so. Your - Datastore location will be the same as the App Engine location specified. + enabled a Datastore-compatible database. If you haven't already created it, you may + create a `google_firestore_database` resource with `location_id` set + to your chosen location, and `type` set to `"DATASTORE_MODE"`. + If you wish to use App Engine, you may instead create a `google_app_engine_application` resource with + `database_type` set to `"CLOUD_DATASTORE_COMPATIBILITY"`. + Your Datastore location will be the same as the App Engine location specified. examples: - !ruby/object:Provider::Terraform::Examples name: 'datastore_index' diff --git a/mmv1/products/datastream/ConnectionProfile.yaml b/mmv1/products/datastream/ConnectionProfile.yaml index d1c9c8ed6338..7d4cbf28411d 100644 --- a/mmv1/products/datastream/ConnectionProfile.yaml +++ b/mmv1/products/datastream/ConnectionProfile.yaml @@ -74,7 +74,6 @@ examples: skip_test: true - !ruby/object:Provider::Terraform::Examples name: 'datastream_connection_profile_sql_server' - min_version: beta primary_resource_id: 'default' skip_test: true vars: @@ -321,7 +320,6 @@ properties: Database for the PostgreSQL connection. - !ruby/object:Api::Type::NestedObject name: 'sqlServerProfile' - min_version: beta exactly_one_of: - oracle_profile - gcs_profile diff --git a/mmv1/products/datastream/Stream.yaml b/mmv1/products/datastream/Stream.yaml index 621a0a342332..ce3fc2aba42d 100644 --- a/mmv1/products/datastream/Stream.yaml +++ b/mmv1/products/datastream/Stream.yaml @@ -109,7 +109,6 @@ examples: destination_connection_profile_id: 'destination-profile' - !ruby/object:Provider::Terraform::Examples name: 'datastream_stream_sql_server' - min_version: beta primary_resource_id: 'default' skip_test: true vars: @@ -159,6 +158,25 @@ examples: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' oics_vars_overrides: deletion_protection: 'false' + - !ruby/object:Provider::Terraform::Examples + name: 'datastream_stream_bigquery_append_only' + external_providers: ["random", "time"] + primary_resource_id: + 'default' + # Random provider + skip_vcr: true + vars: + stream_id: 'my-stream' + private_connection_id: 'my-connection' + network_name: 'my-network' + source_connection_profile_id: 'source-profile' + database_instance_name: 'my-instance' + deletion_protection: 'true' + destination_connection_profile_id: 'destination-profile' + test_vars_overrides: + deletion_protection: 'false' + oics_vars_overrides: + deletion_protection: 'false' parameters: - !ruby/object:Api::Type::String name: streamId @@ -794,7 +812,6 @@ properties: function: 'validation.IntAtLeast(0)' - !ruby/object:Api::Type::NestedObject name: 'sqlServerSourceConfig' - min_version: beta allow_empty_object: true send_empty_value: true exactly_one_of: @@ -1059,7 +1076,7 @@ properties: - destination_config.0.gcs_destination_config - destination_config.0.bigquery_destination_config description: | - A configuration for how data should be loaded to Cloud Storage. + A configuration for how data should be loaded to Google BigQuery. properties: - !ruby/object:Api::Type::String name: 'dataFreshness' @@ -1117,6 +1134,32 @@ properties: table. The BigQuery Service Account associated with your project requires access to this encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + - !ruby/object:Api::Type::NestedObject + name: 'merge' + send_empty_value: true + allow_empty_object: true + immutable: true + exactly_one_of: + - destination_config.0.bigquery_destination_config.0.merge + - destination_config.0.bigquery_destination_config.0.append_only + description: | + Merge mode defines that all changes to a table will be merged at the destination Google BigQuery + table. This is the default write mode. When selected, BigQuery reflects the way the data is stored + in the source database. With Merge mode, no historical record of the change events is kept. + properties: [] + - !ruby/object:Api::Type::NestedObject + name: 'appendOnly' + send_empty_value: true + allow_empty_object: true + immutable: true + exactly_one_of: + - destination_config.0.bigquery_destination_config.0.merge + - destination_config.0.bigquery_destination_config.0.append_only + description: | + AppendOnly mode defines that the stream of changes (INSERT, UPDATE-INSERT, UPDATE-DELETE and DELETE + events) to a source table will be written to the destination Google BigQuery table, retaining the + historical state of the data. + properties: [] - !ruby/object:Api::Type::String name: 'state' description: The state of the stream. @@ -1372,7 +1415,6 @@ properties: The ordinal position of the column in the table. - !ruby/object:Api::Type::NestedObject name: 'sqlServerExcludedObjects' - min_version: beta description: | SQL Server data source objects to avoid backfilling. properties: diff --git a/mmv1/products/datastream/go_ConnectionProfile.yaml b/mmv1/products/datastream/go_ConnectionProfile.yaml new file mode 100644 index 000000000000..20ac6ee464ea --- /dev/null +++ b/mmv1/products/datastream/go_ConnectionProfile.yaml @@ -0,0 +1,419 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ConnectionProfile' +description: | + A set of reusable connection configurations to be used as a source or destination for a stream. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-connection-profiles' + api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.connectionProfiles' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/connectionProfiles' +self_link: 'projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/connectionProfiles?connectionProfileId={{connection_profile_id}}&force={{create_without_validation}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'datastream_connection_profile_basic' + primary_resource_id: 'default' + vars: + connection_profile_id: 'my-profile' + - name: 'datastream_connection_profile_postgresql_private_connection' + primary_resource_id: 'default' + vars: + private_connection_id: 'my-connection' + connection_profile_id: 'my-profile' + network_name: 'my-network' + database_instance_name: 'my-instance' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'datastream_connection_profile_full' + primary_resource_id: 'default' + vars: + connection_profile_id: 'my-profile' + ignore_read_extra: + - 'forward_ssh_connectivity.0.password' + - name: 'datastream_connection_profile_postgres' + primary_resource_id: 'default' + vars: + connection_profile_id: 'my-profile' + database_instance_name: 'my-instance' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + skip_test: true + - name: 'datastream_connection_profile_sql_server' + primary_resource_id: 'default' + vars: + database_name: 'db' + database_password: 'password' + database_user: 'user' + deletion_protection: 'true' + source_connection_profile_id: 'source-profile' + sql_server_name: 'sql-server' + sql_server_root_password: 'root-password' + test_vars_overrides: + 'deletion_protection': 'false' + skip_test: true +parameters: + - name: 'connectionProfileId' + type: String + description: |- + The connection profile identifier. + url_param_only: true + required: true + immutable: true + - name: 'create_without_validation' + type: Boolean + description: |- + Create the connection profile without validating it. + url_param_only: true + required: false + immutable: true + default_value: false + - name: 'location' + type: String + description: | + The name of the location this connection profile is located in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: The resource's name. + output: true + - name: 'labels' + type: KeyValueLabels + description: Labels. + immutable: false + - name: 'displayName' + type: String + description: Display name. + required: true + - name: 'oracleProfile' + type: NestedObject + description: | + Oracle database profile. + exactly_one_of: + - 'oracle_profile' + - 'gcs_profile' + - 'mysql_profile' + - 'bigquery_profile' + - 'postgresql_profile' + - 'sql_server_profile' + properties: + - name: 'hostname' + type: String + description: | + Hostname for the Oracle connection. + required: true + - name: 'port' + type: Integer + description: | + Port for the Oracle connection. + default_value: 1521 + - name: 'username' + type: String + description: | + Username for the Oracle connection. + required: true + - name: 'password' + type: String + description: | + Password for the Oracle connection. + required: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_oracle_profile_password.go.tmpl' + - name: 'databaseService' + type: String + description: | + Database for the Oracle connection. + required: true + - name: 'connectionAttributes' + type: KeyValuePairs + description: Connection string attributes + - name: 'gcsProfile' + type: NestedObject + description: | + Cloud Storage bucket profile. + exactly_one_of: + - 'oracle_profile' + - 'gcs_profile' + - 'mysql_profile' + - 'bigquery_profile' + - 'postgresql_profile' + - 'sql_server_profile' + properties: + - name: 'bucket' + type: String + description: | + The Cloud Storage bucket name. + required: true + - name: 'rootPath' + type: String + description: | + The root path inside the Cloud Storage bucket. + - name: 'mysqlProfile' + type: NestedObject + description: | + MySQL database profile. + exactly_one_of: + - 'oracle_profile' + - 'gcs_profile' + - 'mysql_profile' + - 'bigquery_profile' + - 'postgresql_profile' + - 'sql_server_profile' + properties: + - name: 'hostname' + type: String + description: | + Hostname for the MySQL connection. + required: true + - name: 'port' + type: Integer + description: | + Port for the MySQL connection. + default_value: 3306 + - name: 'username' + type: String + description: | + Username for the MySQL connection. + required: true + - name: 'password' + type: String + description: | + Password for the MySQL connection. + required: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_mysql_profile_password.go.tmpl' + - name: 'sslConfig' + type: NestedObject + description: | + SSL configuration for the MySQL connection. + properties: + - name: 'clientKey' + type: String + description: | + PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_mysql_profile_ssl_config_client_key.go.tmpl' + - name: 'clientKeySet' + type: Boolean + description: | + Indicates whether the clientKey field is set. + output: true + - name: 'clientCertificate' + type: String + description: | + PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_mysql_profile_ssl_config_client_certificate.go.tmpl' + - name: 'clientCertificateSet' + type: Boolean + description: | + Indicates whether the clientCertificate field is set. + output: true + - name: 'caCertificate' + type: String + description: | + PEM-encoded certificate of the CA that signed the source database + server's certificate. + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_mysql_profile_ssl_config_ca_certificate.go.tmpl' + - name: 'caCertificateSet' + type: Boolean + description: | + Indicates whether the clientKey field is set. + output: true + - name: 'bigqueryProfile' + type: NestedObject + description: | + BigQuery warehouse profile. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'oracle_profile' + - 'gcs_profile' + - 'mysql_profile' + - 'bigquery_profile' + - 'postgresql_profile' + - 'sql_server_profile' + properties: + [] + - name: 'postgresqlProfile' + type: NestedObject + description: | + PostgreSQL database profile. + exactly_one_of: + - 'oracle_profile' + - 'gcs_profile' + - 'mysql_profile' + - 'bigquery_profile' + - 'postgresql_profile' + - 'sql_server_profile' + properties: + - name: 'hostname' + type: String + description: | + Hostname for the PostgreSQL connection. + required: true + - name: 'port' + type: Integer + description: | + Port for the PostgreSQL connection. + default_value: 5432 + - name: 'username' + type: String + description: | + Username for the PostgreSQL connection. + required: true + - name: 'password' + type: String + description: | + Password for the PostgreSQL connection. + required: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_postgresql_profile_password.go.tmpl' + - name: 'database' + type: String + description: | + Database for the PostgreSQL connection. + required: true + - name: 'sqlServerProfile' + type: NestedObject + description: | + SQL Server database profile. + exactly_one_of: + - 'oracle_profile' + - 'gcs_profile' + - 'mysql_profile' + - 'bigquery_profile' + - 'postgresql_profile' + - 'sql_server_profile' + properties: + - name: 'hostname' + type: String + description: | + Hostname for the SQL Server connection. + required: true + - name: 'port' + type: Integer + description: | + Port for the SQL Server connection. + default_value: 1433 + - name: 'username' + type: String + description: | + Username for the SQL Server connection. + required: true + - name: 'password' + type: String + description: | + Password for the SQL Server connection. + required: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_sql_server_profile_password.go.tmpl' + - name: 'database' + type: String + description: | + Database for the SQL Server connection. + required: true + - name: 'forwardSshConnectivity' + type: NestedObject + description: | + Forward SSH tunnel connectivity. + conflicts: + - private_connectivity + properties: + - name: 'hostname' + type: String + description: | + Hostname for the SSH tunnel. + required: true + - name: 'username' + type: String + description: | + Username for the SSH tunnel. + required: true + - name: 'port' + type: Integer + description: | + Port for the SSH tunnel. + default_value: 22 + - name: 'password' + type: String + description: | + SSH password. + immutable: true + sensitive: true + conflicts: + - forward_ssh_connectivity.0.private_key + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_forward_ssh_connectivity_password.go.tmpl' + - name: 'privateKey' + type: String + description: | + SSH private key. + immutable: true + sensitive: true + conflicts: + - forward_ssh_connectivity.0.password + custom_flatten: 'templates/terraform/custom_flatten/go/datastream_connection_profile_forward_ssh_connectivity_private_key.go.tmpl' + - name: 'privateConnectivity' + type: NestedObject + description: | + Private connectivity. + conflicts: + - forward_ssh_connectivity + properties: + - name: 'privateConnection' + type: String + description: | + A reference to a private connection resource. Format: `projects/{project}/locations/{location}/privateConnections/{name}` + required: true diff --git a/mmv1/products/datastream/go_PrivateConnection.yaml b/mmv1/products/datastream/go_PrivateConnection.yaml new file mode 100644 index 000000000000..af4658f81f78 --- /dev/null +++ b/mmv1/products/datastream/go_PrivateConnection.yaml @@ -0,0 +1,139 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PrivateConnection' +description: | + The PrivateConnection resource is used to establish private connectivity between Datastream and a customer's network. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-a-private-connectivity-configuration' + api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.privateConnections' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/privateConnections' +self_link: 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/privateConnections?privateConnectionId={{private_connection_id}}&force={{create_without_validation}}' +immutable: true +import_format: + - 'projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/private_connection.go.tmpl' + post_create: 'templates/terraform/post_create/go/private_connection.go.tmpl' + post_import: 'templates/terraform/post_import/go/private_connection.go.tmpl' +skip_sweeper: true +schema_version: 1 +state_upgraders: true +examples: + - name: 'datastream_private_connection_full' + primary_resource_id: 'default' + vars: + private_connection_id: 'my-connection' + network_name: 'my-network' +parameters: + - name: 'privateConnectionId' + type: String + description: |- + The private connectivity identifier. + url_param_only: true + required: true + immutable: true + - name: 'create_without_validation' + type: Boolean + description: |- + If set to true, will skip validations. + url_param_only: true + required: false + immutable: true + default_value: false + - name: 'location' + type: String + description: | + The name of the location this private connection is located in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: The resource's name. + output: true + - name: 'labels' + type: KeyValueLabels + description: Labels. + immutable: false + - name: 'displayName' + type: String + description: Display name. + required: true + - name: 'state' + type: Enum + description: | + State of the PrivateConnection. + output: true + enum_values: + - 'CREATING' + - 'CREATED' + - 'FAILED' + - 'DELETING' + - 'FAILED_TO_DELETE' + - name: 'error' + type: NestedObject + description: | + The PrivateConnection error in case of failure. + output: true + properties: + - name: 'message' + type: String + description: | + A message containing more information about the error that occurred. + - name: 'details' + type: KeyValuePairs + description: | + A list of messages that carry the error details. + - name: 'vpcPeeringConfig' + type: NestedObject + description: | + The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + required: true + properties: + - name: 'vpc' + type: String + description: | + Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name} + required: true + - name: 'subnet' + type: String + description: | + A free subnet for peering. (CIDR of /29) + required: true diff --git a/mmv1/products/datastream/go_Stream.yaml b/mmv1/products/datastream/go_Stream.yaml new file mode 100644 index 000000000000..13945cc00ad3 --- /dev/null +++ b/mmv1/products/datastream/go_Stream.yaml @@ -0,0 +1,1544 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Stream' +description: | + A resource representing streaming data from a source to a destination. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-a-stream' + api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.streams' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/streams/{{stream_id}}' +base_url: 'projects/{{project}}/locations/{{location}}/streams' +self_link: 'projects/{{project}}/locations/{{location}}/streams/{{stream_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/streams?streamId={{stream_id}}&force={{create_without_validation}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/streams/{{stream_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/datastream_stream.go.tmpl' + encoder: 'templates/terraform/encoders/go/datastream_stream.go.tmpl' + post_create: 'templates/terraform/post_create/go/datastream_stream.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/datastream_stream.go.tmpl' + post_update: 'templates/terraform/post_update/go/datastream_stream.go.tmpl' + post_import: 'templates/terraform/post_import/go/datastream_stream.go.tmpl' +custom_diff: + - 'resourceDatastreamStreamCustomDiff' +examples: + - name: 'datastream_stream_basic' + primary_resource_id: 'default' + vars: + stream_id: 'my-stream' + private_connection_id: 'my-connection' + network_name: 'my-network' + source_connection_profile_id: 'source-profile' + database_instance_name: 'my-instance' + deletion_protection: 'true' + bucket_name: 'my-bucket' + destination_connection_profile_id: 'destination-profile' + test_vars_overrides: + 'deletion_protection': 'false' + external_providers: ["random", "time"] + skip_docs: true + skip_vcr: true + - name: 'datastream_stream_full' + primary_resource_id: 'default' + vars: + stream_id: 'my-stream' + private_connection_id: 'my-connection' + network_name: 'my-network' + source_connection_profile_id: 'source-profile' + database_instance_name: 'my-instance' + deletion_protection: 'true' + bucket_name: 'my-bucket' + destination_connection_profile_id: 'destination-profile' + stream_cmek: 'kms-name' + test_vars_overrides: + 'deletion_protection': 'false' + 'stream_cmek': 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'datastream_stream_postgresql' + primary_resource_id: 'default' + vars: + stream_id: 'my-stream' + source_connection_profile_id: 'source-profile' + destination_connection_profile_id: 'destination-profile' + skip_test: true + - name: 'datastream_stream_oracle' + primary_resource_id: 'default' + vars: + stream_id: 'my-stream' + source_connection_profile_id: 'source-profile' + destination_connection_profile_id: 'destination-profile' + skip_test: true + - name: 'datastream_stream_sql_server' + primary_resource_id: 'default' + vars: + database_name: 'db' + database_password: 'password' + database_user: 'user' + deletion_protection: 'true' + destination_connection_profile_id: 'destination-profile' + source_connection_profile_id: 'source-profile' + sql_server_name: 'sql-server' + sql_server_root_password: 'root-password' + stream_id: 'stream' + test_vars_overrides: + 'deletion_protection': 'false' + skip_test: true + - name: 'datastream_stream_postgresql_bigquery_dataset_id' + primary_resource_id: 'default' + vars: + dataset_id: 'postgres' + stream_id: 'postgres-bigquery' + dest_connection_profile_id: 'dest-profile' + instance_name: 'instance-name' + sql_user_name: 'my-user' + source_connection_profile_id: 'source-profile' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'datastream_stream_bigquery' + primary_resource_id: 'default' + vars: + stream_id: 'my-stream' + private_connection_id: 'my-connection' + network_name: 'my-network' + source_connection_profile_id: 'source-profile' + database_instance_name: 'my-instance' + deletion_protection: 'true' + destination_connection_profile_id: 'destination-profile' + bigquery_destination_table_kms_key_name: 'bigquery-kms-name' + test_vars_overrides: + 'deletion_protection': 'false' + 'bigquery_destination_table_kms_key_name': 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + external_providers: ["random", "time"] + skip_vcr: true + - name: 'datastream_stream_bigquery_append_only' + primary_resource_id: 'default' + vars: + stream_id: 'my-stream' + private_connection_id: 'my-connection' + network_name: 'my-network' + source_connection_profile_id: 'source-profile' + database_instance_name: 'my-instance' + deletion_protection: 'true' + destination_connection_profile_id: 'destination-profile' + test_vars_overrides: + 'deletion_protection': 'false' + external_providers: ["random", "time"] + skip_vcr: true +virtual_fields: + - name: 'desired_state' + description: | + Desired state of the Stream. Set this field to `RUNNING` to start the stream, and `PAUSED` to pause the stream. + type: Enum + default_value: "NOT_STARTED" +parameters: + - name: 'streamId' + type: String + description: |- + The stream identifier. + url_param_only: true + required: true + immutable: true + - name: 'create_without_validation' + type: Boolean + description: |- + Create the stream without validating it. + url_param_only: true + required: false + immutable: true + default_value: false + - name: 'location' + type: String + description: | + The name of the location this stream is located in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: The stream's name. + output: true + - name: 'labels' + type: KeyValueLabels + description: Labels. + immutable: false + - name: 'displayName' + type: String + description: Display name. + required: true + - name: 'sourceConfig' + type: NestedObject + description: | + Source connection profile configuration. + required: true + properties: + - name: 'sourceConnectionProfile' + type: String + description: | + Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name} + required: true + immutable: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'mysqlSourceConfig' + type: NestedObject + description: | + MySQL data source configuration. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'source_config.0.mysql_source_config' + - 'source_config.0.oracle_source_config' + - 'source_config.0.postgresql_source_config' + - 'source_config.0.sql_server_source_config' + properties: + - name: 'includeObjects' + type: NestedObject + description: | + MySQL objects to retrieve from the source. + properties: + - name: 'mysqlDatabases' + type: Array + description: | + MySQL databases on the server + required: true + item_type: + description: | + MySQL database. + type: NestedObject + properties: + - name: 'database' + type: String + description: | + Database name. + required: true + - name: 'mysqlTables' + type: Array + description: | + Tables in the database. + item_type: + description: | + MySQL table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'mysqlColumns' + type: Array + description: | + MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + MySQL Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'collation' + type: String + description: | + Column collation. + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'excludeObjects' + type: NestedObject + description: | + MySQL objects to exclude from the stream. + properties: + - name: 'mysqlDatabases' + type: Array + description: | + MySQL databases on the server + required: true + item_type: + description: | + MySQL database. + type: NestedObject + properties: + - name: 'database' + type: String + description: | + Database name. + required: true + - name: 'mysqlTables' + type: Array + description: | + Tables in the database. + item_type: + description: | + MySQL table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'mysqlColumns' + type: Array + description: | + MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + MySQL Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'collation' + type: String + description: | + Column collation. + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'maxConcurrentCdcTasks' + type: Integer + description: | + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'maxConcurrentBackfillTasks' + type: Integer + description: | + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'oracleSourceConfig' + type: NestedObject + description: | + MySQL data source configuration. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'source_config.0.mysql_source_config' + - 'source_config.0.oracle_source_config' + - 'source_config.0.postgresql_source_config' + - 'source_config.0.sql_server_source_config' + properties: + - name: 'includeObjects' + type: NestedObject + description: | + Oracle objects to retrieve from the source. + properties: + - name: 'oracleSchemas' + type: Array + description: | + Oracle schemas/databases in the database server + required: true + item_type: + description: | + MySQL database. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Schema name. + required: true + - name: 'oracleTables' + type: Array + description: | + Tables in the database. + item_type: + description: | + Oracle table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'oracleColumns' + type: Array + description: | + Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + Oracle Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'encoding' + type: String + description: | + Column encoding. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + output: true + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + output: true + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + output: true + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'excludeObjects' + type: NestedObject + description: | + Oracle objects to exclude from the stream. + properties: + - name: 'oracleSchemas' + type: Array + description: | + Oracle schemas/databases in the database server + required: true + item_type: + description: | + MySQL database. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Schema name. + required: true + - name: 'oracleTables' + type: Array + description: | + Tables in the database. + item_type: + description: | + Oracle table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'oracleColumns' + type: Array + description: | + Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + Oracle Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'encoding' + type: String + description: | + Column encoding. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + output: true + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + output: true + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + output: true + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'maxConcurrentCdcTasks' + type: Integer + description: | + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'maxConcurrentBackfillTasks' + type: Integer + description: | + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'dropLargeObjects' + type: NestedObject + description: | + Configuration to drop large object values. + send_empty_value: true + allow_empty_object: true + properties: + [] + - name: 'streamLargeObjects' + type: NestedObject + description: | + Configuration to drop large object values. + send_empty_value: true + allow_empty_object: true + properties: + [] + - name: 'postgresqlSourceConfig' + type: NestedObject + description: | + PostgreSQL data source configuration. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'source_config.0.mysql_source_config' + - 'source_config.0.oracle_source_config' + - 'source_config.0.postgresql_source_config' + - 'source_config.0.sql_server_source_config' + properties: + - name: 'includeObjects' + type: NestedObject + description: | + PostgreSQL objects to retrieve from the source. + properties: + - name: 'postgresqlSchemas' + type: Array + description: | + PostgreSQL schemas on the server + required: true + item_type: + description: | + PostgreSQL schema. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Database name. + required: true + - name: 'postgresqlTables' + type: Array + description: | + Tables in the schema. + item_type: + description: | + PostgreSQL table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'postgresqlColumns' + type: Array + description: | + PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + PostgreSQL Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'excludeObjects' + type: NestedObject + description: | + PostgreSQL objects to exclude from the stream. + properties: + - name: 'postgresqlSchemas' + type: Array + description: | + PostgreSQL schemas on the server + required: true + item_type: + description: | + PostgreSQL schema. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Database name. + required: true + - name: 'postgresqlTables' + type: Array + description: | + Tables in the schema. + item_type: + description: | + PostgreSQL table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'postgresqlColumns' + type: Array + description: | + PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + PostgreSQL Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'replicationSlot' + type: String + description: | + The name of the logical replication slot that's configured with + the pgoutput plugin. + required: true + - name: 'publication' + type: String + description: | + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + required: true + - name: 'maxConcurrentBackfillTasks' + type: Integer + description: | + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'sqlServerSourceConfig' + type: NestedObject + description: | + SQL Server data source configuration. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'source_config.0.mysql_source_config' + - 'source_config.0.oracle_source_config' + - 'source_config.0.postgresql_source_config' + - 'source_config.0.sql_server_source_config' + properties: + - name: 'includeObjects' + type: NestedObject + description: | + SQL Server objects to retrieve from the source. + properties: + - name: 'schemas' + type: Array + description: | + SQL Server schemas/databases in the database server + required: true + item_type: + description: | + SQL Server database. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Schema name. + required: true + - name: 'tables' + type: Array + description: | + Tables in the database. + item_type: + description: | + SQL Server table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'columns' + type: Array + description: | + SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + SQL Server Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The SQL Server data type. Full data types list can be found here: + https://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16 + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + output: true + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + output: true + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + output: true + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'excludeObjects' + type: NestedObject + description: | + SQL Server objects to exclude from the stream. + properties: + - name: 'schemas' + type: Array + description: | + SQL Server schemas/databases in the database server + required: true + item_type: + description: | + SQL Server database. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Schema name. + required: true + - name: 'tables' + type: Array + description: | + Tables in the database. + item_type: + description: | + SQL Server table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'columns' + type: Array + description: | + SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + SQL Server Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The SQL Server data type. Full data types list can be found here: + https://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16 + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + output: true + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + output: true + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + output: true + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'maxConcurrentCdcTasks' + type: Integer + description: | + Max concurrent CDC tasks. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'maxConcurrentBackfillTasks' + type: Integer + description: | + Max concurrent backfill tasks. + default_from_api: true + send_empty_value: true + validation: + function: 'validation.IntAtLeast(0)' + - name: 'destinationConfig' + type: NestedObject + description: | + Destination connection profile configuration. + required: true + properties: + - name: 'destinationConnectionProfile' + type: String + description: | + Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name} + required: true + immutable: true + diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress' + - name: 'gcsDestinationConfig' + type: NestedObject + description: | + A configuration for how data should be loaded to Cloud Storage. + exactly_one_of: + - 'destination_config.0.gcs_destination_config' + - 'destination_config.0.bigquery_destination_config' + properties: + - name: 'path' + type: String + description: | + Path inside the Cloud Storage bucket to write data to. + - name: 'fileRotationMb' + type: Integer + description: | + The maximum file size to be saved in the bucket. + default_from_api: true + - name: 'fileRotationInterval' + type: String + description: | + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + default_from_api: true + - name: 'avroFileFormat' + type: NestedObject + description: | + AVRO file format configuration. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'destination_config.0.gcs_destination_config.0.avro_file_format' + - 'destination_config.0.gcs_destination_config.0.json_file_format' + properties: + [] + - name: 'jsonFileFormat' + type: NestedObject + description: | + JSON file format configuration. + exactly_one_of: + - 'destination_config.0.gcs_destination_config.0.avro_file_format' + - 'destination_config.0.gcs_destination_config.0.json_file_format' + properties: + - name: 'schemaFileFormat' + type: Enum + description: | + The schema file format along JSON data files. + enum_values: + - 'NO_SCHEMA_FILE' + - 'AVRO_SCHEMA_FILE' + - name: 'compression' + type: Enum + description: | + Compression of the loaded JSON file. + enum_values: + - 'NO_COMPRESSION' + - 'GZIP' + - name: 'bigqueryDestinationConfig' + type: NestedObject + description: | + A configuration for how data should be loaded to Google BigQuery. + exactly_one_of: + - 'destination_config.0.gcs_destination_config' + - 'destination_config.0.bigquery_destination_config' + properties: + - name: 'dataFreshness' + type: String + description: | + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + - name: 'singleTargetDataset' + type: NestedObject + description: | + A single target dataset to which all data will be streamed. + exactly_one_of: + - 'destination_config.0.bigquery_destination_config.0.single_target_dataset' + - 'destination_config.0.bigquery_destination_config.0.source_hierarchy_datasets' + properties: + - name: 'datasetId' + type: String + description: | + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id} + required: true + diff_suppress_func: 'resourceDatastreamStreamDatabaseIdDiffSuppress' + custom_expand: 'templates/terraform/custom_expand/go/datastream_stream_dataset_id.go.tmpl' + - name: 'sourceHierarchyDatasets' + type: NestedObject + description: | + Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy. + exactly_one_of: + - 'destination_config.0.bigquery_destination_config.0.single_target_dataset' + - 'destination_config.0.bigquery_destination_config.0.source_hierarchy_datasets' + properties: + - name: 'datasetTemplate' + type: NestedObject + description: | + Dataset template used for dynamic dataset creation. + required: true + properties: + - name: 'location' + type: String + description: | + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. + required: true + - name: 'datasetIdPrefix' + type: String + description: | + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + - name: 'kmsKeyName' + type: String + description: | + Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + immutable: true + - name: 'merge' + type: NestedObject + description: | + Merge mode defines that all changes to a table will be merged at the destination Google BigQuery + table. This is the default write mode. When selected, BigQuery reflects the way the data is stored + in the source database. With Merge mode, no historical record of the change events is kept. + immutable: true + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'destination_config.0.bigquery_destination_config.0.merge' + - 'destination_config.0.bigquery_destination_config.0.append_only' + properties: + [] + - name: 'appendOnly' + type: NestedObject + description: | + AppendOnly mode defines that the stream of changes (INSERT, UPDATE-INSERT, UPDATE-DELETE and DELETE + events) to a source table will be written to the destination Google BigQuery table, retaining the + historical state of the data. + immutable: true + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'destination_config.0.bigquery_destination_config.0.merge' + - 'destination_config.0.bigquery_destination_config.0.append_only' + properties: + [] + - name: 'state' + type: String + description: The state of the stream. + output: true + - name: 'backfillAll' + type: NestedObject + description: | + Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'backfill_all' + - 'backfill_none' + properties: + - name: 'mysqlExcludedObjects' + type: NestedObject + description: | + MySQL data source objects to avoid backfilling. + properties: + - name: 'mysqlDatabases' + type: Array + description: | + MySQL databases on the server + required: true + item_type: + description: | + MySQL database. + type: NestedObject + properties: + - name: 'database' + type: String + description: | + Database name. + required: true + - name: 'mysqlTables' + type: Array + description: | + Tables in the database. + item_type: + description: | + MySQL table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'mysqlColumns' + type: Array + description: | + MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + MySQL Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'collation' + type: String + description: | + Column collation. + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'postgresqlExcludedObjects' + type: NestedObject + description: | + PostgreSQL data source objects to avoid backfilling. + properties: + - name: 'postgresqlSchemas' + type: Array + description: | + PostgreSQL schemas on the server + required: true + item_type: + description: | + PostgreSQL schema. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Database name. + required: true + - name: 'postgresqlTables' + type: Array + description: | + Tables in the schema. + item_type: + description: | + PostgreSQL table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'postgresqlColumns' + type: Array + description: | + PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + PostgreSQL Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'oracleExcludedObjects' + type: NestedObject + description: | + PostgreSQL data source objects to avoid backfilling. + properties: + - name: 'oracleSchemas' + type: Array + description: | + Oracle schemas/databases in the database server + required: true + item_type: + description: | + MySQL database. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Schema name. + required: true + - name: 'oracleTables' + type: Array + description: | + Tables in the database. + item_type: + description: | + Oracle table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'oracleColumns' + type: Array + description: | + Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + Oracle Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'encoding' + type: String + description: | + Column encoding. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + output: true + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + output: true + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + output: true + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'sqlServerExcludedObjects' + type: NestedObject + description: | + SQL Server data source objects to avoid backfilling. + properties: + - name: 'schemas' + type: Array + description: | + SQL Server schemas/databases in the database server + required: true + item_type: + description: | + SQL Server database. + type: NestedObject + properties: + - name: 'schema' + type: String + description: | + Schema name. + required: true + - name: 'tables' + type: Array + description: | + Tables in the database. + item_type: + description: | + SQL Server table. + type: NestedObject + properties: + - name: 'table' + type: String + description: | + Table name. + required: true + - name: 'columns' + type: Array + description: | + SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: + description: | + SQL Server Column. + type: NestedObject + properties: + - name: 'column' + type: String + description: | + Column name. + - name: 'dataType' + type: String + description: | + The SQL Server data type. Full data types list can be found here: + https://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16 + - name: 'length' + type: Integer + description: | + Column length. + output: true + - name: 'precision' + type: Integer + description: | + Column precision. + output: true + - name: 'scale' + type: Integer + description: | + Column scale. + output: true + - name: 'primaryKey' + type: Boolean + description: | + Whether or not the column represents a primary key. + output: true + - name: 'nullable' + type: Boolean + description: | + Whether or not the column can accept a null value. + output: true + - name: 'ordinalPosition' + type: Integer + description: | + The ordinal position of the column in the table. + output: true + min_size: 1 + min_size: 1 + min_size: 1 + - name: 'backfillNone' + type: NestedObject + description: | + Backfill strategy to disable automatic backfill for the Stream's objects. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'backfill_all' + - 'backfill_none' + properties: + [] + - name: 'customerManagedEncryptionKey' + type: String + description: | + A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + immutable: true diff --git a/mmv1/products/datastream/go_product.yaml b/mmv1/products/datastream/go_product.yaml new file mode 100644 index 000000000000..faba08aae9b5 --- /dev/null +++ b/mmv1/products/datastream/go_product.yaml @@ -0,0 +1,36 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Datastream' +display_name: 'Datastream' +versions: + - name: 'ga' + base_url: 'https://datastream.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://datastream.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' +async: + type: "OpAsync" + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' diff --git a/mmv1/products/dialogflowcx/SecuritySettings.yaml b/mmv1/products/dialogflowcx/SecuritySettings.yaml index 1c4103c725d4..28c14d9f55d2 100644 --- a/mmv1/products/dialogflowcx/SecuritySettings.yaml +++ b/mmv1/products/dialogflowcx/SecuritySettings.yaml @@ -44,6 +44,8 @@ examples: project: :PROJECT_NAME id_format: 'projects/{{project}}/locations/{{location}}/securitySettings/{{name}}' import_format: ['projects/{{project}}/locations/{{location}}/securitySettings/{{name}}'] +custom_code: !ruby/object:Provider::Terraform::CustomCode + post_create: templates/terraform/post_create/sleep.go.erb properties: - !ruby/object:Api::Type::String name: 'name' diff --git a/mmv1/products/dialogflowcx/go_Agent.yaml b/mmv1/products/dialogflowcx/go_Agent.yaml new file mode 100644 index 000000000000..9fe47dc0d496 --- /dev/null +++ b/mmv1/products/dialogflowcx/go_Agent.yaml @@ -0,0 +1,216 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Agent' +description: | + Agents are best described as Natural Language Understanding (NLU) modules that transform user requests into actionable data. You can include agents in your app, product, or service to determine user intent and respond to the user in a natural way. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/agents/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/agents' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/agents/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +custom_code: +skip_sweeper: true +examples: + - name: 'dialogflowcx_agent_full' + primary_resource_id: 'full_agent' + vars: + agent_name: 'dialogflowcx-agent' + bucket_name: 'dialogflowcx-bucket' + ignore_read_extra: + - 'git_integration_settings.0.github_settings.0.access_token' +parameters: +properties: + - name: 'name' + type: String + description: | + The unique identifier of the agent. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'location' + type: String + description: | + The name of the location this agent is located in. + + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + url_param_only: true + required: true + immutable: true + - name: 'displayName' + type: String + description: | + The human-readable name of the agent, unique within the location. + required: true + - name: 'defaultLanguageCode' + type: String + description: | + The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + required: true + immutable: true + - name: 'supportedLanguageCodes' + type: Array + description: | + The list of all languages supported by this agent (except for the default_language_code). + item_type: + type: String + - name: 'timeZone' + type: String + description: | + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + required: true + - name: 'description' + type: String + description: | + The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. + validation: + function: 'validation.StringLenBetween(0, 500)' + - name: 'avatarUri' + type: String + description: | + The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. + - name: 'speechToTextSettings' + type: NestedObject + description: | + Settings related to speech recognition. + properties: + - name: 'enableSpeechAdaptation' + type: Boolean + description: | + Whether to use speech adaptation for speech recognition. + - name: 'startFlow' + type: String + description: | + Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/. + output: true + - name: 'securitySettings' + type: String + description: | + Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/. + - name: 'enableStackdriverLogging' + type: Boolean + description: | + Determines whether this agent should log conversation queries. + - name: 'enableSpellCorrection' + type: Boolean + description: | + Indicates if automatic spell correction is enabled in detect intent requests. + - name: 'advancedSettings' + type: NestedObject + description: | + Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + default_from_api: true + properties: + - name: 'audioExportGcsDestination' + type: NestedObject + description: | + If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + * Agent level + * Flow level + properties: + - name: 'uri' + type: String + description: | + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + - name: 'dtmfSettings' + type: NestedObject + description: | + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + * Agent level + * Flow level + * Page level + * Parameter level + properties: + - name: 'enabled' + type: Boolean + description: | + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + - name: 'maxDigits' + type: Integer + description: | + Max length of DTMF digits. + - name: 'finishDigit' + type: String + description: | + The digit that terminates a DTMF digit sequence. + - name: 'gitIntegrationSettings' + type: NestedObject + description: | + Git integration settings for this agent. + allow_empty_object: true + properties: + - name: 'githubSettings' + type: NestedObject + description: | + Settings of integration with GitHub. + custom_flatten: 'templates/terraform/custom_flatten/go/dialogflowcx_agent_git_integration_settings_github_settings.go.tmpl' + properties: + - name: 'displayName' + type: String + description: | + The unique repository display name for the GitHub repository. + - name: 'repositoryUri' + type: String + description: | + The GitHub repository URI related to the agent. + - name: 'trackingBranch' + type: String + description: | + The branch of the GitHub repository tracked for this agent. + - name: 'accessToken' + type: String + description: | + The access token used to authenticate the access to the GitHub repository. + ignore_read: true + sensitive: true + - name: 'branches' + type: Array + description: | + A list of branches configured to be used from Dialogflow. + item_type: + type: String + - name: 'textToSpeechSettings' + type: NestedObject + description: | + Settings related to speech synthesizing. + allow_empty_object: true + properties: + - name: 'synthesizeSpeechConfigs' + type: String + description: | + Configuration of how speech should be synthesized, mapping from [language](https://cloud.google.com/dialogflow/cx/docs/reference/language) to [SynthesizeSpeechConfig](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents#synthesizespeechconfig). + These settings affect: + * The phone gateway synthesize configuration set via Agent.text_to_speech_settings. + * How speech is synthesized when invoking session APIs. `Agent.text_to_speech_settings` only applies if `OutputAudioConfig.synthesize_speech_config` is not specified. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' diff --git a/mmv1/products/dialogflowcx/go_EntityType.yaml b/mmv1/products/dialogflowcx/go_EntityType.yaml new file mode 100644 index 000000000000..b82842e7ccbc --- /dev/null +++ b/mmv1/products/dialogflowcx/go_EntityType.yaml @@ -0,0 +1,141 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EntityType' +description: | + Entities are extracted from user input and represent parameters that are meaningful to your application. + For example, a date range, a proper name such as a geographic location or landmark, and so on. Entities represent actionable data for your application. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.entityTypes' +docs: +id_format: '{{parent}}/entityTypes/{{name}}' +base_url: '{{parent}}/entityTypes' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{parent}}/entityTypes/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_read: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_update: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_delete: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/dialogflowcx_entity_type.go.tmpl' +skip_sweeper: true +examples: + - name: 'dialogflowcx_entity_type_full' + primary_resource_id: 'basic_entity_type' + vars: + agent_name: 'dialogflowcx-agent' +parameters: + - name: 'parent' + type: String + description: | + The agent to create a entity type for. + Format: projects//locations//agents/. + url_param_only: true + immutable: true + - name: 'languageCode' + type: String + description: | + The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The human-readable name of the entity type, unique within the agent. + required: true + validation: + function: 'validation.StringLenBetween(0, 64)' + - name: 'kind' + type: Enum + description: | + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. + required: true + enum_values: + - 'KIND_MAP' + - 'KIND_LIST' + - 'KIND_REGEXP' + - name: 'autoExpansionMode' + type: Enum + description: | + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. + enum_values: + - 'AUTO_EXPANSION_MODE_DEFAULT' + - 'AUTO_EXPANSION_MODE_UNSPECIFIED' + - name: 'entities' + type: Array + description: | + The collection of entity entries associated with the entity type. + required: true + item_type: + type: NestedObject + properties: + - name: 'value' + type: String + description: | + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + - name: 'synonyms' + type: Array + description: | + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + item_type: + type: String + - name: 'excludedPhrases' + type: Array + description: | + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + item_type: + type: NestedObject + properties: + - name: 'value' + type: String + description: | + The word or phrase to be excluded. + - name: 'enableFuzzyExtraction' + type: Boolean + description: | + Enables fuzzy entity extraction during classification. + - name: 'redact' + type: Boolean + description: | + Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging. diff --git a/mmv1/products/dialogflowcx/go_Environment.yaml b/mmv1/products/dialogflowcx/go_Environment.yaml new file mode 100644 index 000000000000..c9b61f4288fe --- /dev/null +++ b/mmv1/products/dialogflowcx/go_Environment.yaml @@ -0,0 +1,119 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Environment' +description: | + Represents an environment for an agent. You can create multiple versions of your agent and publish them to separate environments. + When you edit an agent, you are editing the draft agent. At any point, you can save the draft agent as an agent version, which is an immutable snapshot of your agent. + When you save the draft agent, it is published to the default environment. When you create agent versions, you can publish them to custom environments. You can create a variety of custom environments for testing, development, production, etc. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.environments' +docs: +id_format: '{{parent}}/environments/{{name}}' +base_url: '{{parent}}/environments' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{parent}}/environments/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +async: + actions: ['create', 'update'] + type: 'OpAsync' + operation: + full_url: 'https://{{location}}-dialogflow.googleapis.com/v3/{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 20 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + pre_create: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_read: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_update: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_delete: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/dialogflowcx_environment.go.tmpl' +custom_diff: + - 'tpgresource.DefaultProviderProject' +skip_sweeper: true +examples: + - name: 'dialogflowcx_environment_full' + primary_resource_id: 'development' + vars: + agent_name: 'dialogflowcx-agent' + - name: 'dialogflowcx_environment_regional' + primary_resource_id: 'development' + vars: + agent_name: 'issue-12880' + skip_docs: true +parameters: + - name: 'parent' + type: String + description: | + The Agent to create an Environment for. + Format: projects//locations//agents/. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The name of the environment. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The human-readable name of the environment (unique in an agent). Limit of 64 characters. + required: true + validation: + function: 'validation.StringLenBetween(0, 64)' + - name: 'description' + type: String + description: | + The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected. + validation: + function: 'validation.StringLenBetween(0, 500)' + - name: 'versionConfigs' + type: Array + description: | + A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned. + required: true + item_type: + type: NestedObject + properties: + - name: 'version' + type: String + description: | + Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}. + required: true + - name: 'updateTime' + type: Time + description: + 'Update time of this environment. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' + output: true diff --git a/mmv1/products/dialogflowcx/go_Flow.yaml b/mmv1/products/dialogflowcx/go_Flow.yaml new file mode 100644 index 000000000000..d06bb82ed8b1 --- /dev/null +++ b/mmv1/products/dialogflowcx/go_Flow.yaml @@ -0,0 +1,586 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Flow' +description: | + Flows represents the conversation flows when you build your chatbot agent. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows' +docs: +id_format: '{{parent}}/flows/{{name}}' +base_url: '{{parent}}/flows' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{parent}}/flows/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/pre_create/go/dialogflowcx_set_location_skip_default_obj.go.tmpl' + pre_read: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_update: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/dialogflowcx_set_location_skip_default_obj.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/dialogflowcx_flow.go.tmpl' +skip_sweeper: true +examples: + - name: 'dialogflowcx_flow_basic' + primary_resource_id: 'basic_flow' + vars: + agent_name: 'dialogflowcx-agent' + - name: 'dialogflowcx_flow_full' + primary_resource_id: 'basic_flow' + vars: + agent_name: 'dialogflowcx-agent' + bucket_name: 'dialogflowcx-bucket' + - name: 'dialogflowcx_flow_default_start_flow' + primary_resource_id: 'default_start_flow' + vars: + agent_name: 'dialogflowcx-agent' + skip_docs: true +virtual_fields: + - name: 'is_default_start_flow' + description: | + Marks this as the [Default Start Flow](https://cloud.google.com/dialogflow/cx/docs/concept/flow#start) for an agent. When you create an agent, the Default Start Flow is created automatically. + The Default Start Flow cannot be deleted; deleting the `google_dialogflow_cx_flow` resource does nothing to the underlying GCP resources. + + ~> Avoid having multiple `google_dialogflow_cx_flow` resources linked to the same agent with `is_default_start_flow = true` because they will compete to control a single Default Start Flow resource in GCP. + type: Boolean + immutable: true +parameters: + - name: 'parent' + type: String + description: | + The agent to create a flow for. + Format: projects//locations//agents/. + url_param_only: true + immutable: true + - name: 'languageCode' + type: String + description: | + The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true +properties: + - name: 'name' + type: String + description: | + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The human-readable name of the flow. + required: true + - name: 'description' + type: String + description: | + The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. + validation: + function: 'validation.StringLenBetween(0, 500)' + - name: 'transitionRoutes' + type: Array + description: | + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The unique identifier of this transition route. + output: true + - name: 'intent' + type: String + description: | + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - name: 'condition' + type: String + description: | + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - name: 'triggerFulfillment' + type: NestedObject + description: | + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'targetPage' + type: String + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - name: 'targetFlow' + type: String + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - name: 'eventHandlers' + type: Array + description: | + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + default_from_api: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The unique identifier of this event handler. + output: true + - name: 'event' + type: String + description: | + The name of the event to handle. + - name: 'triggerFulfillment' + type: NestedObject + description: | + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'targetPage' + type: String + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - name: 'targetFlow' + type: String + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - name: 'transitionRouteGroups' + type: Array + description: | + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + item_type: + type: String + - name: 'nluSettings' + type: NestedObject + description: | + NLU related settings of the flow. + properties: + - name: 'modelType' + type: Enum + description: | + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. + enum_values: + - 'MODEL_TYPE_STANDARD' + - 'MODEL_TYPE_ADVANCED' + - name: 'classificationThreshold' + type: Double + description: | + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + - name: 'modelTrainingMode' + type: Enum + description: | + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. + enum_values: + - 'MODEL_TRAINING_MODE_AUTOMATIC' + - 'MODEL_TRAINING_MODE_MANUAL' + - name: 'advancedSettings' + type: NestedObject + description: | + Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + properties: + - name: 'audioExportGcsDestination' + type: NestedObject + description: | + If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels: + * Agent level + * Flow level + properties: + - name: 'uri' + type: String + description: | + The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation. + Format: gs://bucket/object-name-or-prefix + - name: 'dtmfSettings' + type: NestedObject + description: | + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + * Agent level + * Flow level + * Page level + * Parameter level + properties: + - name: 'enabled' + type: Boolean + description: | + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + - name: 'maxDigits' + type: Integer + description: | + Max length of DTMF digits. + - name: 'finishDigit' + type: String + description: | + The digit that terminates a DTMF digit sequence. diff --git a/mmv1/products/dialogflowcx/go_Intent.yaml b/mmv1/products/dialogflowcx/go_Intent.yaml new file mode 100644 index 000000000000..7d027647d9e3 --- /dev/null +++ b/mmv1/products/dialogflowcx/go_Intent.yaml @@ -0,0 +1,193 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Intent' +description: | + An intent represents a user's intent to interact with a conversational agent. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents' +docs: +id_format: '{{parent}}/intents/{{name}}' +base_url: '{{parent}}/intents' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{parent}}/intents/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/pre_create/go/dialogflowcx_set_location_skip_default_obj.go.tmpl' + pre_read: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_update: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/dialogflowcx_set_location_skip_default_obj.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/dialogflowcx_intent.go.tmpl' +skip_sweeper: true +examples: + - name: 'dialogflowcx_intent_full' + primary_resource_id: 'basic_intent' + vars: + agent_name: 'dialogflowcx-agent' + - name: 'dialogflowcx_intent_default_negative_intent' + primary_resource_id: 'default_negative_intent' + vars: + agent_name: 'dialogflowcx-agent' + skip_docs: true + - name: 'dialogflowcx_intent_default_welcome_intent' + primary_resource_id: 'default_welcome_intent' + vars: + agent_name: 'dialogflowcx-agent' + skip_docs: true +virtual_fields: + - name: 'is_default_welcome_intent' + description: | + Marks this as the [Default Welcome Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#welcome) for an agent. When you create an agent, a Default Welcome Intent is created automatically. + The Default Welcome Intent cannot be deleted; deleting the `google_dialogflow_cx_intent` resource does nothing to the underlying GCP resources. + + ~> Avoid having multiple `google_dialogflow_cx_intent` resources linked to the same agent with `is_default_welcome_intent = true` because they will compete to control a single Default Welcome Intent resource in GCP. + type: Boolean + immutable: true + - name: 'is_default_negative_intent' + description: | + Marks this as the [Default Negative Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#negative) for an agent. When you create an agent, a Default Negative Intent is created automatically. + The Default Negative Intent cannot be deleted; deleting the `google_dialogflow_cx_intent` resource does nothing to the underlying GCP resources. + + ~> Avoid having multiple `google_dialogflow_cx_intent` resources linked to the same agent with `is_default_negative_intent = true` because they will compete to control a single Default Negative Intent resource in GCP. + type: Boolean + immutable: true +parameters: + - name: 'parent' + type: String + description: | + The agent to create an intent for. + Format: projects//locations//agents/. + url_param_only: true + immutable: true + - name: 'languageCode' + type: String + description: | + The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true +properties: + - name: 'name' + type: String + description: | + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The human-readable name of the intent, unique within the agent. + required: true + validation: + function: 'validation.StringLenBetween(0, 64)' + - name: 'trainingPhrases' + type: Array + description: | + The collection of training phrases the agent is trained on to identify the intent. + item_type: + type: NestedObject + properties: + - name: 'id' + type: String + description: | + The unique identifier of the training phrase. + output: true + - name: 'parts' + type: Array + description: | + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + required: true + item_type: + type: NestedObject + properties: + - name: 'text' + type: String + description: | + The text for this part. + required: true + - name: 'parameterId' + type: String + description: | + The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase. + - name: 'repeatCount' + type: Integer + description: | + Indicates how many times this example was added to the intent. + - name: 'parameters' + type: Array + description: | + The collection of parameters associated with the intent. + item_type: + type: NestedObject + properties: + - name: 'id' + type: String + description: | + The unique identifier of the parameter. This field is used by training phrases to annotate their parts. + required: true + - name: 'entityType' + type: String + description: | + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + required: true + - name: 'isList' + type: Boolean + description: | + Indicates whether the parameter represents a list of values. + - name: 'redact' + type: Boolean + description: | + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + - name: 'priority' + type: Integer + description: | + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + - name: 'isFallback' + type: Boolean + description: | + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + To manage the fallback intent, set `is_default_negative_intent = true` + - name: 'labels' + type: KeyValueLabels + description: | + The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes. + Prefix "sys-" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. "sys-head" means the intent is a head intent. "sys.contextual" means the intent is a contextual intent. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + immutable: false + - name: 'description' + type: String + description: | + Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters. + validation: + function: 'validation.StringLenBetween(0, 140)' diff --git a/mmv1/products/dialogflowcx/go_Page.yaml b/mmv1/products/dialogflowcx/go_Page.yaml new file mode 100644 index 000000000000..11ea0268d8d7 --- /dev/null +++ b/mmv1/products/dialogflowcx/go_Page.yaml @@ -0,0 +1,1149 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Page' +description: | + A Dialogflow CX conversation (session) can be described and visualized as a state machine. The states of a CX session are represented by pages. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages' +docs: +id_format: '{{parent}}/pages/{{name}}' +base_url: '{{parent}}/pages' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{parent}}/pages/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_read: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_update: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + pre_delete: 'templates/terraform/pre_create/go/dialogflow_set_location.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/dialogflowcx_page.go.tmpl' +skip_sweeper: true +examples: + - name: 'dialogflowcx_page_full' + primary_resource_id: 'basic_page' + vars: + agent_name: 'dialogflowcx-agent' +parameters: + - name: 'parent' + type: String + description: | + The flow to create a page for. + Format: projects//locations//agents//flows/. + url_param_only: true + immutable: true + - name: 'languageCode' + type: String + description: | + The language of the following fields in page: + + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true +properties: + - name: 'name' + type: String + description: | + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The human-readable name of the page, unique within the agent. + required: true + validation: + function: 'validation.StringLenBetween(0, 64)' + - name: 'entryFulfillment' + type: NestedObject + description: | + The fulfillment to call when the session is entering the page. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'form' + type: NestedObject + description: | + The form associated with the page, used for collecting parameters relevant to the page. + properties: + - name: 'parameters' + type: Array + description: | + Parameters to collect from the user. + item_type: + type: NestedObject + properties: + - name: 'displayName' + type: String + description: | + The human-readable name of the parameter, unique within the form. + - name: 'required' + type: Boolean + description: | + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + - name: 'entityType' + type: String + description: | + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + - name: 'isList' + type: Boolean + description: | + Indicates whether the parameter represents a list of values. + - name: 'fillBehavior' + type: NestedObject + description: | + Defines fill behavior for the parameter. + properties: + - name: 'initialPromptFulfillment' + type: NestedObject + description: | + The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'repromptEventHandlers' + type: Array + description: | + The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: + * sys.no-match-, where N can be from 1 to 6 + * sys.no-match-default + * sys.no-input-, where N can be from 1 to 6 + * sys.no-input-default + * sys.invalid-parameter + [initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter. + If the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on. + A sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed. + A sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt. + If the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The unique identifier of this event handler. + output: true + - name: 'event' + type: String + description: | + The name of the event to handle. + - name: 'triggerFulfillment' + type: NestedObject + description: | + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'targetPage' + type: String + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - name: 'targetFlow' + type: String + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + # This can be an arbitrary value, so we use a string instead of a NestedObject. + - name: 'defaultValue' + type: String + description: | + The default value of an optional parameter. If the parameter is required, the default value will be ignored. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'redact' + type: Boolean + description: | + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + - name: 'advancedSettings' + type: NestedObject + description: | + Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + properties: + - name: 'dtmfSettings' + type: NestedObject + description: | + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + * Agent level + * Flow level + * Page level + * Parameter level + properties: + - name: 'enabled' + type: Boolean + description: | + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + - name: 'maxDigits' + type: Integer + description: | + Max length of DTMF digits. + - name: 'finishDigit' + type: String + description: | + The digit that terminates a DTMF digit sequence. + - name: 'transitionRouteGroups' + type: Array + description: | + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + item_type: + type: String + - name: 'transitionRoutes' + type: Array + description: | + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The unique identifier of this transition route. + output: true + - name: 'intent' + type: String + description: | + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - name: 'condition' + type: String + description: | + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - name: 'triggerFulfillment' + type: NestedObject + description: | + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'targetPage' + type: String + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - name: 'targetFlow' + type: String + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - name: 'eventHandlers' + type: Array + description: | + Handlers associated with the page to handle events such as webhook errors, no match or no input. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The unique identifier of this event handler. + output: true + - name: 'event' + type: String + description: | + The name of the event to handle. + - name: 'triggerFulfillment' + type: NestedObject + description: | + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + properties: + - name: 'messages' + type: Array + description: | + The list of rich message responses to present to the user. + item_type: + type: NestedObject + properties: + - name: 'channel' + type: String + description: | + The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned. + - name: 'text' + type: NestedObject + description: | + The text response message. + properties: + - name: 'text' + type: Array + description: | + A collection of text responses. + item_type: + type: String + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + # This can be an arbitrary json blob, so we use a string instead of a NestedObject. + output: true + - name: 'payload' + type: String + description: | + A custom, platform-specific payload. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conversationSuccess' + type: NestedObject + description: | + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'outputAudioText' + type: NestedObject + description: | + A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message. + properties: + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'text' + type: String + description: | + The raw text to be synthesized. + - name: 'ssml' + type: String + description: | + The SSML text to be synthesized. For more information, see SSML. + - name: 'liveAgentHandoff' + type: NestedObject + description: | + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + - name: 'metadata' + type: String + description: | + Custom metadata. Dialogflow doesn't impose any structure on this. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'playAudio' + type: NestedObject + description: | + Specifies an audio clip to be played by the client as part of the response. + properties: + - name: 'audioUri' + type: String + description: | + URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it. + required: true + - name: 'allowPlaybackInterruption' + type: Boolean + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + output: true + - name: 'telephonyTransferCall' + type: NestedObject + description: | + Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint. + properties: + - name: 'phoneNumber' + type: String + description: | + Transfer the call to a phone number in E.164 format. + required: true + - name: 'webhook' + type: String + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - name: 'returnPartialResponses' + type: Boolean + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - name: 'tag' + type: String + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - name: 'setParameterActions' + type: Array + description: | + Set parameter values before executing the webhook. + item_type: + type: NestedObject + properties: + - name: 'parameter' + type: String + description: | + Display name of the parameter. + - name: 'value' + type: String + description: | + The new JSON-encoded value of the parameter. A null value clears the parameter. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'conditionalCases' + type: Array + description: | + Conditional cases for this fulfillment. + item_type: + type: NestedObject + properties: + - name: 'cases' + type: String + description: | + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_value.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'targetPage' + type: String + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - name: 'targetFlow' + type: String + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - name: 'advancedSettings' + type: NestedObject + description: | + Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level. + Hierarchy: Agent->Flow->Page->Fulfillment/Parameter. + properties: + - name: 'dtmfSettings' + type: NestedObject + description: | + Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + * Agent level + * Flow level + * Page level + * Parameter level + properties: + - name: 'enabled' + type: Boolean + description: | + If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a "3" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance). + - name: 'maxDigits' + type: Integer + description: | + Max length of DTMF digits. + - name: 'finishDigit' + type: String + description: | + The digit that terminates a DTMF digit sequence. diff --git a/mmv1/products/dialogflowcx/go_SecuritySettings.yaml b/mmv1/products/dialogflowcx/go_SecuritySettings.yaml new file mode 100644 index 000000000000..83c3adc6497d --- /dev/null +++ b/mmv1/products/dialogflowcx/go_SecuritySettings.yaml @@ -0,0 +1,167 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SecuritySettings' +description: | + Represents the settings related to security issues, such as data redaction and data retention. It may take hours for updates on the settings to propagate to all the related components and take effect. + Multiple security settings can be configured in each location. Each agent can specify the security settings to apply, and each setting can be applied to multiple agents in the same project and location. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.securitySettings' +docs: +id_format: 'projects/{{project}}/locations/{{location}}/securitySettings/{{name}}' +base_url: 'projects/{{project}}/locations/{{location}}/securitySettings' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/securitySettings/{{name}}' +timeouts: + insert_minutes: 40 + update_minutes: 40 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/sleep.go.tmpl' +examples: + - name: 'dialogflowcx_security_settings_basic' + primary_resource_id: 'basic_security_settings' + vars: + settings_name: 'dialogflowcx-security-settings' + - name: 'dialogflowcx_security_settings_full' + primary_resource_id: 'basic_security_settings' + vars: + inspect_name: 'dialogflowcx-inspect-template' + deidentify_name: 'dialogflowcx-deidentify-template' + settings_name: 'dialogflowcx-security-settings' + bucket_name: 'dialogflowcx-bucket' + test_env_vars: + project: 'PROJECT_NAME' +parameters: +properties: + - name: 'name' + type: String + description: | + The unique identifier of the settings. + Format: projects//locations//securitySettings/. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'location' + type: String + description: | + The location these settings are located in. Settings can only be applied to an agent in the same location. + See [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations. + url_param_only: true + required: true + immutable: true + - name: 'displayName' + type: String + description: | + The human-readable name of the security settings, unique within the location. + required: true + - name: 'redactionStrategy' + type: Enum + description: | + Defines how we redact data. If not set, defaults to not redacting. + * REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted. + enum_values: + - 'REDACT_WITH_SERVICE' + - name: 'redactionScope' + type: Enum + description: | + Defines what types of data to redact. If not set, defaults to not redacting any kind of data. + * REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk. + enum_values: + - 'REDACT_DISK_STORAGE' + - name: 'inspectTemplate' + type: String + description: | + [DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config. + Note: inspectTemplate must be located in the same region as the SecuritySettings. + Format: projects//locations//inspectTemplates/